December 16, 2017, 08:23:39 PM
Welcome, Guest. Please login or register.

The user's going to pick dancing pigs over security every time. -- Bruce Schneier

Author Topic: VMR-MDK-K2-2016R-011x9- Please Help!  (Read 4603 times)

Offline rogstrixx

  • Prospect
  • *
  • Posts: 6
  • Internets: +0/-0
VMR-MDK-K2-2016R-011x9- Please Help!
« on: June 15, 2016, 10:57:58 PM »
Hi,

I'm using VMR-MDK-K2-2016R-011x9 on Kali Linux2016.

My wireless adapter is TP-Link WN722N using to crack my own router which is TP Link WR740N.

First I used Wifite to crack the WPS PIN,  within few seconds it showed "Pixie WPS =WPS PIN not found"

tried again, same result.

tried WPS Bruteforce= getting 0/0 success,ttl, doesn't go any further

tried reaver with command reaver -i wlan1mon -bssid -c - vvv -S -N
Result= ap rate limiting waiting 60 seconds

so I unlocked my WPS router PIN and tried the same command, it locks automatically after few seconds of failed PIN attempts.

Did some research came across a script known as RevdK3-R1,R2,R2 = none of them work on Kali 2016
First I got an error saying no valid wlan interface. So I changed in the script with text editor "EXISTENCE O WLAN" to F2
The scripted started but kept getting error no interface specified aireplay-ng

Then, I came across VMR-MDK-K2= Installed it successfully and ran against my own router, but still getting WPN PIN NOT FOUND

So, I want to know what is the right way to run this script.

Please correct me if I'm doing something wrong.

Is there any way to unlock the locked WPS router a.k.a "ap rate limiting waiting 60 seconds"

Thanks in advance, any suggestions would be highly appreciated

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1020
  • Internets: +986/-1
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #1 on: June 16, 2016, 03:46:52 AM »
I have not used the script you are talking about but for reaver u can try  to use the -T .5  to set a time out period  and -d 15 to delay each attempt to 15 seconds or more to try and keep from getting locked out.

You can also try Fruity Wifi   
http://www.fruitywifi.com/index_eng.html

HTH

Offline rogstrixx

  • Prospect
  • *
  • Posts: 6
  • Internets: +0/-0
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #2 on: June 16, 2016, 04:19:41 AM »
Thank you H4v0K. Out of 102 views and counting you were the first one to reply with a suggestion. I appreciate it.

I will try what you have suggested and paste my output later.

Thanks again.

If any other suggestion please let me know. Coz I think new routers which automatically disable PINs are hard to crack

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1020
  • Internets: +986/-1
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #3 on: June 16, 2016, 04:39:28 AM »
Thank you H4v0K. Out of 102 views and counting you were the first one to reply with a suggestion. I appreciate it.

I will try what you have suggested and paste my output later.

Thanks again.

If any other suggestion please let me know. Coz I think new routers which automatically disable PINs are hard to crack

They have caught on and made it harder to crack WPS  ( also why reaver pro went out of business :o ) but there are still some out there u can get and some routers u can use the pixie dust attack. 
 

Offline rogstrixx

  • Prospect
  • *
  • Posts: 6
  • Internets: +0/-0
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #4 on: June 16, 2016, 04:44:58 AM »
Yes you are right there are Dlink routers that I have cracked and other old ones.

I have tried EAPOL and DDOS attack against locked WPS " AP rate limiting"

But no luck.

I m trying the fruitywifi, lets see


Offline rogstrixx

  • Prospect
  • *
  • Posts: 6
  • Internets: +0/-0
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #5 on: June 16, 2016, 05:01:27 AM »
Any tutorial on how to use Fruity Wifi, thanks

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1020
  • Internets: +986/-1
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #6 on: June 16, 2016, 05:05:50 AM »

Offline rogstrixx

  • Prospect
  • *
  • Posts: 6
  • Internets: +0/-0
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #7 on: June 16, 2016, 05:15:15 AM »
Have you used FruityWifi?

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1020
  • Internets: +986/-1
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #8 on: June 16, 2016, 05:27:43 AM »
Nope not yet

Offline rogstrixx

  • Prospect
  • *
  • Posts: 6
  • Internets: +0/-0
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #9 on: June 16, 2016, 05:32:34 AM »
Well some functions dont work on Kali2016 and a bit complicated

Offline ch3rn0byl

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 191
  • Internets: +1337/-0
  • Grumpy Old Man with Mounds of Salt
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #10 on: June 16, 2016, 08:38:44 AM »
Yes you are right there are Dlink routers that I have cracked and other old ones.

I have tried EAPOL and DDOS attack against locked WPS " AP rate limiting"

But no luck.

I m trying the fruitywifi, lets see
You, a single person, was performing a ddos??  Do you have an idea of what a ddos is?? Or a dos??? Once you look up what that is, do a Google search on why performing a dos won't make a router give you the wps pin. Let it sink in a bit...
Also, if a particular function doesn't work on kali, you have the source. Attempt to fix it and get it working. Don't give up on the first error and think the world's gonna end
« Last Edit: June 16, 2016, 08:40:17 AM by ch3rn0byl »
Will *personally* drive the fucking hour to rip the computer out of your hands

Offline Grey-Matter

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 112
  • Internets: +57/-0
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #11 on: August 05, 2016, 07:12:30 AM »
Sorry for the late response, i honestly just noticed this thread.

First of all, i've used every script mentioned so far in kali. They all work.

VMR-MDK was made before aircrack changed airmon-ng. When it was wlanx <=> monx. So when kali 2 released they remade the script and included the old version of airmon inside the script. That's what the K2's for. So im assuming you're trying to feed it wlanxmon and that's y its not working.  If you wanna use it, let it handle monitor mode by itself.

Rev2K is kind of a cross-your-fingers type thing. It's something to try when a router locks you out. It all depends on the router and your signal whether it'll work or not. Your literally trying to make the router reboot.  Just cuz the router isn't rebooting, doesn't mean anythings broken or misconfigured. Just means that the router isn't either :P

Also, MTeams/Musket Teams, who made VMR-MDK also have another one that can be useful. Varmascan. It's basically meant to scan your whole area and just go to work. So you can like run it overnight while ur sleepin or whatever. It just bangs em out (or gives up) all in a row. It lets you set options like, work on crackiing an AP for 20 minutes, save the progress, and move onto the next. And ever 5 times you get all the way thru the list, rescan again. Its fully automated
https://github.com/L33T-H4X0R-D00D/Varmascan-reaver
https://forums.hak5.org/index.php?/topic/34617-how-to-reaver-dropbox-raspberry-pi/

Im pretty sure both the MTeams scripts include RevDK already. Just gotta setup the configuration.

Frankenscript is easily my favorite wps script of all time. I always had the most success with it. it has a great interactive menu too for different options. Plus he didn't use airmon. That's where i learned the trick to add a virtual interface for monitor mode,(iw dev wlanx interface add monx mode monitor). Having both interfaces actually makes a difference with some AP's because it keeps them in constant communication
https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files

I know  its changed alot since i was using it. It used to have like 4 different versions of reaver. As well as wep and wpa options. So dont know wheter its still great or not

Wifite works great too.

The thing you need to remember about wps scripts, is that every single one of them is using reaver (some offer bully too) to crack the pinl. They all pretty much have something they do better than the others. But don't go crazy looking for that script that's gonna make it work all of the sudden. If you're having issue's with your router, your best bet is the reaver help menu and google. Pixie has more than 1 mode, the router brand and the chipset all come into play. There's short keys vs long keys. The default pingen's (which tend to work alot. Esp with DLink). All of these are reaver options now.

And some routers just aren't gonna open up that way. Some have better security than others, and unless you do a slow crack (like 5 minutes a day, and continue in increments), its not gonna happen


Learning reaver isn't difficult for the standard stuff. Keep in mind that scripts get made, then things change, and alot of times the dev has moved on with his/her life. Its best to just learn the tool

Another thing that makes a big difference with wps pin cracking, is how many different ways the router offers to connect with wps. Running airodump-ng with the switches -W -U -M will show the WPS method, Uptime, And Manufacturer respectively. And all can help you figure out what's best.. The -W or --wps thows whether its enabled, the version, and also the ways its configured to allow wps connections. This is actually important. The more methods it offers, the easier it is to crack. It makes a big difference. In the pic below, 1.0 is the version number. If it only offers one option, it doesnt always broadcast it, its usually PBC/Push Button in that case
USB = USB method, ETHER = Ethernet, LAB = Label, DISP = Display, EXTNFC = External NFC, INTNFC = Internal NFC, NFCINTF = NFC Interface, PBC = Push Button, KPAD =  Keypad


Anyway, good  luck
« Last Edit: August 05, 2016, 07:16:18 AM by Grey-Matter »

Offline r3k0hu

  • Top Hat Member
  • Professional
  • ********
  • Posts: 487
  • Internets: +48/-0
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #12 on: August 05, 2016, 03:06:14 PM »
Thanks GM that was actually a pretty awesome post (Not that I thought it wouldn't be) and WPS has always been a bit of a pain in the ass for me, so this opens my eyes a little.

A few things to go away and think about which is great - thanks man! Really appreciate it!

Edit: Ahh bugger - was about to try Frankenscript but seems it has been removed - "Links Unavailable. The Link Has Been Removed For Violating Our Terms Of Service. "
« Last Edit: August 05, 2016, 03:24:37 PM by r3k0hu »
r3k0hu
-43.9515-176.561

Offline Malachai

  • Top Hat Member
  • Super Elite
  • ********
  • Posts: 2806
  • Internets: +18/-7
  • #!/bin/sh Day/Night (Grey Hat)
Re: VMR-MDK-K2-2016R-011x9- Please Help!
« Reply #13 on: August 14, 2016, 12:57:58 PM »
I have to agree some routers do not like reaver... I had a extra router my neighbor down the street gave me since he switched providers. MyCharter routers sucks for reaver it locks them right away and take a while to come back with some results.

** Dont' judge me! **

*//
  Hope that Firewall works because your SCREWED  
  //*