I am working on incorporating bully wps pin cracking program in revdk3 script (95% completed)....I notice mac spoofing is affecting proper functioning of bully as compared to reaver (works well with mac spoofing with a -N argument fix )... a little scared of this (still thinking...)...your suggestions are welcomed..

****************ReVdK3-r2 (Revision 2)********************************
Download Link
http://www56.zippyshare.com/v/UZrMxTtZ/file.html

I have revised the script for those who prefer to use bully wps pin cracker. Now you have two options for pin cracking either reaver 1.4 or bully

Dependency checks:
the program checks to see if you have the following are installed so that the script can function well
[1] reaver
[2] bully (if you are using)
[3] mdk3
[4] aireplay-ng
[5] gnome-terminal
[5] timeout

Possbily the last revision of the script since new access points are getting invulnerable to the attacks...however i will experiment new attacks and see if they are effective for rebooting APs :D..best of luck ReVdK3 users!..:D

Credit to my friend WaLkZ and others who prefer bully wps pin cracker

Sweet brother! Nice work, i love this script. Pathetic there is over 430 views and no comments

Sweet cool Ty repzeroworld. I was wondering where/how do u install timeout command and bully to back track 5 r3

Sweet cool Ty repzeroworld. I was wondering where/how do u install timeout command and bully to back track 5 r3

Thank you

Get an update of all packages and install timeout command


apt-get update && apt-get install timeout

I don't know if Backtrack repositories are still being updated (cannot say if bully is in the repo).If bully is in the repository, after
apt-get update..you can try


apt-get install bully

If bully is not in the repository, you can source from github


wget https://github.com/Lrs121/bully/archive/master.zip
unzip '/root/master.zip'
cd bully-master/src/ && make && make install

To remove program

cd bully-master/src/ && make uninstall
or

rm -f /usr/local/bin/bully

Oh ok ty repzeroworld, yea backtrack repositories isnt that up to date but im sure it is runnable, there a way I can download the files manually?

Oh ok ty repzeroworld, yea backtrack repositories isnt that up to date but im sure it is runnable, there a way I can download the files manually?

for bully

try https://github.com/Lrs121/bully/archive/master.zip in your browser...you will see pop up box to download...after download..unzip and install

for the timeout command...it is wise to download timeout command from bactrack repository


apt-get update
apt-get install timeout

Reason being is that the timeout command may depend on other packages not installed on your OS. getting the timeout command using the above will automatcally check and install any dependent packages for timeout.

the timeout command should be in the backtrack repo based on the feedback I got...do give me an update if this is not anymore in the repo..

for bully

try https://github.com/Lrs121/bully/archive/master.zip in your browser...you will see pop up box to download...after download..unzip and install

for the timeout command...it is wise to download timeout command from bactrack repository


apt-get update
apt-get install timeout

Reason being is that the timeout command may depend on other packages not installed on your OS. getting the timeout command using the above will automatcally check and install any dependent packages for timeout.

the timeout command should be in the backtrack repo based on the feedback I got...do give me an update if this is not anymore in the repo..

My contrib:
-------------------------------------------------------------------------------------------------
E: Package 'timeout' has no installation candidate
However the following packages replace it:
coreutils
so:

apt-get update
apt-get install coreutils

About bully:
http://http.kali.org/pool/main/b/bully/bully_1.0-22-0kali1_amd64.deb

-------------------------------------------------------------------------------------------------

My question

I'd like to know about Attack modes: How to decide which attack mode is the best in each situation?

x[1] Authentication DoS Flood Attack x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx
x[2] EAPOL Start Flood Attack x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx
x[3] EAPOL log off Flood Attack x
-------------------------------------------------------------------------------------------------
Congratulations and Tanks !

My contrib:
My question

I'd like to know about Attack modes: How to decide which attack mode is the best in each situation?

x[1] Authentication DoS Flood Attack x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx
x[2] EAPOL Start Flood Attack x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx
x[3] EAPOL log off Flood Attack x
-------------------------------------------------------------------------------------------------
Congratulations and Tanks !

Thank you for your Wonderful contribution to an alternative way of sourcing the mentioned packages..Attacks..which attack is best will depend on the degree of invulnerability of your victim's device...some devices are invulnerable to all of the attacks above, while others are not immune to one or more attacks...A good idea is to test each attack on the target and determine whether the target is affected....analyse the mdk3 messages...a capture with wireshark is also a good idea for understanding how a particular device behaves...

Authentication DoS Flood Attack
Floods the victim's device with fake clients thereby causing the victim's device to crash or reset..

EAPOL START FLOOD ATTACKS
some devices accepts 1 packet/sec for the authentication process, more than one packet will trigger deauth. As a result, it is difficult to carry out an EAP flood attacks
some devices behaves "user friendly" with many EAPOL start packets sent, thereby facilitating an effective attack.

EAPOL log off Flood Attack
I haven't thoroughly tested this attack..but i had some degree of success with this when clients are connected to the victim..

Hi repzeroworld, I've used your script becouse the APs that I'm trying to crack lock the WPS after 3 pins.
But all the methods does not work.
Anyway, this last script change the mac before use reaver and so reaver itself give me "Failed to autenticate". This is not a problem, I think that deleting the part of macchanger can resolve this.
What I've noted is that after a number of "Failed to autenticate", the script do something different and I think that try to force autentication. Some "Sending keep-alive packets".
This process of "Failed to atenticate" and "Sending keep-alive packets" does not make autenticated me, but make REBOOT the AP with WPS unlocked! :D

The bad thing is that if I use your script I can't try pins becouse of "Failed to autenticate", but I can reboot AP..
If I delete macchanger I think that I can autenticate, but when the AP locks, the script starts the Eapol or mdk3 and these methods does not work.

So.. I'm writing all this post to ask you if you can write a script or explain me how to do, that use reaver for 3 pins, then try to make the autentication and so make reboot the AP..

Would be great! It can work if think and maybe also for others ;)

its easy to reboot ap just
nonce reboot packets

Can you elaborate on this?

is timeout included in kali 1.0.5 ver.?

It would be nice to have the option to start off with some known pins that have worked in the past.

THanks for all the work . ! script is amazing.

It would be nice to have the option to start off with some known pins that have worked in the past.

THanks for all the work . ! script is amazing.

thank you...I was thinking this line too but If you do have or know of any updated algorithms that generates wps pin, send me a private message...I am also aware of the script wpspin.sh that use an algorithm for computing wps pins...

After it locks, I get stuck . hmm. What is another good method to reboot the AP?

Hi, sorry to bother, but upon the recent changes in aircrack suite the script is not working anymore, I've tryed adjusting it but can't get it right. The new airmon-ng is not creating several monitor interfaces from one card.
Also it could be nice if the script detects more than one wifi card and use both for the attacks.
I'll keep trying to make it work. Thanks for your work!

Hi, sorry to bother, but upon the recent changes in aircrack suite the script is not working anymore, I've tryed adjusting it but can't get it right. The new airmon-ng is not creating several monitor interfaces from one card.
Also it could be nice if the script detects more than one wifi card and use both for the attacks.
I'll keep trying to make it work. Thanks for your work!

Waiting on update. Wish I knew a little more to help
All I know is that aircrack went from monX to wlanXmon

Yeah i have the same airmon issue the last few days. The fix for it is this "iw dev wlan0 interface add mon0 type monitor"

That's assuming you want "wlan0" in monitor mode. It's only a band-aid tho. I have to do it every time i reboot or swap wifi cards. I don't remember if i read that fix here or on another forum/blog. I've been troubleshootin a ton of stuff with not much sleep past few days. I remember somebody mentioning they thought it was caused by kismet tho. Nethunter's doing the same thing tho.

I don't know how to make it persistent, but i'm sure there's an easy enough way to do it. That command is just adding a monitor interface called mon0 to wlan0 so airmon will create mon0 instead of wlan0mon. Dunno why it doesn't stick across reboots. Never needed the iw config files before. But there's gotta be an equivalent of /etc/network/interfaces for iwconfig somewhere in /etc or /usr.

Hopefully repzeroworld can get us an updated version of the script !
Thank you !

Hopefully repzeroworld can get us an updated version of the script !
Thank you !

For those who are still using this script, I will do an update to it due to a new aircrack-ng.....the script and all my other scripts and upcomming gui programs will be found at this site www.crazycodes.org (pending construction) ..in the meantime the current script can be downloaded using the current URL.

In the meantime, those you need to use the script can downgrade their aircrack-ng version. My apologies

repzeroworld

Thanks for your innovation and hard work.
I see that the crazycodes site is still under construction.
I (& many others) would be so grateful if you could find the time to update your script for use with the new aircrack-ng, as in kali 2.

Thanks again

@soother
quick link to experimental version for kali 2.0
http://www.crazycodes.org/revdk3.html
I have been focusing on all sorts of things lately.....nevertheless. I'll have to make some time to get the full site up and working.....
I am out...

when it asks for my wireless eg wlan1,wlan2 at the start on kali 2 it just says my wlan1 does not exist?

Hi,

recently download a new script from http://www.crazycodes.org/revdk3.html but unfortunately it gives an error when i start to execute the script

root@kali:~/Desktop# bash -c ReVdK3-r3.sh
bash: ReVdK3-r3.sh: command not found

anyone could help?

either ReVdK3-r3.sh needs to be in your path or you didn't make it executable. ie chmod +x

Link for kali 2.0 version is not working. Someone can mirror this version?

Am proud to say I have been able to modify the script all thanks to repzeroworld. I wouldn't have been able to do it without his script, cos am sorta a n00b. I'll upload it soon!

FYI: it's modified to work for kali 2.0 and the new aircrack-ng.

http://www.datafilehost.com/d/888bcb3c

thanks :-)

You are welcome

Chunk. Have you had any success using this in kali 2? Am i right in thinking this script is for force-rebooting ap's?

Chunk. Have you had any success using this in kali 2? Am i right in thinking this script is for force-rebooting ap's?

Truth be told it's been a while I used d script last, I use vmr-mdk by musket teams, which is a kinda remix to the original revdk3 usually so many oda stuffz added, takes quite a Lotta time, u could try using pixie dust attacks first, usually cracks wps in seconds if VULNERABLE.

U could search YouTube for how to hack wps locked routers using vmr mdk... Incase u want to use vmr

Please feel free to try the updated version of ReVdK3 for Kali 2.0
https://github.com/r0bag/pentest/blob/master/ReVdK3-r3.sh

A far easier solution is to try running the version by making a persistent usb install of kali1.10a. You can do your pixiedust attacks first thru kali2.0 or 2016R.

MTeams