Page 4 of 6 FirstFirst 123456 LastLast
Results 151 to 200 of 256

Thread: Howto frankenScript

  1. #151
    Join Date
    2013-Oct
    Posts
    321
    @ Quest, Regarding post 139.

    [4] = Bully & Default WPS Pin Keygens:
    Option 4 would be the quickest attack so I thought it made sense to list it first.
    I couldn't get option 4 to work until I added -F.

    [5] = Bully Bruteforce Settings:
    Option 5 would take longer than option 4 so I thought it made sense to list it after option 4.
    I couldn't get option 5 to work until I added -F.

    [6] = Bully Custom Settings:
    Option 6 is more for advanced users and will probably be the least used, so I thought it should be placed last in the list.

    I'm not sure what you mean here "Bully Current Attack Command:
    bully mon0 -c 8 -b 64:70:02:XX:XX:XX -v 3 <------two spaces before "-v"?"

  2. #152
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    yes, I understood that logic, but I didn't(still don't) agree lol

    [6] = Bully Custom Settings:
    bully mon0 -c 8 -b 64:70:02:XX:XX:XX -v 3
    is the simplest formula of the three, and probly the most efficient for most users, anytime, anywhere (easy does it, remember?). Then the user can build on that as an option.

    [4] = Bully & Default WPS Pin Keygens:
    The '-p' option is rarely used with Bully or (Reaver v1.4 fork r3). Only in weird AP cases would anyone resort to that trick. Please educate me if I'm missing something here, but the few times I had to use to the '-p' argument specifying the first 4 pin number, it's because Reaver had issues in a previous/botched session. So that should be last option imo.


    [5] = Bully Bruteforce Settings:
    if you could just rename that attack, I wouldn't have an issue with it.


    The two spaces before the '-v 3' in # [6] = Bully Custom Settings results in this...
    bully mon0 -c 8 -b 64:70:02:XX:XX:XX
    the '-v 3' argument is not there.
    Try it yourself you will see.
    Last edited by Quest; 2014-10-13 at 02:50.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  3. #153
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    actually all three attacks should have a 'user input' as an option.

    [4] = Bully Easy Settings With User Input Option:
    bully mon0 -c 8 -b 64:70:02:XX:XX:XX -v 3

    [5] = Bully Bruteforce Settings With User Input Option:
    bully mon0 -c 8 -b 64:70:02:XX:XX:XX -F -B -l 60 -v 3

    [6] = Bully & Default WPS Pin Keygens With User Input Option:
    bully mon0 -c 8 -b 64:70:02:XX:XX:XX -F -B -l 60 -v 3 -p 65822746
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  4. #154
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    actually all three attacks should have a 'user input' as an option.

    [4] = Bully Easy Settings With User Input Option:
    bully mon0 -c 8 -b 64:70:02:XX:XX:XX -v 3

    [5] = Bully Bruteforce Settings With User Input Option:
    bully mon0 -c 8 -b 64:70:02:XX:XX:XX -F -B -l 60 -v 3

    [6] = Bully & Default WPS Pin Keygens With User Input Option:
    bully mon0 -c 8 -b 64:70:02:XX:XX:XX -F -B -l 60 -v 3 -p 65822746
    I left the -v out of Bully Custom Settings because some people might not want to see the output for whatever reason, wouldn't be customs settings if I forced people to use -v, besides it can still be added by the user.

    The other two bully attacks are preset so even a dumb *** could perform the attack. LOL
    Anyway there is no need to have user input for them when there is a custom setting option they can choose, the custom option can perform every bully attack.
    So you see if I changed the other two to have user input it would be like having three of the same options, but two of them limited and pointless.

  5. #155
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Quote Originally Posted by slim76 View Post
    I left the -v out of Bully Custom Settings because some people might not want to see the output for whatever reason, wouldn't be customs settings if I forced people to use -v, besides it can still be added by the user.
    I agree.

    Quote Originally Posted by slim76 View Post
    The other two bully attacks are preset so even a dumb *** could perform the attack. LOL
    Anyway there is no need to have user input for them when there is a custom setting option they can choose, the custom option can perform every bully attack.
    So you see if I changed the other two to have user input it would be like having three of the same options, but two of them limited and pointless.
    I disagree.

    Let's wait for more user input on the matter. I'm not a Bully/Reaver expert :]
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  6. #156
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580

    Post my laundry list

    Packaging
    - the '()' should not be used when creating a .deb because it won't install.

    Invoke
    - fs3.sh, is version specific(3). I do not have to type in wifitev82 when invoking Wifite or Reaver.

    Scans
    - it is counter-intuitive to click on the first window and press [Enter] when stopping airodump or wash. [Ctrl]+[c] should be allowed to stop the process in the second window, and that would return the 'Enter' in the first window.

