Results 1 to 16 of 16

Thread: Issue with WPA2/WPS enable Crack. Getting a different/Random WPA Key everytime.

  1. #1
    Join Date
    2015-Sep
    Posts
    5

    Issue with WPA2/WPS enable Crack. Getting a different/Random WPA Key everytime.

    Hi yesterday i tired to crack a wifi network with kali-linux wifite, wpa2 with wps enabled network. with wps pixie attack i was able to obtain the WPA Key in a few sec, but when i use that Wpa key to connect it says wrong password. since wifite's pixie attack gives me the PIN tried a different method, used Reaver with that networks PIN, i got the pass but when i tried to connect it says that its a wrong password again, and yet this time i got a different/Random WPA Key then the first one. Again attacked the network with Reaver using the network WPS Pin, this time also a different WPA Key.

    Everytime its is changing the key to a different one, everytime i attack, and yet cannot connect with the cracked wpa key.

    The network is WPA2 with WPS enabled.

    1st key i got with Reaver Attempt:
    1b46ec82daf22eee046c02c73432547f1a121c2f37ae9ff7fb 87d8992341f76

    2nd key:
    2110bb69cd1deb8bdcccb1de4d463ae9369736029601dbc66a dd0d5548bedaf9

    Can any one explain me what is going on and how to crack this kind of Encryption.

    Thank you. :)

  2. #2
    Join Date
    2015-Aug
    Location
    The Pits
    Posts
    87
    Hello whyso,
    I feel your pain! I ran into the same exact situation where I have the correct PIN but every time I run Reaver it returns a different password, along with a slightly different SSID each time. Using that information to "connect to a hidden network" does not work, and the correct PIN does not work as a wpa password. I also tried the TP-Link pin configuration utility under Windows; no luck.
    Then I installed the ACRYLLIC wifi information scanner in a Windows 7 box, and it revealed that the access point had wps but it was "Not Configured".
    So, we're both out of luck. However, you might want to save that PIN just in case someone configures wps on that router someday. Until then, reaver will be of no use.

    EDIT:
    Uh, I should have also mentioned, you still have the option of trying to capture a handshake, and then try to find the password with aircrack-ng or pyrit. There's a LOT of threads with more information on cracking handshakes, look around. And... good luck!
    Last edited by John_Doe; 2015-09-07 at 00:19. Reason: adding another helpful thought

  3. #3
    Join Date
    2013-Jul
    Posts
    844
    There can be several reasons for this. Try searching the WPS-Reaver issues.

    One thing that can cause this is that you are spoofing your mac address but either not including the spoofed mac address in the reaver command line(RCL) OR entering the wrong mac address in the RCL.

    The AP may not be using WPA and is open.

    Try using the reaver command line in a terminal window

    MTeams
    Last edited by mmusket33; 2015-09-08 at 07:16.

  4. #4
    Join Date
    2015-Sep
    Posts
    5
    Thank you for the Reply guys.
    I got several of them laying around me, with WPS enable. This problem occurs on that Network, all other networks works fine.
    Its shows that it is WPA and WPS enabled in different Cracking tools (Fern, wifite, Reaver, etc).
    I use Medium Class Reaver commands. same commands that works fine on other networks. and my MAC is not Spoofed.
    is it giving out different Pin to everyone? Crack Proof maybe!!
    Ill try a Handshake this time. but it ill take a long time. :P

  5. #5
    Join Date
    2013-Jul
    Posts
    844
    If brute force fails and you really want the WPA key you could try this:

    1. Run the reaver attack with the --pin command in the command line.
    or
    2. Make a usb flashdrive of kali and install Reaver1.3 and see what happens. You can find the method and links on the net. You can probably run 1.3 from root with the --pin command. If that doesnot work you will need to brute force the entire 11.000 pins with reaver 1.3 which mean you will need persistence on your flashdrive.

    MTeams

  6. #6
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    It could also be that WPS is enabled, but not configured. For the times where this was true for me (which was only once) I couldn't get past the M2 message. You can check if WPS in configured in a probe response in Wireshark, its somewhere in there but I don't remember exactly off the top of my head.

  7. #7
    Join Date
    2015-Sep
    Posts
    5
    Quote Originally Posted by mmusket33 View Post
    If brute force fails and you really want the WPA key you could try this:

    1. Run the reaver attack with the --pin command in the command line.
    or
    2. Make a usb flashdrive of kali and install Reaver1.3 and see what happens. You can find the method and links on the net. You can probably run 1.3 from root with the --pin command. If that doesnot work you will need to brute force the entire 11.000 pins with reaver 1.3 which mean you will need persistence on your flashdrive.

