Results 1 to 29 of 29

Thread: Reaver not associating.

  1. #1
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520

    Reaver not associating.

    Hello. I'm trying to use reaver to crack my d-link dir655. I'm using an ALFA AWUS036H v5. I've spoofed my mac because I have mac filtering enabled for testing and my commands are
    Code:
    ifconfig wlan0 down 
    ifconfig hw ether (bssid)
    ifconfig wlan0 up
    airmon-ng start wlan0
    reaver -i mon0 -c 1 -b (bssid) --mac=(spoofed mac) -a --dh-small -N -d 0
    The router is using WPA-TKIP and has WPS enabled. Any idea on why it wont associate? I get >Starting mon0 on channel 1< >Waiting for beacon<. In airodump I can confirm that I am getting beacons and my rssi is about -60 (the router is downstairs). Thanks for any help you can provide! Also I'm using reaver 1.4 and the system is all updated.
    Last edited by soxrok2212; 2013-11-08 at 02:24.

  2. #2
    I've had that problem before. I solved it by associating with airiplay-ng, then adding the -A with Reaver.

  3. #3
    Join Date
    2013-Mar
    Location
    http://rastamouse.me
    Posts
    86
    soxrok, could you please use the code tags. It makes things easier to read
    I second greendragon's suggestion.

  4. #4
    Join Date
    2013-Sep
    Posts
    2
    make sure your physical and virtual adapters have the SAME MAC. it will not associate if one is different.

    airmon-ng stop wlan0
    macchanger -m 00:11:22:33:44:55 wlan0
    airmon-ng start wlan0
    ifconfig mon0 down
    macchanger -m 00:11:22:33:44:55 mon0
    ifconfig wlan0 up
    ifconfig mon0 up

  5. #5
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by greendragon4444 View Post
    I've had that problem before. I solved it by associating with airiplay-ng, then adding the -A with Reaver.
    Yes but aireplay-ng's association method only works with WEP encrypted networks, not WPA.

  6. #6
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by rastamouse View Post
    soxrok, could you please use the code tags. It makes things easier to read
    I second greendragon's suggestion.
    Yes sorry, I'm sorta new to the forums and I actually looked for that but I didn't know how! Could you tell me how? Thanks haha.
    edit- I think it's like this
    Code:
     airmon-ng start wlan0
    Last edited by soxrok2212; 2013-09-19 at 23:51.

  7. #7
    Join Date
    2013-Mar
    Location
    http://rastamouse.me
    Posts
    86
    Quote Originally Posted by soxrok2212 View Post
    Yes but aireplay-ng's association method only works with WEP encrypted networks, not WPA.
    I know the aircrack-ng wiki says you can't, but you actually can.

  8. #8
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by rastamouse View Post
    I know the aircrack-ng wiki says you can't, but you actually can.
    I tried to and I get and error saying WEP only. What is the command you used?

  9. #9
    Join Date
    2013-Mar
    Location
    http://rastamouse.me
    Posts
    86
    Just the normal --fakeauth option
    Untitled-1.jpg

  10. #10
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by rastamouse View Post
    Just the normal --fakeauth option
    Untitled-1.jpg
    I get this error.

    Code:
    21:07:43  Sending Authentication Request (Open System) [ACK]
    21:07:43  Authentication successful
    21:07:43  Sending Association Request [ACK]
    21:07:43  Denied (code 10), open (no WEP) ?
    I'm also spoofing my mac. I've gotten it to work on a different AP but I can't figure it out for this one. Can you give me an example of how YOU would set up this attack with a spoofed mac? My command is

    Code:
    ifconfig wlan0 down
    ifconfig wlan0 hw ether xx:xx:xx:xx:xx:xx
    ifconfig wlan0 up
    airmon-ng start wlan0
    reaver -i mon0 -c 1 -b xx:xx:xx:xx:xx:xx -a -d 0 --dh-small -vv
    Last edited by soxrok2212; 2013-09-21 at 01:34.

  11. #11
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by greendragon4444 View Post
    I've had that problem before. I solved it by associating with airiplay-ng, then adding the -A with Reaver.
    I was actually able to associate (I think) using -A in reaver... Although that command means don't associate but I checked in airodump and it showed I was associated but then I get

    Code:
    Trying pin 12345678
    Sending EAPOL start
    Recieve timeout occurred
     Sending EAPOL start
    Recieve timeout occurred
    Any ideas?
    Last edited by soxrok2212; 2013-10-30 at 22:52. Reason: Code error

  12. #12
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    I tried that, but I'll try again using the exact code you used.

  13. #13
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    I've also tried turning MAC filtering off but I still get the receive timeouts. Is there any other way I can associate without using aireplay?

  14. #14
    Join Date
    2013-Sep
    Posts
    2
    Quote Originally Posted by soxrok2212 View Post
    I was actually able to associate (I think) using -A in reaver... Although that command means don't associate but I checked in airodump and it showed I was associated but then I get
    [CODE]
    Trying pin 12345678
    Sending EAPOL start
    Recieve timeout occurred
    Sending EAPOL start
    Recieve timeout occurred
    [\CODE] Any ideas?
    try getting closer to the AP for a better signal or if your right next to it then try getting further away. also check that WPS is turned on..

  15. #15
    Also if tou have problems to get the process done do not put -d 0 and dh small.
    rise the delay ( -d 2 or more ) between PIN attempt and give more delay to the timeouts ( -t and -T )
    It is very important to have in mind that if for example you are connected to the internet in the meanwhile you will probably disturb the fragile attack and get this kind of results.
    you could also gives the model of ypur router,
    Youcould give the output of airodump-ng fixed on the target and it canal.
    You could give the model of chipset used
    And the results of wash.
    good luck
    Last edited by kcdtv; 2013-09-26 at 03:25.