    Features
    - Script Launcher, that was useful.
    - verify a .cap option separately would be useful also. cowpatty -r Xxxxxxx.cap -c , pyrit -r Xxxxxxx.cap analyze

    ...
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  7. #157
    Join Date
    2014-Oct
    Posts
    11
    Hello all,
    it's a long time I'm following with great interest the FrankenScript thread, thank you Slim for your work and Quest for your tests!
    I'd add a couple of items to Quest's laundry list:

    1) giving the user the chance to increase TX power with three options - 27, 30 and, maybe, 33db for those 2000 milliwatt devices (if I'm not wrong 30 is for up to 1000 mW devices).
    2) giving the user the chance to use the --band parameter of Airmon in order to scan both 2.4 and 5Ghz band.

    A question or two about Bully bruteforce attack (my apologies if Quest has already asked that but I haven't found the messages): shouldn't the -B option be used in the command?
    And shouldn't be better if the user would be asked for the deletion of the file aabbccddeeff.run, located in /root/.bully, if existing?
    I ask this because I wonder if that file could be still useful if I change the Bully attack type on the same A/P.
    Then I've another question about Bully but I have to copy&paste the messages on terminal, I'll post it later.
    Many thanks in advance!
    Best regards

    Angelo

  8. #158
    Join Date
    2014-Oct
    Posts
    11
    Here's the console after launching Bully (sorry for the long message):

    ~# bully mon0 -c 1 -b aa:bb:cc:dd:ee:ff -F -l 60 -v 3 -B

    [!] Bully v1.0-22 - WPS vulnerability assessment utility
    [+] Switching interface 'mon0' to channel '1'
    [!] Using 'gg:hh:ii:jj:kk:ll' for the source MAC address
    [+] Datalink type set to '127', radiotap headers present
    [+] Scanning for beacon from 'aa:bb:cc:dd:ee:ff' on channel '1'
    [!] Excessive (3) FCS failures while reading next packet
    [!] Excessive (3) FCS failures while reading next packet
    [!] Excessive (3) FCS failures while reading next packet
    [!] Disabling FCS validation (assuming --nofcs)
    [+] Got beacon for 'xxxxxxxxxxxxx' (aa:bb:cc:dd:ee:ff)
    [+] Loading randomized pins from '/root/.bully/pins'
    [+] Index of starting pin number is '00000000'
    [+] Last State = 'NoAssoc' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( ID ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( M2 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( M2 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( Assn ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( ID ) = 'Timeout' Next pin '58840458'
    [+] Rx( ID ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( ID ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( ID ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( Auth ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( ID ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( ID ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( M2 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( M2 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( Auth ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx( Auth ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Sent packet not acknowledged after 3 attempts
    [+] Tx(DeAuth) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( ID ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( ID ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'
    [+] Rx( M1 ) = 'Timeout' Next pin '58840458'

    Then I did a CTRL+C.
    So I'd like to know:

    1) whick kind of file is '/root/.bully/pins' and how it works?
    2) why the pin is always '58840458'?

    As you can see I added the -B parameter, but with or without it the console messages are the same.
    Thanks again!

    Angelo

  9. #159
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by AngeloM View Post
    Hello all,
    it's a long time I'm following with great interest the FrankenScript thread, thank you Slim for your work and Quest for your tests!
    I'd add a couple of items to Quest's laundry list:

    1) giving the user the chance to increase TX power with three options - 27, 30 and, maybe, 33db for those 2000 milliwatt devices (if I'm not wrong 30 is for up to 1000 mW devices).
    2) giving the user the chance to use the --band parameter of Airmon in order to scan both 2.4 and 5Ghz band.

    A question or two about Bully bruteforce attack (my apologies if Quest has already asked that but I haven't found the messages): shouldn't the -B option be used in the command?
    And shouldn't be better if the user would be asked for the deletion of the file aabbccddeeff.run, located in /root/.bully, if existing?
    I ask this because I wonder if that file could be still useful if I change the Bully attack type on the same A/P.
    Then I've another question about Bully but I have to copy&paste the messages on terminal, I'll post it later.
    Many thanks in advance!
    Best regards

    Angelo
    You're welcome mate.

    I didn't include a TX power option because I believe there is a change it could damage some wireless network cards.
    I still might add the TX power option and add a big warning to go with it. LOL

    Regarding the --band parameter of Airmon in order to scan both 2.4 and 5Ghz band.
    I didn't know about it until you mentioned it, could you post the commands and explain a little about it please.

    Regarding the Bully pin issue.
    I've only used Bully a few times and don't know much about it, but I think your pin issue might be because of a weak or intermittent signal.
    Last edited by slim76; 2014-10-14 at 11:30.

  10. #160
    Join Date
    2013-Oct
    Posts
    321
    Ok now I'm completely confused about the bully bruteforce attack, can someone post the proper commands and double/triple check they're correct please.

  11. #161
    Join Date
    2014-Oct
    Posts
    11
    Quote Originally Posted by slim76 View Post
    Regarding the --band parameter of Airmon in order to scan both 2.4 and 5Ghz band.
    I didn't know about it until you mentioned it, could you post the commands and explain a little about it please.
    Sorry Slim, I meant Airodump, my bad.

    Quote Originally Posted by slim76 View Post
    I didn't include a TX power option because I believe there is a change it could damage some wireless network cards.
    I still might add the TX power option and add a big warning to go with it. LOL
    Fair enough.
    I could add a script, or more than one with different power settings, to launch depending which adapter I'm using.

    Quote Originally Posted by slim76 View Post
    Regarding the Bully pin issue.
    I've only used Bully a few times and don't know much about it, but I think your pin issue might be because of a weak or intermittent signal.
    I'd say it's not something related to a weak or intermittent signal, let me try to explain: I noticed this problem using three different adapters on different locations, different adapters but all of them using the same driver (rt2800usb) so I wonder if doing a kernel update to a 3.16 version (as per instructions found here) could fix some problems.
    I still wonder if the pin problem could be related to a bad/corrupted pins file (opened it and it isn't human readable, at least for me, so I don't know if it's corrupted, binary or whatever else).
    Any thought about the deletion of aabbccddeeff.run located in /root/.bully, if existing?

  12. #162
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    sorry I was out.

    Not sure what you want us to do Slim. The -B argument in Bully is bruteforce.

    Quote Originally Posted by AngeloM View Post
    1) giving the user the chance to increase TX power with three options - 27, 30 and, maybe, 33db for those 2000 milliwatt devices (if I'm not wrong 30 is for up to 1000 mW devices).
    Great idea as it seems to be popular, but just a side note to all, increasing your TX power does not augment the received signals strength. Unfortunately.

    Quote Originally Posted by AngeloM View Post
    2) giving the user the chance to use the --band parameter of Airmon in order to scan both 2.4 and 5Ghz band.
    Nice!! Thank you. Had no idea also.

    Quote Originally Posted by AngeloM View Post
    A question or two about Bully bruteforce attack (my apologies if Quest has already asked that but I haven't found the messages): shouldn't the -B option be used in the command?
    yess the score is now 2-1 lalalallaaallalalala

    Quote Originally Posted by AngeloM View Post
    And shouldn't be better if the user would be asked for the deletion of the file aabbccddeeff.run, located in /root/.bully, if existing?
    I ask this because I wonder if that file could be still useful if I change the Bully attack type on the same A/P.
    i must admit my cluelessness on that one. But please educate us on that .run file.


    Quote Originally Posted by slim76 View Post
    Regarding the Bully pin issue.
    I've only used Bully a few times and don't know much about it, but I think your pin issue might be because of a weak or intermittent signal.
    yup that's what I'm thinking.
    Last edited by Quest; 2014-10-15 at 01:26.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  13. #163
    Join Date
    2014-Oct
    Posts
    11
    Quote Originally Posted by Quest View Post
    i must admit my cluelessness on that one. But please educate us on that .run file.
    I'm still have a delay with the messages posted as they still must be moderator-approved, so sorry if you see my messages with some delay (this is my fourth post and I'm still waiting for the third one).
    About the .run file, it seems that Bully save a sort of temp file on /root/.bully that should be recalled if the attack is interrupted so no need to restart from the beginning, but in the same time I wonder what happen if I change the Bully attack to the same A/P.
    For example, I start a certain type of attack to the A/P on aa:bb:cc:dd:ee:ff, so a aabbccddeeff.run file is created under /root/.bully/.
    Then I stop the attack, or it fails, and the .run file is still located under /root/.bully/.
    I then launch a different attack, or even the same attack as before but with different parameters: I see that Bully check for the aabbccddeeff.run file and it find the previous one but no clues about how it will manage the contents, I don't know if Bully try to continue starting from the last try or what, I'm worried about the fact that the actual attack is 'dirtied' because the previous one (I hope I was able to explain myself in an understandable way, sorry but English is not my native language).

  14. #164
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by AngeloM View Post
    I'm still have a delay with the messages posted as they still must be moderator-approved, so sorry if you see my messages with some delay (this is my fourth post and I'm still waiting for the third one).
    About the .run file, it seems that Bully save a sort of temp file on /root/.bully that should be recalled if the attack is interrupted so no need to restart from the beginning, but in the same time I wonder what happen if I change the Bully attack to the same A/P.
    For example, I start a certain type of attack to the A/P on aa:bb:cc:dd:ee:ff, so a aabbccddeeff.run file is created under /root/.bully/.
    Then I stop the attack, or it fails, and the .run file is still located under /root/.bully/.
    I then launch a different attack, or even the same attack as before but with different parameters: I see that Bully check for the aabbccddeeff.run file and it find the previous one but no clues about how it will manage the contents, I don't know if Bully try to continue starting from the last try or what, I'm worried about the fact that the actual attack is 'dirtied' because the previous one (I hope I was able to explain myself in an understandable way, sorry but English is not my native language).
    No need to be sorry for anything mate, I think your english is very good.
    The files you mention are located at /root/.bully and I think they get overwritten every time you perform an attack.

  15. #165
    Join Date
    2014-Oct
    Posts
    11
    No, I checked right now and those .run files are not overwritten, if you open them you see the 'history' of the attack with every pin used.

  16. #166
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580

    Question

    little voodoo stuff with your coffee?

    I'm trying to test the above and my returns says:

    Saved session to '/root/.bully/98fcxxxxxxxx.run'
    but I do not have such file in root (Home). No .bully, no .run to be found in root. Weird.

    So I cannot help with that, I don't even have that .run file.
    Last edited by Quest; 2014-10-16 at 13:58.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  17. #167
    Join Date
    2014-Oct
    Posts
    11
    It's an hidden folder, when I set my system in order to show hidden files and folders I then saw a lot of folders beginning with . (such .bully).

  18. #168
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    little voodoo stuff with your coffee?

    I'm trying to test the above and my returns says:



    but I do not have such file in root (Home). No .bully, no .run to be found in root. Weird.

    So I cannot help with that, I don't even have that .run file.
    Show Hidden Files ;-) LOL

  19. #169
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    I see what you are saying about the -B argument..

    -B, --bruteforce : Bruteforce the WPS pin checksum digit [No]
    what they mean by "bruteforce" concern only the checksum digit...

    What did you mean Slim by 'bruteforce'? Check all combination of 8 numbers possible for APs that do not follow the 4-3-1 convention?

    Because the only one that offers a true bruteforce is reaver 1.4 fork r3, with the '-X' argument. Takes alot longer.
    Last edited by Quest; 2014-10-16 at 19:47.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  20. #170
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Quote Originally Posted by AngeloM View Post
    It's an hidden folder, when I set my system in order to show hidden files and folders I then saw a lot of folders beginning with . (such .bully).
    Quote Originally Posted by slim76 View Post
    Show Hidden Files ;-) LOL
    yes i got them. The problem is that Bully does not offer to start from the beginning. I wouldn't worry about that too much, because once a pin is tested, it is tested, regardless of the arguments. But when using the '-p' argument to start with a given pin, will it cycle trough all pins? That would be my question.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  21. #171
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Slim, as I said before (can't remember where), Reaver 1.4 has difficulties with certain APs. I find it useful (necessary) to use reaver 1.3, reaver 1.4 fork r3, or bully.

    Any chance you could incorporate reaver 1.3 and, reaver 1.4 fork r3 in FS? Otherwise I have to un/install reaver.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  22. #172
    Join Date
    2014-Oct
    Posts
    11
    Speaking about Bully, could this page be useful?
    Anyway there's something into the commands syntax that seems wrong (check first two examples, same syntax but different behaviour), still to check that.

  23. #173
    Join Date
    2014-Oct
    Posts
    11
    Tried now.
    First try: sudo bully mon0 --bssid aa:bb:cc:dd:ee:ff -v 3 --bruteforce
    Messages:
    Loading randomized pins from '/root/.bully/pins'
    Restoring sessions from '/root/.bully/aabbccddeeff.run'
    WARNING: Randomized search requested but prior session was sequential
    Use --force to ignore above warning(s) and continue anyway.

    Second try: sudo bully mon0 --bssid aa:bb:cc:dd:ee:ff -v 3 --bruteforce --force
    Messages:
    Index of starting pin number is '89244548'
    Then lot of messages "Next pin '57292736'", pin never changed.

    Third try: sudo bully mon0 --bssid aa:bb:cc:dd:ee:ff -v 3 --bruteforce --pin 00000001
    Messages:
    Starting pin specified, defaulting to sequential mode
    Restoring session from '/root/.bully/aabbccddeeff.run' (so it restore the session even if I use the --pin parameter)
    WARNING: Sequential search requested but prior session was randomized

    Fourth try: sudo bully mon0 --bssid aa:bb:cc:dd:ee:ff -v 3 --bruteforce --pin 00000001 --force
    Same as second try, first pin as per parameter given but it never change.
    Tried even using the -S parameter (force sequential pins) without giving the --pin parameter, it started with 00000001 but it never changed.

  24. #174
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    and does deleting the .bin and start a new session with that AP solve that problem?
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  25. #175
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    Slim, as I said before (can't remember where), Reaver 1.4 has difficulties with certain APs. I find it useful (necessary) to use reaver 1.3, reaver 1.4 fork r3, or bully.

    Any chance you could incorporate reaver 1.3 and, reaver 1.4 fork r3 in FS? Otherwise I have to un/install reaver.
    I'm not sure but we can try.
    Do you know if the dependencies are the same for all the different versions of reaver?.
    What architecture are you using?.

  26. #176
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Great!

    x64

    The dependencies are the same.
    Code:
    apt-get install libsqlite3-dev && apt-get install libpcap0.8-dev
    Reaver 1. 0/1/2/3/4 http://code.google.com/p/reaver-wps/downloads/list

    Reaver 1.4 fork r3 https://code.google.com/p/reaver-wps-fork/
    Original thread https://code.google.com/p/reaver-wps.../detail?id=195


    That would rock. Alot of ppl are reporting that 1.3 works better than 1.4. You would make alot of friends.

    1.4 fork r3 has some good features.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  27. #177
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    Great!

    x64

    The dependencies are the same.
    Code:
    apt-get install libsqlite3-dev && apt-get install libpcap0.8-dev
    Reaver 1. 0/1/2/3/4 http://code.google.com/p/reaver-wps/downloads/list

    Reaver 1.4 fork r3 https://code.google.com/p/reaver-wps-fork/
    Original thread https://code.google.com/p/reaver-wps.../detail?id=195


    That would rock. Alot of ppl are reporting that 1.3 works better than 1.4. You would make alot of friends.

    1.4 fork r3 has some good features.
    I got good news and bad news for you.
    The good news is I've done it already, it was easy.

    FrankenScript can now use Reaver 1.3, Reaver 1.4 fork r3 and whatever version you currently have installed.
    No need to keep installing/uninstalling to use a different versions of reaver, and I think it might even be possible to perform multiple attacks simultaneously while using different versions of reaver.

    Now for the bad news.
    I haven't added it to the current version of FrankenScript, I've added it to the new one I'm currently writing.

  28. #178
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    really!?

    i'M gonna need a howtoo on that one.

    How do you install another version of reaver without uninstalling first?
    How do you invoke a reaver if there are many?

    Anyways that is really cool. Never asked before as I did not think it was feasible. Can't stop progress!
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  29. #179
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580

    Reavers arguments

    no difference betwenn 1.3 and 1.4. Only three more option with fork r3.


    Code:
    Reaver v1.3 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    Required Arguments:
    	-i, --interface=<wlan>          Name of the monitor-mode interface to use
    	-b, --bssid=<mac>               BSSID of the target AP
    
    Optional Arguments:
    	-m, --mac=<mac>                 MAC of the host system
    	-e, --essid=<ssid>              ESSID of the target AP
    	-c, --channel=<channel>         Set the 802.11 channel for the interface (implies -f)
    	-o, --out-file=<file>           Send output to a log file [stdout]
    	-s, --session=<file>            Restore a previous session file
    	-a, --auto                      Auto detect the best advanced options for the target AP
    	-f, --fixed                     Disable channel hopping
    	-5, --5ghz                      Use 5GHz 802.11 channels
    	-v, --verbose                   Display non-critical warnings (-vv for more)
    	-q, --quiet                     Only display critical messages
    	-h, --help                      Show help
    
    Advanced Options:
    	-p, --pin=<wps pin>             Use the specified 4 or 8 digit WPS pin
    	-d, --delay=<seconds>           Set the delay between pin attempts [1]
    	-l, --lock-delay=<seconds>      Set the time to wait if the AP locks WPS pin attempts [315]
    	-g, --max-attempts=<num>        Quit after num pin attempts
    	-x, --fail-wait=<seconds>       Set the time to sleep after 10 unexpected failures [0]
    	-r, --recurring-delay=<x:y>     Sleep for y seconds every x pin attempts
    	-t, --timeout=<seconds>         Set the receive timeout period [5]
    	-T, --m57-timeout=<seconds>     Set the M5/M7 timeout period [0.20]
    	-S, --dh-small                  Use small DH keys to improve crack speed
    	-L, --ignore-locks              Ignore locked state reported by the target AP
    	-E, --eap-terminate             Terminate each WPS session with an EAP FAIL packet
    	-n, --nack                      Target AP always sends a NACK [Auto]
    	-w, --win7                      Mimic a Windows 7 registrar [False]
    
    Example:
    	reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv
    
    
    
    
    
    
    
    
    
    
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    Required Arguments:
    	-i, --interface=<wlan>          Name of the monitor-mode interface to use
    	-b, --bssid=<mac>               BSSID of the target AP
    
    Optional Arguments:
    	-m, --mac=<mac>                 MAC of the host system
    	-e, --essid=<ssid>              ESSID of the target AP
    	-c, --channel=<channel>         Set the 802.11 channel for the interface (implies -f)
    	-o, --out-file=<file>           Send output to a log file [stdout]
    	-s, --session=<file>            Restore a previous session file
    	-C, --exec=<command>            Execute the supplied command upon successful pin recovery
    	-D, --daemonize                 Daemonize reaver
    	-a, --auto                      Auto detect the best advanced options for the target AP
    	-f, --fixed                     Disable channel hopping
    	-5, --5ghz                      Use 5GHz 802.11 channels
    	-v, --verbose                   Display non-critical warnings (-vv for more)
    	-q, --quiet                     Only display critical messages
    	-h, --help                      Show help
    
    Advanced Options:
    	-p, --pin=<wps pin>             Use the specified 4 or 8 digit WPS pin
    	-d, --delay=<seconds>           Set the delay between pin attempts [1]
    	-l, --lock-delay=<seconds>      Set the time to wait if the AP locks WPS pin attempts [60]
    	-g, --max-attempts=<num>        Quit after num pin attempts
    	-x, --fail-wait=<seconds>       Set the time to sleep after 10 unexpected failures [0]
    	-r, --recurring-delay=<x:y>     Sleep for y seconds every x pin attempts
    	-t, --timeout=<seconds>         Set the receive timeout period [5]
    	-T, --m57-timeout=<seconds>     Set the M5/M7 timeout period [0.20]
    	-A, --no-associate              Do not associate with the AP (association must be done by another application)
    	-N, --no-nacks                  Do not send NACK messages when out of order packets are received
    	-S, --dh-small                  Use small DH keys to improve crack speed
    	-L, --ignore-locks              Ignore locked state reported by the target AP
    	-E, --eap-terminate             Terminate each WPS session with an EAP FAIL packet
    	-n, --nack                      Target AP always sends a NACK [Auto]
    	-w, --win7                      Mimic a Windows 7 registrar [False]
    
    Example:
    	reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv
    
    
    
    
    
    
    
    
    
    Reaver v1.4 (fork r3) WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    Required Arguments:
    	-i, --interface=<wlan>          Name of the monitor-mode interface to use
    	-b, --bssid=<mac>               BSSID of the target AP
    
    Optional Arguments:
    	-m, --mac=<mac>                 MAC of the host system
    	-e, --essid=<ssid>              ESSID of the target AP
    	-c, --channel=<channel>         Set the 802.11 channel for the interface (implies -f)
    	-o, --out-file=<file>           Send output to a log file [stdout]
    	-s, --session=<file>            Restore a previous session file
    	-C, --exec=<command>            Execute the supplied command upon successful pin recovery
    	-D, --daemonize                 Daemonize reaver
    	-a, --auto                      Auto detect the best advanced options for the target AP
    	-f, --fixed                     Disable channel hopping
    	-5, --5ghz                      Use 5GHz 802.11 channels
    	-v, --verbose                   Display non-critical warnings (-vv for more)
    	-q, --quiet                     Only display critical messages
    	-h, --help                      Show help
    
    Advanced Options:
    	-p, --pin=<wps pin>             Use the specified 4 or 8 digit WPS pin
    	-d, --delay=<seconds>           Set the delay between pin attempts [1]
    	-l, --lock-delay=<seconds>      Set the time to wait if the AP locks WPS pin attempts [60]
    	-g, --max-attempts=<num>        Quit after num pin attempts
    	-x, --fail-wait=<seconds>       Set the time to sleep after 10 unexpected failures [0]
    	-r, --recurring-delay=<x:y>     Sleep for y seconds every x pin attempts
    	-t, --timeout=<seconds>         Set the receive timeout period [5]
    	-T, --m57-timeout=<seconds>     Set the M5/M7 timeout period [0.20]
    	-A, --no-associate              Do not associate with the AP (association must be done by another application)
    	-N, --no-nacks                  Do not send NACK messages when out of order packets are received
    	-S, --dh-small                  Use small DH keys to improve crack speed
    	-L, --ignore-locks              Ignore locked state reported by the target AP
    	-E, --eap-terminate             Terminate each WPS session with an EAP FAIL packet
    	-n, --nack                      Target AP always sends a NACK [Auto]
    	-w, --win7                      Mimic a Windows 7 registrar [False]
    	-X, --exhaustive                Set exhaustive mode from the beginning of the session [False]
    	-1, --p1-index                  Set initial array index for the first half of the pin [False]
    	-2, --p2-index                  Set initial array index for the second half of the pin [False]
    
    Example:
    	reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  30. #180
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    disregard my questions in post #178. Just massive confusion on my part with anything linux.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  31. #181
    Join Date
    2013-Oct
    Posts
    321
    Have you got Reaver v1.4 (fork r3) installed on your system, or did you copy and paste the info from another source?.
    Last edited by slim76; 2014-10-18 at 14:31.

  32. #182
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    i had to install it to make sure the info(arguments) were accurate...

    decompress the archive in root.

    Code:
    cd /root/reaver-1.3/src -or- cd /root/reaver-wps-fork-read-only/src
    ./configure
    make distclean && ./configure
    make
    make install
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  33. #183
    Join Date
    2013-Oct
    Posts
    321
    I get the following output from the 1.4-r3 fork (From your link), is this correct?.

    Reaver v1.5 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

    Required Arguments:
    -i, --interface=<wlan> Name of the monitor-mode interface to use
    -b, --bssid=<mac> BSSID of the target AP

    Optional Arguments:
    -m, --mac=<mac> MAC of the host system
    -e, --essid=<ssid> ESSID of the target AP
    -c, --channel=<channel> Set the 802.11 channel for the interface (implies -f)
    -o, --out-file=<file> Send output to a log file [stdout]
    -s, --session=<file> Restore a previous session file
    -C, --exec=<command> Execute the supplied command upon successful pin recovery
    -D, --daemonize Daemonize reaver
    -a, --auto Auto detect the best advanced options for the target AP
    -f, --fixed Disable channel hopping
    -5, --5ghz Use 5GHz 802.11 channels
    -v, --verbose Display non-critical warnings (-vv for more)
    -q, --quiet Only display critical messages
    -h, --help Show help

