Got my
Alfa AWUS036H today and tried to pen my router using reaver 1.4.
I spent the last 8 hours searching the web and trying to figure it out myself, fiddled around alot, but nothing that helped so far. Now coming to you, since I cannot help feeling that my problem is kind of unique. e.g. downgrading to reaver 1.3 seems impossible, because
dependencies are missing.
Code:
root@kali:~# airmon-ng start -i
Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e
PID Name
3311 NetworkManager
3361 dhclient
Interface Chipset Driver
root@kali:~# kill 3311
root@kali:~# kill 3361
root@kali:~# airmon-ng start wlan0
Interface Chipset Driver
wlan0 Realtek RTL8187L rtl8187 - [phy0]
(monitor mode enabled on mon0)
root@kali:~# wash -i mon0
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
BSSID Channel RSSI WPS Version WPS Locked ESSID
---------------------------------------------------------------------------------------------------------------
XX:XX:XX:XX:XX:XX 5 -60 1.0 No \\\\\\\\\\
00:0B:3B:XX:XX:XX 6 -19 1.0 No TestAP Devolo
A0:F3:C1:XX:XX:XX 9 -33 1.0 No MainAP Fritz
XX:XX:XX:XX:XX:XX 10 -56 1.0 No \\\\\\\\\\
XX:XX:XX:XX:XX:XX 11 -48 1.0 No \\\\\\\\\\
^C
root@kali:~# reaver -i mon0 -b 00:0B:3B:XX:XX:XX -c 6 -N -S -d 10 -vv
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
[+] Switching mon0 to channel 6
[+] Waiting for beacon from 00:0B:3B:XX:XX:XX
[+] Associated with 00:0B:3B:XX:XX:XX (ESSID: TestAP)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2014-12-18 00:51:02 (0 seconds/pin)
[+] Max time remaining at this rate: (undetermined) (11000 pins left to try)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
^C
[+] Nothing done, nothing to save.
root@kali:~#
Also getting these errors, when trying to run the same command against my fritz!box.
Code:
root@kali:~# airmon-ng start -i
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e
PID Name
3331 NetworkManager
4015 wpa_supplicant
4022 dhclient
Interface Chipset Driver
wlan0 Realtek RTL8187L rtl8187 - [phy0]
root@kali:~# kill 3331
root@kali:~# kill 4015
root@kali:~# kill 4022
root@kali:~# airmon-ng start wlan0
Interface Chipset Driver
wlan0 Realtek RTL8187L rtl8187 - [phy0]
(monitor mode enabled on mon0)
root@kali:~# wash -i mon0
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
BSSID Channel RSSI WPS Version WPS Locked ESSID
---------------------------------------------------------------------------------------------------------------
XX:XX:XX:XX:XX:XX 5 -68 1.0 No \\\\\\\\\\
00:0B:3B:XX:XX:XX 6 -22 1.0 No TestAP Devolo
A0:F3:C1:XX:XX:XX 9 -37 1.0 No MainAP Fritz
XX:XX:XX:XX:XX:XX 10 -58 1.0 No \\\\\\\\\\
XX:XX:XX:XX:XX:XX 11 -42 1.0 No \\\\\\\\\\
^C
root@kali:~# reaver -i mon0 -b A0:F3:C1:XX:XX:XX -c 9 -d 10 -S -N -vv
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
[+] Switching mon0 to channel 9
[+] Waiting for beacon from A0:F3:C1:XX:XX:XX
[+] Associated with A0:F3:C1:XX:XX:XX (ESSID: MainAP)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
^C
[+] Nothing done, nothing to save.
root@kali:~#
I tried different variations, like adding -N, -S, -d 10 (and more), -win7 or just using
reaver -i mon0 -b BSSID
Sometimes the channel switch progress after reaver initialization will just freeze and I have to do an other
wash -i mon0 or
airodump-ng mon0, before reaver continues to change channels; so I ended up always adding the -c X. Also: right after fresh boot, killing the processes and turning the card to monitor mode, reaver won't be able to use mon0 sometimes, so I have to restart the VM, hoping it works next time. *sigh* I really can't any make sense from any of this.
Tried it on both "routers" my fritz!box and devolo, with signal strength between -15 and -30. Running Kali Linux 1.0.9a amd64 (& Backtrack 5 R3 GNOME 32bit - just downloaded this, in case 1.0.9a had a bug, but same issues encountered there) as VM. I also let the programs run for 1-2hrs (infinite loops), reinitialized a couple of times, set the card to more output, but that didn't help either.
tl;dr: I can't get aircrack to work. I somehow suspect my brand new AWUS036H. Getting errors posted above. I googled and searched the web already.