  16. #16
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by kcdtv View Post
    Also if tou have problems to get the process done do not put -d 0 and dh small.
    rise the delay ( -d 2 or more ) between PIN attempt and give more delay to the timeouts ( -t and -T )
    It is very important to have in mind that if for example you are connected to the internet in the meanwhile you will probably disturb the fragile attack and get this kind of results.
    you could also gives the model of ypur router,
    Youcould give the output of airodump-ng fixed on the target and it canal.
    You could give the model of chipset used
    And the results of wash.
    good luck
    I did provide the make and model of the router and usb adapter... as long as the output I get when trying the attack but thanks for the advice on trying the attack without -d or --dh-small. I'll try it later.

  17. #17
    Join Date
    2013-Oct
    Location
    Earth
    Posts
    4
    No Gerix and Reaver is not working; problems with wash too - this is step backwards.

  18. #18
    Join Date
    2013-Oct
    Posts
    7
    Quote Originally Posted by rob_a View Post
    make sure your physical and virtual adapters have the SAME MAC. it will not associate if one is different.


    I was having the same problem as OP with reaver not associating, and trying the same pin over and over again, and I had had my wlan0 and mon0 MAC addresses different. Making them the same seems to have solved the problem, and I would recommend users make sure their MAC addresses are the same if they are having this problem.

  19. #19
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Yeah, I tried removing the MAC address filtering so I didn't even change it and I still get the same error.

  20. #20
    Join Date
    2013-Oct
    Posts
    7
    What is your RXQ when you airodump-ng on the channel of the AP?

  21. #21
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by LirvA View Post
    What is your RXQ when you airodump-ng on the channel of the AP?
    Between 80 and 95.

    Code:
    CH 11 ][ Elapsed: 4 s ][ 2013-11-01 20:26                                     
                                                                                   
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH E
                                                                                   
     xx:xx:xx:xx:xx:xx  -59  92       33        1    0  11  54e . WPA  TKIP   PSK  xxxxx
    Last edited by soxrok2212; 2013-11-02 at 00:24.

  22. #22
    Join Date
    2013-Oct
    Location
    Venice, CA
    Posts
    13
    In my experience, in doesnt associate several times, before it finally does sometimes. Other times it gets it on the first try. I've read that in multiple places and have experienced it on my own as well. Goodluck, hope you solved your issues!

  23. #23
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    I've not had any luck, reaver just spits
    Code:
    + Trying pin 12345670
    - Failed to associate with xxxxx
    + Sending WSC Nack
    ! WPS transaction failed code 0x02

  24. #24
    Join Date
    2013-Nov
    Location
    the state of oppression
    Posts
    16
    Quote Originally Posted by soxrok2212 View Post
    Between 80 and 95.

    Code:
    CH 11 ][ Elapsed: 4 s ][ 2013-11-01 20:26                                     
                                                                                   
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH E
                                                                                   
     xx:xx:xx:xx:xx:xx  -59  92       33        1    0  11  54e . WPA  TKIP   PSK  xxxxx



    Your RQX isn't terrible, but it isn't perfect and it probably isn't the best you can get. Try to get closer if you can, or minimize obstructions between you and the AP. Also run wash to see if the AP has WPS lock enabled.

    Code:
    wash -i mon0

  25. #25
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by Resistor View Post
    Your RQX isn't terrible, but it isn't perfect and it probably isn't the best you can get. Try to get closer if you can, or minimize obstructions between you and the AP. Also run wash to see if the AP has WPS lock enabled.

    Code:
    wash -i mon0
    Code:
    BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID
    ---------------------------------------------------------------------------------------------------------------
    xx:xx:xx:xx:xx:xx      11            -56        1.0               No                xxxxx
    Does not say its locked. I can't figure it out.

  26. #26
    Join Date
    2013-Nov
    Location
    the state of oppression
    Posts
    16
    After you spoof your MAC on your wlan0 and bring it back up, you need to do the same with mon0, and make it the same MAC address.


    [code]
    ifconfig mon0 down
    macchanger -m xx:xx:xx:xx:xx:xx
    ifconfig mon0 up
    [/spoil]


    plz confirm you have done this correctly, and ifconfig shows your wlan0 and mon0 interfaces as having the same MAC address.

  27. #27
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by Resistor View Post
    After you spoof your MAC on your wlan0 and bring it back up, you need to do the same with mon0, and make it the same MAC address.


    [code]
    ifconfig mon0 down
    macchanger -m xx:xx:xx:xx:xx:xx
    ifconfig mon0 up
    [/spoil]


    plz confirm you have done this correctly, and ifconfig shows your wlan0 and mon0 interfaces as having the same MAC address.
    I've removed mac filtering so that shouldn't even be the problem but thanks for the tip!

  28. #28
    Join Date
    2013-Nov
    Location
    the state of oppression
    Posts
    16
    It's not even an issue of MAC filtering, the MAC address for mon0 and wlan0 needs to be the same, even if there is no MAC filtering.

  29. #29
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by Resistor View Post
    It's not even an issue of MAC filtering, the MAC address for mon0 and wlan0 needs to be the same, even if there is no MAC filtering.
    Yes, and I haven't changed either so when I put wlan0 into mon0, the mac address should be the same.

Similar Threads

  1. Replies: 4
    Last Post: 2018-07-21, 02:36
  2. [Reaver][Kali 2016] Reaver Association Issues (Code 18)
    By h4ck0ry in forum General Archive
    Replies: 3
    Last Post: 2016-07-06, 11:54
  3. Problem associating with wpa2 network
    By hotshot247 in forum TroubleShooting Archive
    Replies: 3
    Last Post: 2015-10-19, 02:14

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •