Page 1 of 5 12345 LastLast
Results 1 to 50 of 212

Thread: VMR-MDK-K2-011x8.sh for Kali2.0

  1. #1
    Join Date
    2013-Jul
    Posts
    844

    VMR-MDK-K2-011x8.sh for Kali2.0

    MTeams did a series of tests with Datahost. If you use linux to download the files as posted, the normal zip file is received. If however you download thru XP OR possibly other windows based systems datahost loads a small .exe files in zip format instead.

    We have seen this thru other filehosting sites.

    Until MTeams can move their files to alternative locations suggest downloading thru linux only.

    Included in the VMR-MDK package

    1. mdk3-v6 folder
    2. configfiledetailed for reference only
    3. Help Files
    4. PDDSA-K2-06.sh
    5. VMR-MDK-K2-2016R-011x9.sh

    For Kali 1.10a

    Loaded 10 March 2016
    Download VMR-MDK011x8 package at:

    https://github.com/musket33/musketteams

    For kali 2.0 and 2016.1R

    You can download VMR-MDK-K2-2016R-011x9.zip package at

    Loaded 10 March 2016

    https://github.com/musket33/VMR-MDK-Kali2-Kali2016


    Added 6 July 2017

    Musket Teams have released VMR-MDK-K2-2017R-012x2 for Kali 2,2016,2017 and all versions of reaver

    The aireplay-ng fake auth has been made regenerative.
    Several bugs have been corrected, some thanks to dmatrix.
    Comments requested by kcdtv have been added.
    Script tested in both persistent usb installs and harddrive installs for reaver 1.52 and 1.53 and kali 2016 and 2017 using i386.
    Expect the mac changing routines to be slowed. This is to support wifi receivers at the end of five(5) meter extension cables which is the max length allowed.

    We do not support VM Ware and amd or persistent usb installs using luks encryption as we cannot test.

    You can download at:

    https://github.com/musket33/VMR-MDK-...017R-012x2.zip

    or

    http://www.datafilehost.com/d/76c80a9d

    Added 12 Jan 2018

    VMR-MDK-K2-2017R-012x4.zip package has been posted for community use.

    Supports kali-linux 2.0 thru 2017.3

    Supports text output from reaver v1.52 and v1.63 for pixiewps

    A new PDDSA for reaver v1.63 is found within the package along with the older version

    You can download at:

    https://github.com/musket33/VMR-MDK-Kali2-Kali2016

    Select VMR-MDK-K2-2017R-012x4.zip from versions available

    or

    https://www.datafilehost.com/d/6a49f214
    Last edited by mmusket33; 2018-01-12 at 10:58.

  2. #2
    More info for it?

  3. #3
    Join Date
    2013-Jul
    Posts
    844
    To Pamamolf

    This program attempts to circumvent WPS locking. MTeams suggests you download the package and read thru the help files enclosed within the zip. After you read thru these help files, any technical questions, bugs or further help will be provided.

    MTeams

  4. #4
    Join Date
    2015-Sep
    Posts
    14
    Using MTeams version, Kali 1.10 amd64, everything configured as Help file provided.

    This is the situation: yesterday, reaver made 0.15%.
    Today, and I'm talking about 9-10 hours of activity, the "progression" still remains at 0.15%, and this is the situation:



    Could anyone help me, or at least tell me why I've got this problem?
    Thank you in advantage, hoping for an answer.
    Last edited by markrenton; 2015-09-12 at 17:33.

  5. #5
    Join Date
    2013-Jul
    Posts
    844
    Dear Mark,

    The fact that you have gotten 15% of the pins tells us the router is vulnerable to this approach. You have probably just locked up the firmware so stop the attack and try again 24 hours later. Once you start collecting pins again increase the pause/wash scan time so that you give the router more time to recover. Reduce the DDOS/MDK3 time to the bare minimum necessary to collect pins. Set the retest first pin to 50.

    Try the attack once a day till pin collection starts again.

    Keep in mind that this attack approach takes time and is slow. Do not try and rush the attack or overwhelm the firmware thru long doses of DDOS/MDK3. Usually a short burst of DDOS 15 to 20 sec works better. You will have to find the right mix respect to time of reaver, DDOS and pause to keep pin harvesting progressing. Each router even the same make/model and firmware reacts differently. This is why a config file is used. You can change the setting and test while the program is running

    MTeams

  6. #6
    Join Date
    2015-Sep
    Posts
    14
    Thank you for your answer! I will try. Thank you for your time. I will keep you in the loop!