    Advanced Options:
    -p, --pin=<wps pin> Use the specified 4 or 8 digit WPS pin
    -d, --delay=<seconds> Set the delay between pin attempts [1]
    -l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
    -g, --max-attempts=<num> Quit after num pin attempts
    -x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0]
    -r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts
    -t, --timeout=<seconds> Set the receive timeout period [5]
    -T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.20]
    -A, --no-associate Do not associate with the AP (association must be done by another application)
    -N, --no-nacks Do not send NACK messages when out of order packets are received
    -S, --dh-small Use small DH keys to improve crack speed
    -L, --ignore-locks Ignore locked state reported by the target AP
    -E, --eap-terminate Terminate each WPS session with an EAP FAIL packet
    -n, --nack Target AP always sends a NACK [Auto]
    -w, --win7 Mimic a Windows 7 registrar [False]
    -X, --exhaustive Set exhaustive mode from the beginning of the session [False]
    -1, --p1-index Set initial array index for the first half of the pin [False]
    -2, --p2-index Set initial array index for the second half of the pin [False]

  34. #184
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    wow, mine never said
    Reaver v1.5
    where or how did you get this? Was that your edit? Mine(reaver 1.4 fork r3) says Reaver 1.4

    Othere than that, yes, the arguments are the same as mine(-1, -2, -X).
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  35. #185
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    Great!

    x64

    The dependencies are the same.
    Code:
    apt-get install libsqlite3-dev && apt-get install libpcap0.8-dev
    Reaver 1. 0/1/2/3/4 http://code.google.com/p/reaver-wps/downloads/list

    Reaver 1.4 fork r3 https://code.google.com/p/reaver-wps-fork/
    Original thread https://code.google.com/p/reaver-wps.../detail?id=195


    That would rock. Alot of ppl are reporting that 1.3 works better than 1.4. You would make alot of friends.

    1.4 fork r3 has some good features.
    I got it from your post, and I did a copy and paste without any editting.

  36. #186
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    So another version was uploaded, without the maker saying anything. That is not Reaver 1.5, as it does not exist. It is a fork of 1.4

    They are driving me nuts with their file naming.

    let me re-download it then...

    Edit: Wait i see it now.

    r8
    Included exhaustive, p1_index and p2_index options Also, if the WPS pin is not found while running in normal mode, instead of exiting, it jumps into exhaustive mode and starts de loop again.
    Jan 4, 2014
    c.sala.stq
    r7
    Improved verbose messages and status print (now it includes elapsed and estimated time) Also, in this version I fixed a potential bug, which was probably the cause of the Issue number 1 (Segmentation fault exception)
    Jan 4, 2014
    c.sala.stq
    r6
    Fixed the issue 195 of the original reaver-wps project: Stuck at 99% The problem was that the pin_count never reached the get_max_pin_attempts value, so the loop was never broken I replaced the pin_count variable with a function which calculates the current pin_count on the fly
    Jan 4, 2014
    c.sala.stq
    r5
    Autoindented ALL code files. (No further changes included) Indention was done using vim defaults, with the following options: set shiftwidth=4 set softtabstop=4 set expandtab
    Jan 4, 2014
    c.sala.stq
    r4
    Revert the last revision to apply the changes in a cleaner way
    Jan 4, 2014
    c.sala.stq
    r3
    1. Fixed the 99.9% never ending loop: If the end is reached without success, the application exits as expected. (before it continued until it was interrupted or killed). Issue: http://code.google.com/p/reaver-wps/.../detail?id=195 2. Added an exhaustive option (--exhaustive, -X) which uses "set_p1(p1_index) + set_p1(p2_index)" instead of "set_p1(p1_index) + set_p2(p2_index)" to force covering all possible combinations. This ensures that the PIN is found even if it does not follow the "checksu
    Jul 6, 2013
    c.sala.stq
    r2
    Fork from http://reaver-wps.googlecode.com/svn/trunk/ revision 113
    Jul 6, 2013
    c.sala.stq
    r1
    Initial directory structure.
    Jul 6, 2013
    ---
    so it's not r3, but r8 !! Had no idea and nothing was ever said about that.

    Now I'm having a stupid moment... How did I downloaded r3? I have it in my files as a .rar(which I compressed myself), but how do I DL r8 now to save it and keep that package as a .rar !??
    Last edited by Quest; 2014-10-18 at 17:35.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  37. #187
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    ok nevermind i got it now *geez me and linux*

    Reaver v1.5 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tact...
    Wow so we have reaver 1.5 now. LOL can't stop progress.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  38. #188
    Join Date
    2014-Oct
    Posts
    11
    Quote Originally Posted by Quest View Post
    and does deleting the .bin and start a new session with that AP solve that problem?
    Mmmmmmm.... about which .bin file are you talking about?
    If you're talking about the .run file no, deleting it doesn't solve the problem.

  39. #189
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    yes, .run i meant.

    So it's a Bully problem and unless someone is willing to fork it and solve that prb, not sure how FS can help.

    If you have ideas please share
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  40. #190
    Join Date
    2014-Oct
    Posts
    11
    I'm doing some searches about this issue (reported by other people as well), I'll let you know as soon as I'll have any answers.
    In the meanwhile as I can't check it I'm curious to know if you'll find some improvements with reaver 1.5.

  41. #191
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    ok great!!

    I've not tested reaver 1.5, but I'm very familiar with Carles's work(reaver fork r1-8) and reading the versions history(post 186 above) he basically solved reaver's problems, plus the 'floating point exception' problem that was induced in fork r3.

    So in other words, we might not need to use Bully or reaver 1.3. That being said, more tools in the toolbox = more user options.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  42. #192
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    ok great!!

    I've not tested reaver 1.5, but I'm very familiar with Carles's work(reaver fork r1-8) and reading the versions history(post 186 above) he basically solved reaver's problems, plus the 'floating point exception' problem that was induced in fork r3.

    So in other words, we might not need to use Bully or reaver 1.3. That being said, more tools in the toolbox = more user options.
    **** man, I'm getting more lost the more I read. LOL
    So what versions of reaver do you what in FrankenScript?, and can you send me the versions you have please.

  43. #193
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    yes sorry, but that 1.5 version was unexpected.

    We may not need reaver 1.3 or bully, but nothing as changed because the more tools we have (reaver 1.3, 1.4, 1.5, Bully) the more user choices. Plus we might see unexpected bugs rise with 1.5 on certain AP, where reaver 1.3 will save the day again.

    In other words, put them all in. I want a world conquering arsenal [insert evil laugh here]

    not sure what you want me to send you. If you can just include 1.3, 1.5, that would be good. Reaver 1.4 being already in Kali.



    Last edited by Quest; 2014-10-18 at 23:34.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  44. #194
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Reaver 1.3
    http://code.google.com/p/reaver-wps/downloads/list

    Reaver 1.5 (r8)
    https://code.google.com/p/reaver-wps-fork/
    Code:
    svn checkout http://reaver-wps-fork.googlecode.com/svn/trunk/ reaver-wps-fork-read-only
    then
    reaver-wps-fork-read-only folder appeared in root. That's reaver 1.5


    That's it really. Then we can look at the syntaxes later.
    Last edited by Quest; 2014-10-19 at 00:01.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  45. #195
    Join Date
    2014-Apr
    Location
    Down Under
    Posts
    315
    Hey guys!

    Looks like a lot has been happening, I'll get a chance to work on some of that stuff you mentioned before starting tomorrow..

    With all the work going on, I'll ask again if this could make it to Github, will certainly make it a lot easier so that Slim could just pull any changes he likes into the main project
    chown -R us ./base

  46. #196
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Hi static!!

    yes, i second that motion. That would also put an end to mirrorcreator.com

    Do what you can. We all appreciate
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  47. #197
    Join Date
    2014-Oct
    Posts
    11
    Did some tests with Reaver 1.5 and no luck until now, same problem with repeated pins.
    Tried even to update the kernel to 3.16, no changes.
    After further investigation seems that I should see even M3 and M4 messages when I use Reaver and Bully, not only M1 and M2: if not, that should/could mean that the AP have the WPS on but pin is disabled or not defined, if so that AP is not vulnerable to WPS attack and it would explain why I always see the same pin repeated.
    I'll reconfigure my test AP in order to verify.

  48. #198
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    http://www.kalilinux.net/community/t...-12345670.163/

    the guy basically says to kill the PIDs(processes) "dhclient" "NetworkManager" "wpa_supplicant"

    FS3 does that for you I believe if you choose to "kill processes" when asked in the routine. Right Slim?

    If not then
    Code:
    airmon-ng start wlan0
    Found 3 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    -e
    PID Name
    2069 dhclient
    2413 NetworkManager
    3195 wpa_supplicant
    Code:
    kill 2069 && kill .....
    Yes you should definitely get M1, M2, M3, M4 messages from the start.
    Last edited by Quest; 2014-10-21 at 22:41.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  49. #199
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    http://www.kalilinux.net/community/t...-12345670.163/

    the guy basically says to kill the PIDs(processes) "dhclient" "NetworkManager" "wpa_supplicant"

    FS3 does that for you I believe if you choose to "kill processes" when asked in the routine. Right Slim?

    If not then
    Code:
    airmon-ng start wlan0
    Code:
    kill 2069 && kill .....
    Yes you should definitely get M1, M2, M3, M4 messages from the start.
    Sorry for the late reply, been sooo busy.
    Yeah FS3 can check and kill processes that might cause issue's while performing some attacks.

  50. #200
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    I was asking because i never use that option, but i see it in the routine all the time...

    Whatyouworkinon friend?

    I'm testing Reaverrrr 1.5 and so far I have no complains.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

Similar Threads

  1. Howto live usb on a uefi32 and X64 HW :confused:
    By snoopy1949 in forum General Archive
    Replies: 3
    Last Post: 2016-12-27, 06:49
  2. Replies: 492
    Last Post: 2016-10-27, 05:30
  3. Kali 2.0 USB persistent: old howto no more valid
    By ovosodo in forum Installing Archive
    Replies: 5
    Last Post: 2015-08-15, 09:45
  4. Howto HDD installation on a USB key
    By Quest in forum How-To Archive
    Replies: 5
    Last Post: 2015-02-12, 16:18

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •