VMR-MDK-K2-2016R-011x9- Please Help!

[rogstrixx]

Hi,

I'm using VMR-MDK-K2-2016R-011x9 on Kali Linux2016.

My wireless adapter is TP-Link WN722N using to crack my own router which is TP Link WR740N.

First I used Wifite to crack the WPS PIN, within few seconds it showed "Pixie WPS =WPS PIN not found"

tried again, same result.

tried WPS Bruteforce= getting 0/0 success,ttl, doesn't go any further

tried reaver with command reaver -i wlan1mon -bssid -c - vvv -S -N
Result= ap rate limiting waiting 60 seconds

so I unlocked my WPS router PIN and tried the same command, it locks automatically after few seconds of failed PIN attempts.

Did some research came across a script known as RevdK3-R1,R2,R2 = none of them work on Kali 2016
First I got an error saying no valid wlan interface. So I changed in the script with text editor "EXISTENCE O WLAN" to F2
The scripted started but kept getting error no interface specified aireplay-ng

Then, I came across VMR-MDK-K2= Installed it successfully and ran against my own router, but still getting WPN PIN NOT FOUND

So, I want to know what is the right way to run this script.

Please correct me if I'm doing something wrong.

Is there any way to unlock the locked WPS router a.k.a "ap rate limiting waiting 60 seconds"

Thanks in advance, any suggestions would be highly appreciated

[grid]

I prefer using reaver or bully when mounting a WPS pin attack: gives you more control over the process.

That said, I'm not familiar with the script you mention; you probably need to spend time debugging it, and tweaking it for your specific needs.

I've come across tools which claim to get around the WPS pin timeout, but haven't used them, so I can't vouch for their effectiveness.

[rogstrixx]

To grid,

So what would you recommend for routers with locked WPS. Any suggestions would be helpful, Thank you

[grid]

While much slower, the obvious way would be to use the timeout/delay parameters in reaver or bully to prevent the WPS lockout.

There's been some discussion on this topic here on the forums, but I haven't followed it. A quick Google search on "unlock WPS pin lockout" came up with some interesting results you may want to check out

[mujica]

I'm using VMR-MDK-K2-2016R-011x9 on Kali Linux2016.1. I'm install VMR-MDK-K2-2016R-011x9 script. My wireless adapter is Alfa AWUS036h. While I hew no specific config file to the WARMAC_CONFIG folder.
Filder is blank. Please why. Sory. My Englis is bad.

[whiskey1983]

VMR-MDK-K2-2016R-011x9 script has some kind of bug, its not creating config folder in the right place. Just manually create WARMAC_CONFIG in ROOT folder it helped for me.

[1stcowgirl]

VMR-MDK-K2-2016R-011x9 script has some kind of bug, its not creating config folder in the right place. Just manually create WARMAC_CONFIG in ROOT folder it helped for me.

(may find this stupied but its out of frustration):
what is the right command to creat the VARMAC in root folder please?
tx.

[mmusket33]

To 1stcowgirl

This script has been running for years with no bugs. Line 5057 looks for the existence of a folder called VARMAC_CONFIG. If the folder doesnot exist it makes one for you. There may be some change in bash syntax that we are not aware of.

Try this command

mkdir -p -m 700 VARMAC_CONFIG

If that does not work try

mkdir -p -m 700 /root/VARMAC_CONFIG

If that does not work try

mkdir -p -m 700 root/VARMAC_CONFIG

Let us know which works


Are you running the program from root?

In closing we deleted the folder and ran the program in a updated persistent usb install of 2016R1 i386 and everything worked fine. However if you can tell us why it is not working for you we will try and correct the issue as MTeams cannot duplicate it

MTeams

[whiskey1983]

As for me program works fine just it didnt create config folder in /root/VARMAC_CONFIG but in folder where i uzippped it so program cannot find the path to folder in root i just created it manually and now everything works fine. maby its my fault cause i have unzipped it in folder /root/VMR-MDK-K2-2016R-011x9 so the config folder was createt there /root/VMR-MDK-K2-2016R-011x9/VARMAC_CONFIG

[whiskey1983]

I'm using VMR-MDK-K2-2016R-011x9 on Kali Linux2016.1. I'm install VMR-MDK-K2-2016R-011x9 script. My wireless adapter is Alfa AWUS036h. While I hew no specific config file to the WARMAC_CONFIG folder.
Filder is blank. Please why. Sory. My Englis is bad.

is it working for u ith this card? i have a problem cause reaver is not associating with router (something wrong with RTL driver probably but i cant install RT one )

[mmusket33]

To: 1stcowgirl

Whiskey1983 has probably discovered the problem. Just run from root and see if the problem disappears.

MTeams

[1stcowgirl]

To 1stcowgirl

This script has been running for years with no bugs. Line 5057 looks for the existence of a folder called VARMAC_CONFIG. If the folder doesnot exist it makes one for you. There may be some change in bash syntax that we are not aware of.

Try this command

mkdir -p -m 700 VARMAC_CONFIG

If that does not work try

mkdir -p -m 700 /root/VARMAC_CONFIG

If that does not work try

mkdir -p -m 700 root/VARMAC_CONFIG

Let us know which works


Are you running the program from root?

In closing we deleted the folder and ran the program in a updated persistent usb install of 2016R1 i386 and everything worked fine. However if you can tell us why it is not working for you we will try and correct the issue as MTeams cannot duplicate it

MTeams

i had some sucess running on VM.
i installed kali on vm and figured ill try to be a dummie.
i am on root.
before unziping VMR, i did "mkdir VARMAC_CONFIG". _ that created the folder in root.

so i finally got the Files inside varmac but when i ran the process i did not see "pin count advanced"
ill try creating varmac folder with your commands.
thank you

p.s.
to answer previous question: no, root did not solved (but i tried on vmware).
had to create myself.
tx

[mmusket33]

To 1stcowgirl

If the program runs then your method of making the folder is fine. The pin count matter has nothing to do with the folder. The router may not be vulnerable to the VMR process or the router is not responding. Also the program in default settings rechecks pin 12345670 every x cycles as setup by the configuration file. If you are new to reaver try the command line first against any target. This will give you a better idea of how the router generally responds to requests for WPS pins.

MTeams

[1stcowgirl]

To 1stcowgirl

If the program runs then your method of making the folder is fine. The pin count matter has nothing to do with the folder. The router may not be vulnerable to the VMR process or the router is not responding. Also the program in default settings rechecks pin 12345670 every x cycles as setup by the configuration file. If you are new to reaver try the command line first against any target. This will give you a better idea of how the router generally responds to requests for WPS pins.

MTeams

i think its the target, isaw that other target are responding.
thank you for your help.

i wanted to ask about stoping and continuing vmr.
how to i stop it , and how to continue it?
with reaver its very easy (ctrl+c -> and repeat the command. i can snapshot and continue later, but how to do it with vmr-mdk....)?
thank you.

[mmusket33]

To 1stcowgirl

VMR-MDK is just an administrative program. It calls up various programs in a certain order. When you want to stop just Ctrl-C in the various windows anytime. When VMR-MDK stops then save your snapshot. When you restart you should see the pin count begin. Just remember that if the retest pin 12345670 is selected VMR-MDK will start with that pin on the first cycle then pickup the brute force attack again on cycle 2.

In closing VMR-MDK is designed to attack WPS locked routers which exhibit a specific flaw as outlined in the help files. For normal operations reaver or bully from the command line is a better choice.

Musket Teams

[1stcowgirl]

To 1stcowgirl

VMR-MDK is just an administrative program. It calls up various programs in a certain order. When you want to stop just Ctrl-C in the various windows anytime. When VMR-MDK stops then save your snapshot. When you restart you should see the pin count begin. Just remember that if the retest pin 12345670 is selected VMR-MDK will start with that pin on the first cycle then pickup the brute force attack again on cycle 2.

In closing VMR-MDK is designed to attack WPS locked routers which exhibit a specific flaw as outlined in the help files. For normal operations reaver or bully from the command line is a better choice.

Musket Teams

for me its a rule: VMR is for LOCKED WPS ONLY! _ (logic say it would be a waste of precious time trying it on UNLOCKED WPS, Reaver is never failed me on those)_ (longest that took me was about 5h)

so ...
1) CTRL+C to stop (thats the regular step)
2) Take Snapshot
*) when im ready to continue ->
3) Load Snapshot
4) How to restart?

please help me here with how to restart.

logic tells me (from your guide), that i should CTRL+C on the REAVER terminal, Take a snapshot and when i want to continue again, just press the UP ARROW while being on the REAVER termial, Confirm the previous process with "Y" AND EVERYTHING WILL RUN AGAIN.
Am i right?

and thank you for explaining the cycles.

sorry, im at work and cant really test on the spot, i get back late and not much spare time.
thank you.,

[mmusket33]

MTeams doesnot use vmware and have never tested the program in a vmware enviornment therefore any specific keyboard commands reference vmware are unknown.

During the VMR-MDK process reaver is started in stage one and then shut down when entering stage three. So every cycle reaver saves its work and then is restarted at the next cycle.

To restart the program run from root. Open a terminal window and type ./VMR-MDK-K2-2016R-011x9.sh [Enter] or whatever version you are running and the program will restart. The program will then run till either the number of cycles entered during setup have been completed or the user shuts the program down manually thru Ctrl-c in the main terminal window. Entering ctrl-c in the small xterm windows will only shut down the process being run in that xterm window.

MTeams

[1stcowgirl]

To restart the program run from root. Open a terminal window and type ./VMR-MDK-K2-2016R-011x9.sh [Enter] or whatever version you are running and the program will restart. The program will then run till either the number of cycles entered during setup have been completed or the user shuts the program down manually thru Ctrl-c in the main terminal window. Entering ctrl-c in the small xterm windows will only shut down the process being run in that xterm window.

MTeams

Lets se if i got it right,

[mmusket33]

If you Ctrl-c in your example 2 the program will shut down. You will have to restart the program. If after restart you select a target where pins have been collected thru brute force, then reaver, when a brute force cycle begins, will pick up from the last pin collected.

If you ctrl-c in your example 1 then that xterm window will close BUT the program will continue running.


Remember that if you select the retest pin 12345670 feature then on cycle one reaver will test that pin and then on cycle 2 it will begin the brute force session.


MTeams

[1stcowgirl]

If you Ctrl-c in your example 2 the program will shut down. You will have to restart the program. If after restart you select a target where pins have been collected thru brute force, then reaver, when a brute force cycle begins, will pick up from the last pin collected.

If you ctrl-c in your example 1 then that xterm window will close BUT the program will continue running.


Remember that if you select the retest pin 12345670 feature then on cycle one reaver will test that pin and then on cycle 2 it will begin the brute force session.


MTeams

1st of all Thank you for your patience.

just restart VMR and it will contiue. (just ./VMR-MDK-K2-2016R-011x9.sh After the snapshot is load & choose the same target )

thank you.

[mmusket33]

The problem was put to our R.V, Te,

The problem may be in the way you unzipped the file.

Either unzip in a windows based program or unzip from the command line in a terminal window


Try unzip from the command line

In root type

unzip VMR-MDK file name.zip

This will unzip in root

for help type unzip [Enter]

[1stcowgirl]

if ur talking about varmac then i did it right from root through command.
i believe its was due to VMware.
(os was installed on VM and did not use the live)

[1stcowgirl]

The problem was put to our R.V, Te, [Enter]

hi and thank you.

i would like to share something and to ask something.

question (though its not about vmr):

Is there a way to move the reaver process to other pc?
meaning: i open'd a terminal and started reaver. after 30% i had to stop it. is there a way to continue from those 30% on a different pc?

is there a way to save the reaver terminal and move it to another pc?

thank you (hope you understood what i ask).

-

in the past i used BT
i used to do it like this (the easy way):

start wlan0
wash -i mon0
reaver -i mon0 -b 00:11:33:44:55:66 -vv

so on backtrack it worked like a charm.

WHen i try it on kali its giving me all kind of.... messed up error.

is it only me or the same command dont need to be the same on kali?

thank you.

[mmusket33]

To 1stcowgirl

Reference moving your work to another computer. You probably need to copy the .wpc file which has been written against your target to the new computer, The .wpc file is the bssid of your target then .wpc. So if your target has a mac address of 00:11:22:33:44:55 then the .wpc file for that target would be 00:11:22:33:44:55.wpc

First you need to find where your computer stores these files so do a search.

You next need to find out where your second computer stores the .wpc file.

Copy the .wpc file from computer one to computer two.

Start reaver and make sure you do not overwrite the exiting file if asked.

Check to see if the pin count has continued.

Reference you starting monitor mode. Aircrack-ng has changed airmon-ng. It now gives you a different designation

airmon-ng start wlan0

You will get wlan0mon instead of mon0

Now run

airmon-ng check kill

to prevent network manager from interfering with your processes

Now start reaver.

MTeams suggests you find the thread netmanmac and read it. There are ways to work around this network manager conflict. MTeams offers a simple solution but there are others. Once you evoke airmon-ng check kill the ability to connect to the internet is removed. To restore your internet connective ability reboot your computer. There is no real way to reverse the effects of airmon-ng check kill completely so do not bother with service commands trying to restore processes as complete restoration in kali is only brought about thru a reboot.

There is lots of commentary in kali and aircrack-ng forums on these airmon-ng - networkmanager matters.


Musket Teams