  7. #7
    Join Date
    2015-Sep
    Posts
    2
    Thanks for all your hard work musket team. A couple days ago I just got into pentesting out of curiosity. I want to know if it is possible to customize the reaver command line in the script, because I can "sometimes" crack 1 or 2 of my routers with tweaked settings (without your script). I found out my router doesn't like the -S argument in reaver. At least that's what my little testing showed. Furthermore, I can't seem to crack my old router without providing the pin manually. Can you tell me where I should direct my questions on successfully cracking my old Asus router?

  8. #8
    Join Date
    2013-Jul
    Posts
    844
    To element72

    The VMR-MDK series are scripts designed to harvest pins from WPS locked routers. It is just a tool and does not replace the reaver command line. The config file allows you to remove the -S and adjust other variables. If you do not need to DDOS the router to collect pins or you do not see the need to change the mac constantly or have reaver stop and restart then just use the command line.

    If you have a little understanding of Eterm and bash coding you can easily change the reaver output of a specific command line in VMR-MDK or if you send us what you want we will change a specific command line for you and post it.

    However just play around with the variables in the reaver command line in a terminal window until you get the router to respond to reaver.

    MTeams

  9. #9
    Join Date
    2015-Sep
    Posts
    7
    please make video...so beginners like me can understand faster... thanks for your efforts..

  10. #10
    Join Date
    2015-Aug
    Posts
    2
    Yes, a video would be great! Seems really interesting!

  11. #11
    Join Date
    2014-Nov
    Posts
    10
    Be sure to follow the rules for videos if you want to make sure it's accepted

  12. #12
    Join Date
    2015-Nov
    Posts
    3
    muju821 & ganch0

    What would you like the video to be of? I have found, that there really is not a full proof cover all, you have to trail and error each router. The script they released works well but you will have to change settings of the script sometimes. Which the script itself and the help files that come with it do a great job of explaining. What would you like to see in the video?

  13. #13
    Join Date
    2013-Jul
    Posts
    844
    To Noobkin187

    For clarity - MTeams do not do vidos. However we have no objections to other making them. We release these programs for the community to do with as they wish.

    Musket Teams

  14. #14
    Join Date
    2015-Oct
    Posts
    16
    just installed this on kali 2 and it seems a great script, looking forward to future releases from Musket Team :-)

  15. #15
    Join Date
    2014-Nov
    Posts
    14
    The script itself is great, two questions though. If dh-small is selected is it persistent through to pixiewps? i.e. it needs enabling in both.

    Is it possible to include the -C switch in the wash command as a norm? I have found where in the script it needs added (not bad for a non-programmer idiot) but as it would not affect those that don't get the error it would help those that do.

  16. #16
    Join Date
    2013-Jul
    Posts
    844
    The -dhsmall matter versus pixiedust versus brute forcing WPS locked routers is addressed in the help file. Note if you retest 12345670 every X cycles reaver checks this pin with no --dhsmall thus sending complete Pixiedust data sequences for pixie1.1 to test. It also writes the session to a different file and folder so the brute force sequences are not upset. Again read the help files this matter is addressed there in detail.

    We have never had any problems that rqr -C except when the wifi device didnot support packet injection.

  17. #17
    Join Date
    2014-Oct
    Posts
    14
    Adding -C to wash should be coded by default to help the program run smoothly incase of any potential fcs errors. I sometimes get them and I edited the script to include it and then everything worked fine.

    P.S my device supports packet injection.
    Last edited by Scolder; 2015-12-19 at 01:10.

  18. #18
    Join Date
    2013-Jul
    Posts
    844
    To Scolder

    Thanx

    Your comment on packet injection is all we require. MTeams will add this option in the next release

    There is a bug in the awk module which prints the WPA key if found on the screen when the program terminates

    If the WPA key includes a space or spaces the screen will show only the first part of the WPA key sequence before the first space.

    The path to the log file from which this key was read is also shown so cross reference this file anytime a key is found.

    MTeams

  19. #19
    Join Date
    2014-Oct
    Posts
    14

    Quote Originally Posted by mmusket33 View Post
    To Scolder

    Thanx

    Your comment on packet injection is all we require. MTeams will add this option in the next release

    There is a bug in the awk module which prints the WPA key if found on the screen when the program terminates

    If the WPA key includes a space or spaces the screen will show only the first part of the WPA key sequence before the first space.

    The path to the log file from which this key was read is also shown so cross reference this file anytime a key is found.

    MTeams

    Sweet!

    I will definitely be on the lookout for this bug.

    Thanks for sharing this awesome script.

  20. #20
    Join Date
    2015-Sep
    Posts
    7
    i want to adjust rever livetime i changed in config file also but still it run for 90 second.. how to reduce it.. please help...

    what ever i change but it runs for 90 seconds.. and wps gets locked in 90 second. thats why i want to reduce rever livetime to 10 or 15 seconds.

  21. #21
    Join Date
    2013-Jul
    Posts
    844
    MTeams tested both the kali1.10 and kali 2.0 versions of VMR-MDK. We set the reaver live time to 30 seconds in both cases.

    We think the problem is Config File item 21 Retest pin 12345670. Turn the retest feature OFF by selecting n/N. The program will then skip this feature which has a default value of 90 seconds and go straight to the time set in the config file..

    Set Item 5 to the reaver live time required

    Set Item 21 Retest pin 12345670 to n/N

    You ??may?? find just setting the -r x:y in a reaver command line from the terminal window to -r 3:90 as an example OR using MTeams varmacscan2-8.sh a better approach in your case. You need to slow down pin collection.

    Musket Teams
    Last edited by mmusket33; 2015-12-24 at 13:06.

  22. #22
    Join Date
    2015-Sep
    Posts
    7
    thank you so much for quick reply.. i will try this tonight as suggested.. thks again.

  23. #23
    Join Date
    2015-Sep
    Posts
    7
    it works,thanks after adjusting item 21 i am able to reduce reaver live time. i reduced it to 5sec but still locked the router.. what to do..??

  24. #24
    Join Date
    2013-Jul
    Posts
    844
    The info you provided was not very specific so bear with us.

    1. How long does the router stay locked?

    If you are not sure run reaver with the -l --lock-delay=100 And let it run. Some routers unlock after 6,000 seconds just count the number of times reaver attempted to collect pins before a success and multiply by 100. Then set your -l below that number and slowly collect pins

    VMR-MDK is designed to attack locked WPS systems. Read the help files and see if the router has the flaw outlined in these files.

    MTeams

  25. #25
    Join Date
    2015-Sep
    Posts
    7
    thanks for reply...
    Dear one more suggestion required.. what's the best MDK3 attack combination i need to select from 1 to 14...

  26. #26
    Join Date
    2013-Jul
    Posts
    844
    To muju821

    You should read carefully thru the help files enclosed with the VMR-MDK package. MTeams use choice 1,3,4 and 14 alot. You simply need to test the router. This approach does not work on all routers. Again read the help files and pay attention to what the program is attempting to accomplish and what results are being obtained.


    MTeams

  27. #27
    Join Date
    2013-Jul
    Posts
    844
    VMR-MDK was rewritten to accept both Kali 2.0 and Kali 2016.1Rolling.

    You can download VMR-MDK-K2-2016R-011x9.zip package at

    http://www.datafilehost.com/d/fd192b6d

    Musket Teams
    Last edited by mmusket33; 2016-01-25 at 12:55.

  28. #28
    I have to say Dat dis is a very smart script a very big thank you to musketTeams and every oda person Dat contributed one way or the other to the project. It works like a charm.

  29. #29
    Join Date
    2015-Oct
    Posts
    16
    Would this run on kali nethunter on my galaxy s5 out of interest?

  30. #30

    changes

    Had to add the -C to wash. If not,had to insert manually the info. Great job btw

  31. #31
    Join Date
    2015-Oct
    Posts
    1
    Hello, mmusket33 and thanks for your tool, sometimes work fine and sometimes failed.

    I try to reset a TP-link and this time mdk failed, maybe I did smth wrong.. this is the reason why I write you.
    router mac adress start with 30:B5:C3

    any suggestion, how to reset?!

  32. #32
    Join Date
    2013-Jul
    Posts
    844
    To Troll

    As we indicate in the help files, this approach works with a small subset of routers. The tests for effectiveness are outlined there. You probably have done nothing wrong.

    The VMR-MDK approach is not meant to actually reset the router. In fact short bursts of mdk3 combinations 15 to 30 sec in length seems to work better then subjecting the router to long exposure to mdk3.

    There are other paths you can take. Try our varmacscan2-8. It it a robotic script. Just start it before you leave your computer and let it run. Everything is automatic. If you are using 2016 you will have to wait a few days. We have a working lab variant being currently tested. If there are no major bugs it will be out in a week.

    You can try ReVdk3 We have no experience with this script and are unsure if it works with kali 2.0 or 2016.

    Musket Teams

  33. #33
    please is there a way to resume your session, i ran the script for the first time and chose 10 loops then decided to continue with 10000 loops, after the 10 was finished, but it started from beginning again, please how can i make it continue every time i re-run it.

  34. #34
    Join Date
    2013-Jul
    Posts
    844
    To Chunkingz

    MTeams is unsure what you mean by starting from the beginning again.

    VMR-MDK is an administrative program. It runs several divergent processes primarily wash - reaver -mdk3 in a sequence. The cycles you loaded are simply the number of times you want to cycle thru the four stages

    If you are talking about pin counts reaver in the default setup checks for pin 12345670 every 10 cycles. so between cycle 1 and 10 reaver will run a brute force attack. Any keys checked ie your pin count is stored by reaver as the two reaver attack types are run as different sessions.

    If this doe not help then outline in greater detail exactly is starting from the beginning.

    MTeams

  35. #35
    Am sorry I didn't make the question quite clear, we'll anyways never mind. I have completed the hack. Woke up dis morning and found vmr had gotten my neighbors wps pin and d wpa pass. Tnx once again. I really appreciate.

  36. #36
    What's left now is post exploitation, I dunno where to go from here, well one tin I noticed I logged Into the router with the default username and password, I tried restoring d wps pin to default but it seems like the router restarts or sumfin and den tells me I do not have permission to change the wps pin. Any ideas?? Tnx once again.

  37. #37
    hey fellas i made a screencast, hope u enjoy and understand it.
    please like, share and subscribe.

    Search YouTube for "how to use vmr-mdk to hack wps locked wireless routers on kali linux "

    or better still youtube[dot]com/y3ByYdVJFqg
    Last edited by Chunkingz; 2018-02-26 at 13:49. Reason: YouTube links not allowed

  38. #38
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by Chunkingz View Post
    hey fellas i made a screencast, hope u enjoy and understand it.
    please like, share and subscribe.
    Youtube links are not allowed, if you don't remove it you will get a notification from an Admin and it will be removed, just saying.

  39. #39
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    a notification!? What about tar and feathers?

    Quote Originally Posted by Chunkingz View Post
    Am sorry I didn't make the question quite clear, we'll anyways never mind. I have completed the hack. Woke up dis morning and found vmr had gotten my neighbors wps pin and d wpa pass. Tnx once again. I really appreciate.
    - Did he just admitted hacking his neighbors?

    - Triple posting!? Even I never did that (and now jealous)!!!

    - and a Youtube video, and all that in the same thread.

    Just wow, and welcome Chunkingz
    Last edited by Quest; 2016-03-03 at 23:17.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  40. #40
    am very new here, so i barely know the rules tnx for the heads up, anyways if youtube links are not allowed how do i share the video?or what other kind of links are accepted

  41. #41
    Quote Originally Posted by Quest View Post
    a notification!? What about tar and feathers?

    - Did he just admitted hacking his neighbors?

    - Triple posting!? Even I never did that (and now jealous)!!!

    - and a Youtube video, and all that in the same thread.

    Just wow, and welcome Chunkingz
    thanks bro, however you shouldnt do the same tho, u could get caught .

  42. #42
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    actually I think I've already triple posted somewhere here.

    Quote Originally Posted by Chunkingz View Post
    am very new here, so i barely know the rules tnx for the heads up, anyways if youtube links are not allowed how do i share the video?or what other kind of links are accepted
    You could edit post #37, remove the link, and just state that you have made a video on YT with the name of the video, without a link. That will achieve the same result.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  43. #43
    Join Date
    2016-Mar
    Posts
    4
    Hi everyone im new to kali and new to this script, i tried this script yesterday i got a pin number of a network but right after that reaver kept showing "Failed to associate with ..." ; one hour later i closed it and run reaver with that pin number but reaver kept showing the same message. Today is the same thing, i wrote down the bssid because wash does not detect it. The wifi on my smarthphone detects the network 2 of 3 bars of signal. What did i do wrong? If somebody could tell me ill apreciate it

  44. #44
    Quote Originally Posted by Quest View Post
    actually I think I've already triple posted somewhere here.



    You could edit post #37, remove the link, and just state that you have made a video on YT with the name of the video, without a link. That will achieve the same result.
    Tnx I'll try that asap!

  45. #45
    Quote Originally Posted by moslondon View Post
    Hi everyone im new to kali and new to this script, i tried this script yesterday i got a pin number of a network but right after that reaver kept showing "Failed to associate with ..." ; one hour later i closed it and run reaver with that pin number but reaver kept showing the same message. Today is the same thing, i wrote down the bssid because wash does not detect it. The wifi on my smarthphone detects the network 2 of 3 bars of signal. What did i do wrong? If somebody could tell me ill apreciate it
    Well I don't really know much but, If u got a wps pin m quite sure you should also have gotten the wpa key. Asides that, are u sure wps is still enabled for that ap? A quick way to check Asides wash is using wifite, just type wifite in terminal and wait a bit to see results.
    Try again and let's know what you found.

  46. #46
    Join Date
    2016-Mar
    Posts
    2
    after i shift mdk3 in root folder and try to run this error
    bash: root/mdk3-v6/mdk3: No such file or directory
    what am i doing wrong
    just following steps from help file!

    also getiing this
    cd mdk3-v6
    root@kali:~/mdk3-v6# make
    make -C osdep
    make[1]: Entering directory '/root/mdk3-v6/osdep'
    Building for Linux
    make[2]: Entering directory '/root/mdk3-v6/osdep'
    make[2]: '.os.Linux' is up to date.
    make[2]: Leaving directory '/root/mdk3-v6/osdep'
    make[1]: Leaving directory '/root/mdk3-v6/osdep'
    root@kali:~/mdk3-v6# make install
    make -C osdep install
    make[1]: Entering directory '/root/mdk3-v6/osdep'
    Building for Linux
    make[2]: Entering directory '/root/mdk3-v6/osdep'
    make[2]: '.os.Linux' is up to date.
    make[2]: Leaving directory '/root/mdk3-v6/osdep'
    make[1]: Leaving directory '/root/mdk3-v6/osdep'
    install -D -m 0755 mdk3 //usr/local/sbin/mdk3
    root@kali:~/mdk3-v6# chmod 755 /root/mdk3-v6/*
    root@kali:~/mdk3-v6# /root/mdk3-v6/mdk3
    bash: /root/mdk3-v6/mdk3: No such file or directory

  47. #47
    Join Date
    2016-Mar
    Posts
    4
    Quote Originally Posted by Chunkingz View Post
    Well I don't really know much but, If u got a wps pin m quite sure you should also have gotten the wpa key. Asides that, are u sure wps is still enabled for that ap? A quick way to check Asides wash is using wifite, just type wifite in terminal and wait a bit to see results.
    Try again and let's know what you found.
    I tried with a different ap and after a got the pin of that ap the wps got disabled... Wifite shows no wps on both aps.. Any idea on what to do next?

  48. #48
    Join Date
    2013-Jul
    Posts
    844
    To moslondon:


    From our experience there are several possibilities here.

    1. The router was not WPA encrypted. We have routers in our areas that respond to wash but are not WPA encrypted.

    2. We have seen routers which initially show WPS is enabled then giveup one pin and the WPS dissappears. We have gotten past the encrytption thru brute force or ESSIDPROBES. We have gone into the firmware remotely and looked at the setup. The WPS is enabled but no response from wash or reaver. Even resetting the router did not restore the wps even though the firmware showed WPS is enabled.

    3. Your first attack was done thru the command line(CL) and you spoofed your mac BUT did not add the --mac= command to the reaver CL. This will cause a failure to get the WPA key with reaver.

    4. From aircrack-forums we just received a report that some routers lock up after a 12345670 pin request. We afd exploring ryreaver-reverse and loading into varmacscan for some tests.

    5. There is yet another security feature that we are at present unaware of reference the WPS system?

    You could try Bully. MTeams though has had zero success with this program although others like the program. Hence if you ask, someone may help you.

    MTeams
    Last edited by mmusket33; 2016-03-07 at 01:25.

  49. #49
    Join Date
    2016-Mar
    Posts
    4
    From the networks available i picked 3 to use with these script, one dissapered without giving a pin and the others two gave me the same pin number and dissapered right after thay. Wash does not detect them, wifite does detect them with no wps (those aps had wps at the beginning). When i got the pins I tried using the reaver command like this "reaver -i wlan0mon -vv -S -b (bssid) -c (channel) -p (pin)" but it showed the same message "failed to associate..." did i put the command right?. And thanks for the replay to be honest im new to linux and using commands...

  50. #50
    Join Date
    2016-Mar
    Posts
    4
    I tried bully "bully wlan1mon -b (bssid) -e (essid) -c (channel)" on the 3 networks and it says "the ap doesn't to be wps enabled". I guess there is no way to get those networks key (good security?).
    I tried a different network with the script and now im on
    "Pin count: 11 ...
    Wps transaction failed (code: 0x02), re-trying last pin"
    Sometimes it keeps counting the pin some times it shows the same message, should i stop it or does this mean its working?

Similar Threads

  1. How burn dvd/cd using Kali2.0?
    By forkintheroad in forum General Archive
    Replies: 0
    Last Post: 2016-01-19, 07:32
  2. Issues with VPN in Kali2.0
    By Medic in forum TroubleShooting Archive
    Replies: 3
    Last Post: 2015-08-26, 18:19

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •