hi evrybody my question is how to increase stage 2 more than 90s
hi evrybody my question is how to increase stage 2 more than 90s
I have same question to, please help us
Linux - Kali
IN the config file there is a selection to recheck pin 12345670 every x cycles. If you selected y/Y then the program at start will check that pin for 90 sec. On cycle two the program will start the brute force attack for the length of time set in the configfile. Read the help files for further.
MTeams
From my testing , i am starting to get the feeling that when i change the MDKTYPE1 variable i tend to collect more pins.Is it it possible that we can be more succesfull i we change attack type on every cycle or is it just me ?.
To NeoCore,
VMR-MDK was written from responses seen from WPS locked routers in real time. MTeams never tested a variable DDOS approach. Therefore if you have a target that responds to variable DDOS please run some tests and find the sequence of DDOS that provides better results. MTeams will write a patch for you to allow the sequence(s) you require. If you find the sequence(s) work, a update to VMR-MDK will be published to allow this feature for community use.
Musket Teams
Last edited by mmusket33; 2016-09-27 at 12:30.
Hi friends and thank you for your help and patience.
up till today i used the TL-WN722N and it did a very good job (a slow one... but good).
today i had the ALFA AWUS36NH and it feels like its not working properly.
i need help with VMR-MDK. when the WASH process start i get the "ERROR FCS".
i found out the with alfa-36NH i need to command it like this: wash -i mon --ignore-fcs or wash -i mon -C.
since it is an auto script, what do i need to do to make it work?
thank you.
Last edited by 1stcowgirl; 2016-09-27 at 13:35.
To 1stcowgirl
Here is your -C patch. You need to change two lines of code only
Open the script with leafpad
Go to line number 5077
ctrl g and enter the line number will take you there
You will find the following:
xterm -g 100x30-1+1 -T "Wash" -e "wash -i $MON 2>&1 | tee VARMAC_WASH/wash01.txt" &
Change the line by adding your -C
xterm -g 100x30-1+1 -T "Wash" -e "wash -i $MON -C 2>&1 | tee VARMAC_WASH/wash01.txt" &
Go to line 7901
You will find:
xterm -g 100x30-1+1 -T "Wash" -e "wash -i $MON 2>&1 | tee VARMAC_WASH/wash01.txt" &
Change the line by adding your -C
xterm -g 100x30-1+1 -T "Wash" -e "wash -i $MON -C 2>&1 | tee VARMAC_WASH/wash01.txt" &
Note there are similar lines of code with a # at the beginning. The # turns the line into a remark and the computer ignores this so make sure you enter the -C in the right line and after the $MON
Test your script
We will add this if we ever offer a update
Musket Teams
Last edited by mmusket33; 2016-09-28 at 12:56.
In the last year MTeams has seen WPS locked routers when subjected to the VMR-MDK process which give up pins while locked for a period and then stop. The WPS locked status does not change. After a few days usually if the channel has changed the WPS locked router gives up more pins and then stops again.
Spoofing the mac address to an associated client seems to obtain more pins but this view is subjective. We also have only a few routers in our areas of operation which respond in this manner.
We think the router freezes as aireplay-ng -1 also stops obtaining any router response.
The DDOS process was only 15 to 20 sec. More then that just seems to lock the router completely.
Musket Teams
Last edited by mmusket33; 2016-10-27 at 11:52.
First of all, I am trying to configure this in Kali 2016.2. I didn't have any issues in 2016.1.
When trying to run "make" under /root/mdk3-v6/, I get the following error:
make -C osdep
make[1]: Entering directory '/root/mdk3-v6/osdep'
Building for Linux
make[2]: Entering directory '/root/mdk3-v6/osdep'
make[2]: 'os.Linux' is up to date.
make[2]: Leaving directory '/root/mdk3-v6/osdep'
make[1]: Leaving directory '/root/mdk3-v6/osdep'
cc -g -03 -w mdk3.c osdep/libosdep.a -o mdk3 -Losdep -losdep -lpthread
/usr/bin/ld: skipping incompatible osdep/libosdep.a when searching for -losdep
/usr/bin/ld: cannot find -losdep
collect2: error: ld returned exit 1 status
Makefile:22: recipe for target 'mdk3' failed
make: *** [mdk3] Error 1
Is there a fix?
To devilsadvocate
MTeams is sorry for the delay in answering however we had to reload a 2016R2 onto a HardDrive(HD) to see if the mdk3 version would install.
In a i386 HD install of 2016R2 we copied the mdk3-v6 folder to root
Then did the following commands
root@localhost:~# cd mdk3-v6
root@localhost:~/mdk3-v6# make
root@localhost:~/mdk3-v6# make install
root@localhost:~/mdk3-v6# mdk3
And the program ran fine
You probably do not have to do the make install as VMR-MDK runs the program from root so you can keep any newer versions of mdk3 on your computer and only run the Musket version from the folder in root if you want to run the -t probe request from the command line or with VMR-MDK. See the VMR-MDK help files that come with the download.
We see comments in this thread that this mdk3 version may not run in some kali linux versions. However for i386 it runs fine.
In closing remember the VMR-MDK process only works on a small number of routers. The help files tell you how to test for the vulnerability.
Musket Teams
Last edited by mmusket33; 2016-11-23 at 04:42.
Hi,I tried the script but it stays on pin 99985677 or 90.90% and it does not advance what does it mean?
Got everything set up. for some reason it's not writing the config file in the VARMAC_CONFIG folder. When i get to the step to select the config file, it doesnt show me an option to select. And I opened the folder to check and its empty. Any ideas on what I did wrong? Thanks guys for all you do
Got it figured out. I didn't realize that vmr-mdk-k2-011x9.sh needed to be in root directly. I was running it out of the folder it was in.
Config folder move to root directory then try
Last edited by blackcat201; 2017-06-22 at 23:25.
Please Mmusket33, new version of the Kali come with reaver version 1.6b and not more exist option -a, not work more with VMR-MDK-K2_011x8.
Should I change to old version?
There is a small error on the line 6071 of the VMR-MDK-K2_011x8 Where is it " sleep .1" I think it should be without the point.
I had to change the lines 5224 and 5279 where is it the "xargs" for "xargs -0" Was giving error with some bssid.
Last edited by dmatrix; 2017-06-24 at 15:29.
To dmatrix
First thankyou for your comments
There is a newer version VMR-MDK-K2-2016R-011x9.zip The github link is at the beginning of this thread. We will be happy to correct any errors you find in the newer version and we have loaded your commentary into our bug file for checking.
For your own use you might edit all the reaver command lines embedded in xterm. Just make a copy of the file remove all the -a entries save and test
Again Thanx
Musket Teams
Last edited by mmusket33; 2017-06-27 at 11:07.
More bars from the router would help.
To bigbiz
MTeams is not sure what you require here?
Musket Teams
I tried to use vmr-mdk on kali2017 (kali-linux-2017.1-amd64.iso) (on vmware)
I am using external card wifi ,all programs is ok (also fluxion is ok)
when I used VMR-MDK-K2-2016R-011x9 in this sequence
1-assume it is in root folder
2-chmod +x VMR-MDK-K2-2016R-011x9
3-./VMR-MDK-K2-2016R-011x9
and program is run
I followed the steps but after the program is running do only stage 1 (Just scan AP Activity) for 10 times
and give me wps pin not found and then need to restart
(image from output --imgur.com/a/RRy3j--)
what is wrong did it please help
To all users of varmacscan and VMR-MDK. The newer version of reaver version 1.6b has removed the -a entry in the menu. This has caused several problems. Reaver will no longer restart automatically and requires a keyboard entry. MTeams is currently coding around this problem and will issue a REAVER 1.6B version when coding and tests are completed. Simply removing the -a from the reaver command lines will not solve the problem. Furthermore the new wash has removed the -C entry or ignore FCS errors. Older versions continue to function.
Musket Teams
To EASD
MTeams does not support amd or VM ware as we cannot test. However it looks to us that there simply is no target seen as the scan went thru the 10 cycles.
Thanks for your answer
Ok I will test it on not VMware
but please let me say what I did
1-1.jpg
2-2.jpg
3-3.jpg
4-4.jpg
5-5.jpg
6-6.jpg
7-7.jpg
8-8.jpg
9-9.jpg
10-10.jpg
11-11.jpg
"reaver" window just show in less than a second then disappeared
12-12.jpg
13-13.jpg
thanks for your time
please tell me what I did wrong or just not work in VMware
thanks again
Last edited by maiki; 2017-07-03 at 10:16. Reason: Merge posts
To dmatrix
MTeams has coded around the problems and is testing in varmacscan. When we release varmacscan for kali 2017 then a rewrite of VMR-MDK will immediately follow.
Musket Teams
I made the change in the rows of the Reaver, Where I had "-a" Replaces "--session=/etc/reaver/$MACSTRIP.wpc" I just changed in this same line it does not have "--session" option defined.
We are releasing varmacscan-K1-2-2017-6-1.sh and are starting VMR-MDK.
Musket Teams
^^ I just have to say how much I appreciate your constant efforts and your generosity to share your results. Thanks man, you are fantastic!
Musket Teams have released VMR-MDK-K2-2017R-012x2 for Kali 2,2016,2017 and all versions of reaver
The aireplay-ng fake auth has been made regenerative.
Several bugs have been corrected, some thanks to dmatrix.
Comments requested by kcdtv have been added.
Script tested in both persistent usb installs and harddrive installs for reaver 1.52 and 1.53 and kali 2016 and 2017 using i386.
Expect the mac changing routines to be slowed. This is to support wifi receivers at the end of five(5) meter extension cables which is the max length allowed.
We do not support VM Ware and amd or persistent usb installs using luks encryption as we cannot test.
You can download at:
https://github.com/musket33/VMR-MDK-...017R-012x2.zip
or
http://www.datafilehost.com/d/76c80a9d
Musket Teams
Last edited by mmusket33; 2017-07-06 at 01:08.
To EASD
We have looked thru your jpg images. IT looks to us that you are doing nothing wrong. The program looks for a response from the TargetAP. The network you selected simply is not responding to reaver. Try another network Or if you see another client associated to the target enter that clients mac address thru the config file ie spoof the mac and try again. This would check for mac blocking setup in the router firmware.
MTeams
How to use varmacscan to determine if a WPS Locked router ??MAY?? be succepible to VMR_MDK
Currently MTeams is writing a module within varmacscan to alert the user if a network may be susceptible to VMR-MDK. Until this rewrite is available, users can employ the following manual method to determine if a WPS locked network ??may?? allow slow but consistent WPS pin harvesting thru the VMR-MDK process.
For reference, MTeams found that some routers although showing a WPS locked state, still gave up a limited number of WPS pins and then stop. It was later found that some of these Networks when exposed to a short intense DDOS process would then allow another cycle of WPS pins to be harvested. Networks then may show one(1) of three(3) possible states when their WPS system is locked.
1. No WPS pins can be collected
2. Limited pins are collected but pin harvesting then permanently stops
3. Limited pins are collected then pin harvesting stops but when subjected to DDOS more pins can be collected.
VMR-MDK was then written to take advantage of this network response.
Using VMR-MDK to determine if a WPS locked network is susceptible can be done but the user must point VMR-MDK at the network to see if pins can slowly be collected. As each network must be individually attacked, testing each WPS locked Network can take some time. Varmacscan however is robotic in nature and scans all networks within range of the wifi receiver. It also writes a logfile.
All log files can be quickly checked for pin harvesting thru the following command line in a terminal window(TW)
grep -l "Pin count advanced:" /root/VARMAC_LOGS/*
If you wish to write to a file called pincollection written to root/ then:
grep -l "Pin count advanced:" /root/VARMAC_LOGS/* | cat > pincollection
If the networks' WPS system is always open you can focus a reaver attack thru the command line.
If the networks' WPS system is locked or Open then locked you can use VMR-MDK to test for this vulnerability
Musket Teams
Last edited by mmusket33; 2017-09-03 at 10:53.
For some reason (probably because I use the t6x fork not the official one in Kali) reaver is not recognized.
Therefore everything is pretty meaningless.
I'm running Kali rolling 4.12.0 but this was the case since I first downloaded the script (4.8.0) so I don't think it's Kali related.
Any advice what should I correct in the script?
To PinCracker
The problem is probably the reaver version. Just download the latest VMR-MDK and the problem should be corrected
You can download at:
https://github.com/musket33/VMR-MDK-...017R-012x2.zip
or
http://www.datafilehost.com/d/76c80a9d
If your problem still remains gives us some details but this newer version works for us. You can read thru this thread to find the technical details but other bugs are also corrected in this newer release.
Musket Teams
Will these programs work on 64 bit kali install?
To bigbiz
The only program that may not run is the mdk3 program in the zip file. That mdk3 version supports invalid essid and that version is only used when running that DDOS attack. All other mdk3 attacks call up the version in kali. Even if you try and run that version of mdk3 all that occurs is the Xterm window for that attack will not run.
Musket Teams
mmusket33, so for a better attack VMR should we install kali 32?
I have tried to brute force wps pin against locked routers. The only thing working against several routers is the "mdk3 a -a (bssid) m" command. The router resets and I can get pins again. If it can be in an auto loop with a script it will get the pin even tho it locks. Tried revdk3 if this script would have the command it would work perfect...
To Dubbie
VMR-MDK should work fine for you here. Just select the mdk3 type you require and the length of time you want to run reaver and DDOS the target among other things.
Musket Teams
If you brute force this way it continuous resets the router so the user loses his internet connection and its a matter of time the user will contact the ISP.. So my thoughts on this is that in general most people sleep at night time and if you could set time that the brute force and resetting starts and ends it would work a lot better.
Greetings
If I use apt-get install what is the command name? Please.
@bigbiz
Read the instructions. mmusket33 explains everything very well!
Due to text output changes in Reaver version 1.63, pixiedust pin extraction modules in VMR-MDK-K2-2017R-012x2.sh and PDDSA-K2-06.sh will no longer function. The code is being corrected and new versions supporting the latest will be posted after testing.
Musket Teams
VMR-MDK and varmacscan will run using reaver 1.63 however onlythe automatic pixiedust pin extraction module will not function. You can run reaver from the command line and collect a data sequence and test for the pin manually until the rewrite is finished .
Musket Teams
Hi Team Musket,
Awesome work with the script - may I ask for a little help on the issue I am currently experiencing with 64 bit Kali 2017.3.
Everytime I run the script (VMR-MDK-K2-2017R-012x2.sh), I am getting to the config selection screen, yet no options are visible (empty list):
aaaaa.JPG
I have changed the attribute for the entire VMR-MDK-Kali2-Kali2016 folder (chmod 755, as in the manual) and I see 3 VARMAC folders created in the main folder (VARMAC_CONFIG, VARMAC_LOGS, VARMAC_WASH).
What could be the issue here & how do I fix it so that the config created by VMR-MDK is created inside the VARMAC_CONFIG file? It is not possible to proceed further without the config file, as the parameter values are not loaded / show empty fields.
Appreciate any help here
TO: ch1nczyk
You state
"I have changed the attribute for the entire VMR-MDK-Kali2-Kali2016 folder"
Do not run from the folder - run the script from root?
./VMR-MDK-K2-2017R-012x2.sh
We cannot check if it is a 64 bit problem as we have no 64 bit computers.
MTeams has just finished updating and testing the pixiedust modules in varmacscan and should post that within a day or two. As we speak we are beginning the same work on VMR-MDK. If we find a problem we will post here. Furthermore we should have the VMR-MDK script supporting reaver v1.63 within a week or two .
We tested the script in a persistent usb install of kali-linux-2017.3-i386 and there was no issue.
There is a copy of the config file in the package. You could just place that file in the VARMAC_CONFIG folder then update or change the entries with a text editor. You can name as required and select the file at the prompt.
Please keep us advised
MTeams
Last edited by mmusket33; 2018-01-09 at 12:12.
Thank you Team, I managed to solve the issue thanks to your post.
The problem was that I was running the sctip from a folder, rather than directly from root. When executed form root, the VARMAC folders were created and config file too.
Now, after playing with the script for a while, I have a question whether it would be possible to include the -N (or --no-nacks) option in the config file? There are certain routers (including mine) that will not progress in Reaver without this option. As soon as it is enabled, Reaver manages to test PINs.
Could you please include it in the next release of VMR-MDK or instruct me how can I add it myself?
Thank you in advance!
With reaver no longer being mantained or updated do you mantain this program too. Also I having trouble loading program even when downloaded with firefox in linux? I get no programs.in my option Reaver was the best program of wireless hackrams.