Reaver - Issues after issues

[h4ck0ry]

Hey Folks,

I don't usually ask for help with these kinds of things, however I have exhausted the past 48 hours trying to figure this out on my own to absolutely no avail. I will attempt to be as detailed as possible for your convenience, and I appreciate all the help in advance!

I am attempting, for educational and security purposes, to crack my own router via the WPS vulnerability using Reaver. I have the latest version of Kali Linux (full 64-bit download) running as the primary operating system on my laptop, it is NOT on a VM of any sort. Internet connectivity was used during the installation aswell as afterwards to make sure the whole system was up-to-date. The router is WPS enabled (confirmed in wash) and is running on the default vendor settings. The router is also positioned directly beside the laptop itself (for signal strength).

I am using the onboard wireless card on my laptop and do not wish to purchase a dedicated external card to only use for testing purposes.

My wireless card is:
Qualcomm Atheros AR9285

The card is confirmed being able to be put into monitor mode with:

Code:

airmon-ng start wlan0

This will result in a device named "wlan0mon" in monitoring mode.

The card is also confirmed to be injection-ready by using this command:

Code:

aireplay-ng -9 wlan0mon

Injection is working!
Found 15 APs

Now that we have established what my system is, and that it is capable, lets get onto my issue.

No matter what I try, Reaver simply will not work. 1 of 3 things always happens.

1) Continuous "Response timeout occurred" on identification response
2) Continuous looping of the first pin (pin failed; retrying last pin)
3) Can not associate with the AP

Testing with my own home network, my primary issue was #3. However, after trying for hours to do it, a friend invited me over to try it on his AP. With his AP (confirmed once again to be WPS enabled and vulnerable in wash) the issues seemed to alternate between #1 and #2.

Once again, both APs are using their stock vendor settings.

This is my EXACT process to start an attack.

Code:

airmon-ng start wlan0
airodump-ng wlan0mon0
reaver -i wlan0mon -b XX:XX:XX:XX:XX:XX -vv

Where XX:XX:XX:XX:XX:XX = the MAC of the network found from airodump-ng wlan0mon0

Following this process I always end up with one of the above 3 problems. I have tried several other attempts at using different variables from within reaver, such as specifying the channel with -c, however nothing has held up.

I am an incredibly persistent person and will not stop until I am able to do this. I don't understand at all why it wouldn't be working.

Thank you again in advance for any and all help you are able to provide! Cheers!

[drewsky]

Using

airodump-ng --channel=<?> -w <capfile save name> wlan0mon NOT wlan0mon0

Leave running for 2-5 mins pending on signals and clients.

Use aircrack-ng <capfile save name> to see if any handshakes are in this .cap file we created

You used the wash -i wlan0mon to find wps set @ " No " ?

Brand of both routers you were using to test also?

Having the router too close can be problematic also when running reaver against it.

Also,that card is the same one i have broken twice in two separate laptops same chipset AR9285

Excellent for grabbing handshakes and injecting before they died, just be warned they have a threshold that can be broken.

Good luck bro.

[cow2nc]

Thank you again in advance for any and all help you are able to provide! Cheers!

it wont help much but i encounter the same issue on an alpha card

[squash]

Try to let the aireplay-ng do the association instead of reaver.

Put -A in reaver commandline and open another terminal and run aireplay-ng against the target.

And what the others told you, you can be to close to a router to, its like reading a paper, you cant read it if you are to far away, but not either if you have the paper pushed against your faceXD

[frafri]

which version of Kali do you have ?