Hey Folks,
I don't usually ask for help with these kinds of things, however I have exhausted the past 48 hours trying to figure this out on my own to absolutely no avail. I will attempt to be as detailed as possible for your convenience, and I appreciate all the help in advance!
I am attempting, for educational and security purposes, to crack my own router via the WPS vulnerability using Reaver. I have the latest version of Kali Linux (full 64-bit download) running as the primary operating system on my laptop, it is NOT on a VM of any sort. Internet connectivity was used during the installation aswell as afterwards to make sure the whole system was up-to-date. The router is WPS enabled (confirmed in wash) and is running on the default vendor settings. The router is also positioned directly beside the laptop itself (for signal strength).
I am using the onboard wireless card on my laptop and do not wish to purchase a dedicated external card to only use for testing purposes.
My wireless card is:
Qualcomm Atheros AR9285
The card is confirmed being able to be put into monitor mode with:
Code:
airmon-ng start wlan0
This will result in a device named "wlan0mon" in monitoring mode.
The card is also confirmed to be injection-ready by using this command:
Code:
aireplay-ng -9 wlan0mon
Injection is working!
Found 15 APs
Now that we have established what my system is, and that it is capable, lets get onto my issue.
No matter what I try, Reaver simply will not work. 1 of 3 things always happens.
1) Continuous "Response timeout occurred" on identification response
2) Continuous looping of the first pin (pin failed; retrying last pin)
3) Can not associate with the AP
Testing with my own home network, my primary issue was #3. However, after trying for hours to do it, a friend invited me over to try it on his AP. With his AP (confirmed once again to be WPS enabled and vulnerable in wash) the issues seemed to alternate between #1 and #2.
Once again, both APs are using their stock vendor settings.
This is my EXACT process to start an attack.
Code:
airmon-ng start wlan0
airodump-ng wlan0mon0
reaver -i wlan0mon -b XX:XX:XX:XX:XX:XX -vv
Where XX:XX:XX:XX:XX:XX = the MAC of the network found from airodump-ng wlan0mon0
Following this process I always end up with one of the above 3 problems. I have tried several other attempts at using different variables from within reaver, such as specifying the channel with -c, however nothing has held up.
I am an incredibly persistent person and will not stop until I am able to do this. I don't understand at all why it wouldn't be working.
Thank you again in advance for any and all help you are able to provide! Cheers!