    MTeams
    Thank you for the reply mate.
    umm i already did it, im using Kali 2.0. which includes reaver 1.3, as mentioned on the thread i have tried with --pin. it gives me different wpa key everytime.

  8. #8
    Here's a solution that might work: Reaver finds PIN but not passphrase.

  9. #9
    Join Date
    2015-Sep
    Posts
    2
    It's complicated issue! i have the same, but the only true way i know is by getting handshake first and using aircrack-ng with a strong wordlist to crack it!!! but you rely need to be patients when doing this cause it takes little time. well you might be lucky if password is not too complicated

  10. #10
    Join Date
    2015-Sep
    Posts
    2
    MY Problem
    Ubuntu 14.04 Atheros AR5B93 reaver-wps Failed
    http://paste.ubuntu.com/12321843/ what is wrong MY test router (dlink) WPA code " WARNING Failed to associate with XX:XX:XX:XX:XX:XX (ESSID: (null))"
    http://paste.ubuntu.com/12346351/ - Fri, 11 Sep 2015 8:26PM

    Solved? :/

  11. #11
    Join Date
    2015-Aug
    Location
    The Pits
    Posts
    87
    Hello trakt,
    Is MAC filtering enabled on that access point? Did you save the MAC addresses of some associated clients?
    You could wait till one of them goes offline, clone that MAC and then see if you can do reaver.
    But I've seen "[!] WARNING: Failed to associate with xx.xx.xx.xx.xx.xx" plenty of times, even when the signal is very good. The access point may have WPS. but if it is set to PBC mode (push button control) you'll never be able to use reaver except with option -p (where you already know the pin).
    If you can capture a handshake, and if you are lucky enough to crack it with aircrack-ng, or better yet, pyrit with the --all-handshakes switch, then you might be able to log into the access point. From there you can get the pin for future use, should they ever change the wifi password.
    Last edited by John_Doe; 2015-09-13 at 05:30. Reason: Had another thought

  12. #12
    Join Date
    2015-Sep
    Posts
    2
    John_Doe, thanks your answer, no MAC filtering and no PBC mode
    Last edited by trakt; 2015-09-14 at 12:26.

  13. #13
    Join Date
    2015-Aug
    Location
    The Pits
    Posts
    87
    Uh... hmm.
    Can you download either Kali or Backbox .iso, burn a DVD and boot to it... chose "live" when you boot up and it will give you a full and properly configured cracking operating system. Of course, performance will be slow and choppy, since you're running off a DVD instead of a hard drive.
    Now run reaver just like you did with your ubuntu, and let me know how it works.

  14. #14
    Join Date
    2013-Jul
    Posts
    844
    To John Doe

    Reference PBS mode we are finding these can be easier to crack in some cases.

    MTeams has been cracking a number of routers using VMR-MDK. We have been just leaving the program on overnight. The program collects no pins but in the morning the WPA key and WPS pin are on the screen. The code is always 12345670. We got thru the admin/password of these routers and the router was always in the PBS mode. In fact we did three in just the last week. So if you stress the router firmware it may give up the WPA/WPS info.

    When routers do not respond at all but the WPS is open we bang on the front door with VMR-MDK off and on for a period of time and many times we get results.

    MTeams

  15. #15
    Join Date
    2015-Sep
    Posts
    5
    Quote Originally Posted by trakt View Post
    MY Problem
    Ubuntu 14.04 Atheros AR5B93 reaver-wps Failed
    http://paste.ubuntu.com/12321843/ what is wrong MY test router (dlink) WPA code " WARNING Failed to associate with XX:XX:XX:XX:XX:XX (ESSID: (null))"
    http://paste.ubuntu.com/12346351/ - Fri, 11 Sep 2015 8:26PM

    Solved? :/
    its because the network your trying to crack is not in range or its is locking you out for too many fail attempts. its a security feature on some routers.
    or
    The Network is not a wps enabled network, in order to crack with reaver the wpa network must have wps enable, to see if its enable you need to use wash command.

    wash -interface --ignore-fcs

    it will show you wps enabled networks.
    then use the reaver on the wps enable networks.

  16. #16
    Join Date
    2015-Sep
    Posts
    5
    Quote Originally Posted by scorpius View Post
    Here's a solution that might work: Reaver finds PIN but not passphrase.
    i ill try this method some time tomorrow and ill let you know if it works or not. Thank you for the reply.

Similar Threads

  1. Kali Linux random shutdown [power management issue?]
    By hydratedscrub in forum TroubleShooting Archive
    Replies: 8
    Last Post: 2015-11-29, 10:47
  2. NETGEARXX Default WPA2 Crack
    By soxrok2212 in forum How-To Archive
    Replies: 12
    Last Post: 2015-07-02, 02:10

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •