WiFite/Reaver issues

[mire3212]

I'm trying to sort out some issues I'm having with Kali 2.0 and WiFite - specifically the WPS cracking portion.

I'm running a MacBook Pro Retina 15" (Mid 2014) with a Kali 2 instance in VirtualBox 5 and two different WiFi cards:
• TPLink TL-WN722N
• Alfa AWUS036H

I've had luck with these cards in the past, but something isn't working now.

I was able to run aireplay's test adapter option and they both passed just fine -- I even setup one to monitor the other to detect which types of attacks they can do and they passed more than I was expecting. So This leads me to believe that the issue is likely with WiFite (less likely) or Reaver (more likely). From what I can tell, Reaver hasn't been updated in a few years now, so I'm not sure if it's even a viable option these days (though again it did work not that long ago).

Any ideas?

[maulesh]

Sir,
Is it necessary to be ONLINE or our Internet connection ON - while attacking USING REAVER??
With hope of good response.
Thanking you.

[Help]

You do not need an internet connection to use reaver, if that is what you are asking.
And @ mire reaver has been updated, and modded you should try running these commands first :
airmon-ng check kill
airmon-ng start interface

and then try dumping first if it works, reaver should work

[mire3212]

and then try dumping first if it works

Can you expand on what you mean by this statement? I have tried using airmon-ng to enable monitor mode first, but it still seems to go nowhere with WPS cracking.

Is there some log or something I can check to see what's going on behind the scenes?

[maulesh]

dear all,
i put all this command before putting reaver command -

iw wlan1 interface add mon0 type monitor
airmon-ng start mon0
ifconfig mon0mon down
macchanger -m 00:01:02:03:04:05 mon0mon
iwconfig mon0mon mode monitor
ifconfig mon0mon up
reaver -i mon0mon -b 14:F6:5A:60:8F:15 -c 6 -d 0 --lock-delay=250 --fixed --timeout=1 --fail-wait=360 --dh-small --eap-terminate --nack --verbose

Screenshot from 2015-09-05 01:08:28.jpg

time consumed about 2 hours, but still above captured image seen.
with hope of good response.
thanking you.

[mire3212]

I don't do quite as much as that, but I get stuck in the same place. Definitely seems like a Reaver problem.

I do the following:

Code:

airmon-ng check kill
airmon-ng start wlan1

reaver -i wlan1mon -b in:se:rt:bs:si:d0 -vv

[maulesh]

dear all,
still problem as it is.
request to give some guide lines to execute reaver command and have some success.
thanking you all.

[mire3212]

I manually started the wlan interface (TL-WN722N) into monitor mode:

Code:

airmon-ng check kill
iwconfig wlan1 mode monitor

I then ran reaver. Here's the latest attempt's output (MAC altered):

Code:

root@kali:~# reaver -i wlan2 -b 00:00:00:00:B9:E0 -vv -K 1

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212

[+] Waiting for beacon from 0:00:00:00:B9:E0
[+] Switching wlan2 to channel 1
[+] Associated with 00:00:00:00:B9:E0 (ESSID: Wnbaorbust)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000

It's been going for about 10 minutes with 0 progress.

[dataphreak]

Mire,

Looks like reaver is not receiving responses from the target AP. There are a number of things that can cause this. First, and most common, is that it is a signal strength issue. WPS was designed to connect devices that are very close. I.e. press a button here, then press a button there. The 8 digit pin was just a fall back method of establishing the connection. Second, the router may not support WPS or have it turned off. If that's the case, you will again see this. Third, the mac address looks modified. Not sure if you modified it before posting, or someone else did, but it's probably got some modifications to its configuration. A lot of routers now disable WPS after a few failed attempts. Not to say that this is the case, just thought I'd mention it. This router may be configured to show WPS compatability, but only respond if the button has been pressed. It's been 3 years since reaver was released, so most routers have been patched to defeat it. I would not be surprised if there were not a way to determine if a WPS request came from reaver, for example, does it start with the same WPS pin first time every time?

TL;DR Try doing it standing next to the router. Also try it after pressing the button. If you get the same results, the router's probably not vulnerable.

[soxrok2212]

It very well may be a problem with your syntax. For the Pixie Dust attack to work within Reaver, you need to use level 3 verbosity mode, -vvv. In your post you only used -vv. With only 2, the necessary information is not passed to pixiewps, so try this:

Code:

reaver -i wlan2 -b 00:00:00:00:B9:E0 -vvv -K 1

^Regards to this, make sure your card is in monitor mode, wlan2mon, and it helps t specify the channel the target is on with -c X where X is the channel. Keep in mind that the Pixie Dust is not a solution for all routers, but a good amount are