Page 1 of 7 123 ... LastLast
Results 1 to 10 of 65

Thread: Varmacscan2-0 an automatic multi-target reaver attack tool released

  1. #1
    Senior Member
    Join Date
    Jul 2013
    Posts
    797

    Varmacscan2-0 an automatic multi-target reaver attack tool released

    Varmacscan supporting Kali 1.10a, 2 and Kali 2016.1 R is released for community use.

    Program supports options to not kill Network-Manager Functions on other devices when running varmacscan.

    Several text output bugs when a WPA key was found were corrected.

    Differences between the three(3) different Operating Systems were incorporated into one package.

    Version 3-3 updated from 3-1

    Routines when attacking specific routers models have been rewritten.

    You can download here thru kali or at

    https://github.com/musket33/varmacscan


    http://www.datafilehost.com/d/5ea4b8f4


    The following script was originally designed to be used against a specific model of router which locked its WPS system after 10 pin requests. These routers were also NOT susceptible to any of the DDOS attacks available thru VMR-MDK series nor were they vulnerable to pixiedust. A few were cracked when the WPS pin reset to 12345670 and the WPS system was open. But in general reaver was not the tool of choice. To crack these routers the only methods remaining were either brute forcing a WPA handshake or social engineering approaches like WPA Phishing.

    MTeams areas of operation are surrounded by this model of router. In short our areas are rich in these targets. After studying the WPA locking and unlocking a different approach was conceived. If a program could constantly search the area of reception and automatically attack any routers which had unlocked, then a small number of WPS pins could slowly be collected from a large number of routers and in time, the WPA key could be extracted.

    This program was not originally considered for a MTeams release until a surprising side effect occurred. The program began cracking other models that either were resistant to previous reaver attacks or routers that we did not even know existed. This success is not because of any special reaver command line. It is simply that the program is constantly searching and then attacking all WPS enabled routers found for short periods of time automatically gathering data and moving to the next target endlessly.

    Varmacscan2-0 is a totally automatic fire and forget script. Once running the script will search for any WPS enabled networks within reception range and then attack each in turn. Both search and attack times are set by the user. No specific targets are selected. After each router is subjected to reaver, any data acquired is searched for a viable pixiedust data sequence. If a sequence is found and the WPS pin extracted, it is loaded into reaver which reattacks the router using the pin number in the reaver command line. During both search and attack, modes aircrack-ng is run in the background collecting ESSIDPROBES. If a WPA key is obtained the program will skip the target in future attacks. Once all networks seen have been attacked the program rescans for targets and then attacks all seen again. This process will continue for as long as the user requires, no user input is needed.

    When you have exhausted attacks against stationary unlocked WPS enabled Networks thru the command line, and/or tested VMR-MDK against all WPS locked routers, run this program up and go to bed and see what tomorrow brings..

    Happy Hunting

    Musket Teams
    Attached Files Attached Files
    Last edited by mmusket33; 2016-03-10 at 07:35 AM. Reason: Version Update from 3-1 to 3-3

  2. #2
    Senior Member
    Join Date
    Aug 2013
    Location
    lost in space
    Posts
    580
    Thanks for your R&D and sharing with the rest of us!

    Does this replace that https://forums.kali.org/showthread.p...sh-for-Kali2-0 or am I confused again?
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  3. #3
    Senior Member
    Join Date
    Jul 2013
    Location
    United States
    Posts
    516
    GitHub GitHub GitHub!

  4. #4
    Senior Member
    Join Date
    Jul 2013
    Posts
    797
    To Quest

    This script does not employ DDOS processes like VMR-MDK. And is not specifically designed to break thru WPS locking. No targets are loaded the program seeks them automatically and collects pins if possible.

    MTeams

  5. #5
    Junior Member
    Join Date
    May 2015
    Posts
    18
    Works for me. Started it before bed and got 5 different correct pins when i woke up. I already knows those was working with pixie but anyway BUT!! got no wpakey in any of them. it was just empty on the line after wpa in the txtfile.



    Edit: Maby it has something with my new laptop to do.
    Installed kali yesterday.
    Got a warning that my diskspace was low and saw that the program complain about that.
    Have only a 24gb ssd in that laptop and the swapfile take 13bg of that, how much in swapfile is recommended for kali?
    Last edited by squash; 2015-11-27 at 03:34 PM.

  6. #6
    Member
    Join Date
    Nov 2015
    Posts
    45
    Seems to work here too, but with same no wpa key problem related by squash

    VARMAC_WPSWPA
    Code:
    WPS Pin: = '12345670'
    WPA Key: = 
    AP SSID: = 
     
       Note WPA Key is found between the two(2) tick symbols

  7. #7
    Senior Member
    Join Date
    Jul 2013
    Posts
    797
    To brunoaduarte squash

    Thanks for the test.

    We ran the program against known routers and it gave us the key. Go into the log file in VARMAC_LOGS and see if the key is listed. As you have the pin run it from the command line and see if it gives you the key.

    We are interested in the text output found in the reaver log file in VARMAC_LOGS. It is possible your OS or version gives a different output. We use awk to extract the data from the log or reaver output and dump it on the screen. If we know what your output is we will code it in for you.

    Look back here is 24 hours we have version 2-2 which gives u more control over the ESSIDPROBE module but we will delay release and run some tests and see if we can induce this error.

    MTeams
    Last edited by mmusket33; 2015-11-28 at 01:01 PM.

  8. #8
    Junior Member
    Join Date
    Oct 2015
    Location
    Chicago IL
    Posts
    1
    newbie here, be kind:
    Only data collected in essidprobesdic.txt & essidprobes8dic.txt.
    Clean data patterns never seen before forming. Can this data be reused each session or clean start each time?
    Using Kali2.0 live usb.
    Is "Found packet with bad FCS, skipping...". slowing down process?

  9. #9
    Member
    Join Date
    Nov 2015
    Posts
    45
    Hi mmusket33,

    I'm running my tests on Kali v2.0 Live USB with Persistence (BCM4311 wifi chipset).

    Here are the contents from both VARMAC_LOGS and VARMAC_WPSWPA folders:

    http://pastebin.com/FTBQCRm2
    (Couldn't paste text here cause it gives me some weird cloud proxy errors)

    Thanks

  10. #10
    Junior Member
    Join Date
    Apr 2015
    Posts
    29
    @mmusket33

    1.
    Nice Script !

    2.
    Can you give the script an option whether the association with Aireplay done instead Reaver?
    The association with Airplay often works better than using Reaver.

    In Reaver there are the flag -A

    3.
    Then there's the problem with hidden SSIDs.
    Current SSID (null)
    The should be automaitsch excluded, as these quoted otherwise unnecessary time.
    Last edited by Laserman75; 2015-11-30 at 12:28 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •