Results 1 to 12 of 12

Thread: REAVER - non-stop repeating

  1. #1
    Join Date
    2013-Apr
    Posts
    9

    REAVER - non-stop repeating

    Hey guys,

    Ive been challenged by my mate next door to hack his wifi....I am by no means even considered profficient, but i am learning and competent. Im having a few problems.

    Firstly ive already got the handshake, and gone through it with Elcomsoft WSA on my main PC. Ran through 13Gb of wordlists and no use......expected.

    So now im on to WPS cracking. Ive been using aireplay-ng to get the association, and using reaver to crack. Ive have tried all sorts of configs but this is what ive been using lately:

    aireplay-ng -a xx:xx:xx:xx:xx:xx -e virginmediaxxxxxxxxxx mon0 -1 120

    reaver -i mon0 -b xx:xx:xx:xx:xx:xx -vv -c 11 -A -N -S -L

    So this is my current procedure:

    1. airmon-ng start wlan1
    2. ifconfig wlan1 down
    3. ifconfig mon0 down
    4. macchanger wlan1 -A
    5. macchanger mon0 -A
    6. ifconfig wlan1 up
    7. ifconfig mon0 up
    8. aireplay-ng -a xx:xx:xx...........
    9. (new teminal window) reaver -i mon0 -b xx:xx:x.......................

    First issue is that the fastest i can get it to run is 23 pin/sec
    Not sure if killing any of the processes listed by airmon-ng will help, but anything i can do to speed up would be good

    Second and MAIN issue is that ive hit a wall...I`ve got to 90.90% and its just repeating the same pin number over and over again. Wash reports the AP is not locked, and reaver just goes round in circles, reporting m1,m2,m3,m4,timeout, retrying.

    Ive tried some googlefoo but all i can come up with is old bt4 posts, saying to reconfigure the SVN and that as far as my knowlege goes. I dont really want to start faffing around with the drivers etc, unless i really need too.
    [CENTER][B]Computer[/B]: ASUS A53E-K53E - [B]CPU[/B]: Core i5-2450M - [B]RAM[/B]: 8Gb Corsair Vengance 1866MHz[/CENTER]
    [CENTER][B]HDD1[/B]: 750Gb Momentus XT - [B]HDD2[/B]: 500Gb Hitatchi - Via ODD Conversion Tray[/CENTER]
    [CENTER][B]OS[/B]: Ubuntu 13.04 (750Gb) + Kali 64bit Gnome (500Gb) - [B]Wlan0[/B]: Intel 100 - iwlwifi - [B]Wlan1[/B]: Alfa AWUS036H - RTL8187L[/CENTER]

  2. #2
    Join Date
    2013-Mar
    Location
    Jasper, Alberta, Canada
    Posts
    7
    See if the AP's admin has locked WPS midway through your procedure by running wash -i mon0 -C and try relocating closer to the AP. Also KILL the processes called out at the start of your procedure when you ran airmon-ng the first time... the warmings spelled out stand.
    Last edited by Spyslab; 2013-06-15 at 00:29. Reason: added -C
    Jean-Francois

  3. #3
    Join Date
    2013-Mar
    Posts
    9
    virginmedia routers have wps pin association disabled by default. so even if you sent correct pin the router will just ignore it

  4. #4
    Join Date
    2013-Apr
    Posts
    9
    even though wash reports its accessible and unlocked?
    [CENTER][B]Computer[/B]: ASUS A53E-K53E - [B]CPU[/B]: Core i5-2450M - [B]RAM[/B]: 8Gb Corsair Vengance 1866MHz[/CENTER]
    [CENTER][B]HDD1[/B]: 750Gb Momentus XT - [B]HDD2[/B]: 500Gb Hitatchi - Via ODD Conversion Tray[/CENTER]
    [CENTER][B]OS[/B]: Ubuntu 13.04 (750Gb) + Kali 64bit Gnome (500Gb) - [B]Wlan0[/B]: Intel 100 - iwlwifi - [B]Wlan1[/B]: Alfa AWUS036H - RTL8187L[/CENTER]

  5. #5
    Join Date
    2013-Jun
    Location
    Germany
    Posts
    6
    Just an idea! No warranty! (A bit strange but if there is a lazy programmer ...)

    If the router send Beacons and also the Wireless managemant frame, its possible that
    even if wps was locked the router maybe dont set wps locked inside the beacon/managemand-frame
    so wash will tell you that wps wasnt locked.

    Similar here with some Routers, they just ignore the pin after 30 failed attemps but wps seems not locked.
    Some of them unlock wps after hours again ... (from less than 6 up to 24 hours or maybe more)
    And others must be "unlocked" from the webinterface while thy got a better implementation of wps.

    @russ
    virginmedia routers have wps pin association disabled by default. so even if you sent correct pin the router will just ignore it
    That must not mean that they arent vulnerable. Here are routers from one vendor with a bad implemented wps procedure, they also disable wps by default but will respond to a vendor specific pin (01234567 OR 12345678) and deliver the key but thats not all, if you set a new pin they will respond to the new and the vendor pin.

    Maybe he is lucky and got therefor already 90.90%.

    Good Luck!

    Chaos

  6. #6
    Join Date
    2013-Mar
    Posts
    9
    yes, wps is only set to push button by default now, they disabled pin request due to reaver attacks. it can be changed manually by user, but there is no way of knowing, unless you get to 90.90%(all first 4 pin combinations).

  7. #7
    Join Date
    2013-Apr
    Posts
    9
    Im trying again from start.

    I have no choice but to use aireplay to assoc coz reaver just wont do it. but appart from that im only using the additional -w and -N commands.
    The signal is nice and strong (-50Db) and there doesnt seem to be any issues with the quality or anything, just that reaver got to 90.90% and got stuck.

    I found some posts on the github for it saying lots ppl were getting the issue but they were quite old and nobody seemed to find the reason or a fix
    [CENTER][B]Computer[/B]: ASUS A53E-K53E - [B]CPU[/B]: Core i5-2450M - [B]RAM[/B]: 8Gb Corsair Vengance 1866MHz[/CENTER]
    [CENTER][B]HDD1[/B]: 750Gb Momentus XT - [B]HDD2[/B]: 500Gb Hitatchi - Via ODD Conversion Tray[/CENTER]
    [CENTER][B]OS[/B]: Ubuntu 13.04 (750Gb) + Kali 64bit Gnome (500Gb) - [B]Wlan0[/B]: Intel 100 - iwlwifi - [B]Wlan1[/B]: Alfa AWUS036H - RTL8187L[/CENTER]

  8. #8
    Join Date
    2013-Jun
    Location
    Germany
    Posts
    6
    Try to downgrade to reaver 1.3 there is a known bug in 1.4 maybe you get around of this with an older version.

    (I didnt try it under debian based os but under BT5 you just need to download it set permissions if needet and run it from the download folder)

    Good Luck!

    Chaos
    Last edited by Chaos; 2013-06-30 at 01:31.

  9. #9
    Join Date
    2013-Jun
    Posts
    3
    In my experience virgin media routers have WPS disabled, normally i get nothing...

    VM standard passwords are 8 digit lower case all letters, ive been meaning to try a crunch/pyrit/cowpatty type attack on a handshake from a VM router for a while now but haven't got round to it yet. No use if the neighbour has changed the password of course. ..

  10. #10
    Join Date
    2013-Jun
    Posts
    3
    Quote Originally Posted by strokerace View Post
    In your experience? Funny, it looks like this one doesn't have have it disabled. Other wise he wouldn't have gotten to 90% now would he.
    I tried a new talk-talk router the other day, reaver said it was at 92.90% rather quickly but this router also had WPS locked. I suspect it was some sort of error (the fact that it stopped and didnt get the key suggests the same).

    Virgin medias superhubs, which they have been supplying for a quite a while now, are 100% not susceptible to a WPS attack. I suspect that the older routers have had software updates to prevent WPS attacks too. Of course the OP's neighbour could have an older router that is susceptible, which i why i said 'in my experience'.

  11. #11
    Join Date
    2013-Jun
    Posts
    4
    I'm not sure how current this information is, but here is a listing of WPS Flaw Vulnerable Devices.

    https://docs.google.com/spreadsheet/...FpEUDNSSHZEN3c

  12. #12
    Join Date
    2013-Jul
    Posts
    1
    hi 7hr08ik
    Second and MAIN issue is that ive hit a wall...I`ve got to 90.90% and its just repeating the same pin number over and over again. Wash reports the AP is not locked, and reaver just goes round in circles, reporting m1,m2,m3,m4,timeout, retrying.
    You'll find the solution to this at reaver-wps site (Issue 195: Stuck 99.99%, repeats one key )
    the link is http://code.google.com/p/reaver-wps/.../detail?id=195
    post comment #57 c.sala....@gmail.com has the solution to the problem.

    hope this helps

Similar Threads

  1. Making Crunch create random non repeating letters
    By TTG TriCkSh0tZz in forum General Archive
    Replies: 5
    Last Post: 2016-10-08, 05:10
  2. Replies: 3
    Last Post: 2015-12-18, 01:09
  3. Want to know how to make a repeating network traffic killing script
    By optimusprimeduck in forum General Archive
    Replies: 0
    Last Post: 2013-10-09, 23:13

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •