Top-Hat-Sec

Operating systems Discussion => BackTrack Linux => Topic started by: masonx on June 11, 2012, 11:05:24 PM

Title: Reaver in bt5r2 , same pin.
Post by: masonx on June 11, 2012, 11:05:24 PM
Hello, I running reaver in bt5r2 and it seems to be working except , ...every time it displays "Trying Pin 12345670"its always the same pin 12345670. Is it not working correctly ?  That same pin showed up at least a dozen times also 0.00 % complete. Im still learning so be patient please. Thanks

wireless usb card awus036h
started wlan0 , checked injection ...working
monitor mode enabled mon0
used command reaver -i mon0 -b XX:XX:XX:XX:XX:XX -vv
Title: Re: Reaver in bt5r2 , same pin.
Post by: Duane on June 12, 2012, 04:40:46 AM
Hi Masonx, I've had the same problem with Reaver, I cracked my AP the first time in 6 hours but that's the only time it's been successful.  Sometimes it will start off great then stop in the middle, other times it does the same thing that yours did.  In my opinion, Reaver is just plain flaky. 
Title: Re: Reaver in bt5r2 , same pin.
Post by: 3therk1ll on June 12, 2012, 05:54:38 AM
Reaver works fine, what you're experiencing is more likely to be a security feature of the AP, it's detecting the brute force and locking out your Mac, I found this difficuilty whilst testing on a Belkin router, try setting timeouts and breaks in the attack, look at the router as well, the one I tested displayed a red flashing light when the attack began to fail/was detected. Also, for the original post, make sure WPS mode is enabled on the router or the attack doesn't work.
If for some reason that doesn't work, try spoofing your mac address 'macchanger -r #your_interface#'
if you stop an attack, reaver will pick up where you left off.
Title: Re: Reaver in bt5r2 , same pin.
Post by: jroy08 on June 12, 2012, 07:43:53 AM
Hello, I running reaver in bt5r2 and it seems to be working except , ...every time it displays "Trying Pin 12345670"its always the same pin 12345670. Is it not working correctly ?  That same pin showed up at least a dozen times also 0.00 % complete. Im still learning so be patient please. Thanks

wireless usb card awus036h
started wlan0 , checked injection ...working
monitor mode enabled mon0
used command reaver -i mon0 -b XX:XX:XX:XX:XX:XX -vv

That particular pin is the one reaver always starts with. In your case it never got past the first pin. It may be a security feature as suggested, but wps security does behave oddly sometimes. With reaver I have never had much success with a router that is in the same room as me. I have however had a lot of success on routers that were some distance away. Like mentioned be sure wps is enabled, but if it wasn't I don't think reaver would get past the association. I also have had more success when starting, stopping and restarting reaver periodically.
Title: Re: Reaver in bt5r2 , same pin.
Post by: 3therk1ll on June 12, 2012, 09:51:50 AM
Just to be clear, I muddled the two together before...
1) Stopping halfway, more likely to be a security feature as the AP realises it is coming under attack, -t option to initiate timeouts to make attack less obvious. Consider using -d to delay between pin attempts for the same reason or if the AP security periodically locks out WPS pin attempts, set the option -l (time in seconds).
2)Not starting, WPS not enabled, stopping Reaver from being able to work full stop.

Like jroy08 said, stopping and starting helps, but it is possibly an issue with inbuilt AP timeouts, try the above commands. I have never had Reaver fail once I worked out each routers quirks, even with those directly next to my interface, possibly again, idiosyncrasies in different router types.
Just keep experimenting with different AP's/conditions/settings.
Title: Re: Reaver in bt5r2 , same pin.
Post by: masonx on June 12, 2012, 03:16:20 PM
Thanks everyone for the responses and the advice. I will try all of the above. I really like the fact that reaver saves what you've accomplished and you can continue your attack at a later time. It seems to be working alittle better when I stop ans restart alittle later. I also noticed it helps to close the distance between your computer and the access point your attacking. Thank you all again , I really enjoy this stuff I just dont know enough about it yet.
Title: Reaver in BT5R2
Post by: batman1538 on July 08, 2012, 06:18:18 PM
Good Day
 Having the same issue

I have a router and have the password even the pin thats is on the back and for some reason I can get in. The commands I use and get a timeout and stays at pin 01234567.
 
reaven -i mon0 -b (the MAC Address) -c (Channel) -e (name) -p (pin) -vv
 
reaven -i mon0 -b (the MAC Address) -c (Channel) -e (name) -p (pin) -vv -T 5
 
I also tried /wash -i first and it shows up on as AP open

this is just testing to see if I can get in

rougter is linksys cisco WRT320N
Title: Re: Reaver in bt5r2 , same pin.
Post by: R4v3N on July 08, 2012, 06:30:26 PM
masonx, what is the command that you are using to run reaver ? There are many factors that come into play when attacking WPS.
Title: Re: Reaver in bt5r2 , same pin.
Post by: batman1538 on July 08, 2012, 07:27:47 PM
It's Batman1538 asking for help

wash -i mon0

chk that the WPS is on then

reaver -i mon0 -b (the MAC Address) -c (Channel) -e (name) -p (pin) -vv

and also
 
reaver -i mon0 -b (the MAC Address) -c (Channel) -e (name) -p (pin) -vv -T 5

the pin I use is the one on the back of the router I do know the PW but just chking to see if it comes up with reaver
Title: Re: Reaver in bt5r2 , same pin.
Post by: Red on July 08, 2012, 09:06:41 PM
How far away are you from the AP?
Title: Re: Reaver in bt5r2 , same pin.
Post by: TAPE on July 09, 2012, 12:01:06 AM
Just so that it is clear on what you are trying;

You are entering the PIN using the -p switch to verify whether reaver is working on your router
by entering the PIN directly.
Correct ?

If there is no response and reaver continues to try the same PIN, then it looks like your
router is not susceptible to the attack even though wash is saying it is..


Have you confirmed that your router is indeed vulnerable to the reaver attack ?
Checkout: https://docs.google.com/spreadsheet/ccc?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c#gid=0
to verify whether your router is vulnerable at all.

Although wash may say it is responding, perhaps you need to try more of the different options to
have a shot at it ?

Title: Re: Reaver in bt5r2 , same pin.
Post by: batman1538 on July 09, 2012, 06:02:52 AM
The router is in the same room
Title: Re: Reaver in bt5r2 , same pin.
Post by: batman1538 on July 09, 2012, 06:05:54 AM
rougter is cisco WRT320N
Title: Re: Reaver in bt5r2 , same pin.
Post by: TAPE on July 09, 2012, 03:45:03 PM
Huh, in the database it says "maybe" under the vulnerable column for that router..

Not terribly helpful ;)

In any case;
- You know the PIN, you are trying it correctly, it is not responding..
- It is in the database as a 'maybe vulnerable' with comments on continuous WPS transaction failures.

So.. if it looks like a duck, quacks like a duck.. it is most likely a duck..

Probably not vulnerable.
Title: Re: Reaver in bt5r2 , same pin.
Post by: batman1538 on July 09, 2012, 04:48:32 PM
 :'(
Title: Re: Reaver in bt5r2 , same pin.
Post by: R4v3N on July 09, 2012, 05:57:14 PM
Hey TAPE, can you post your reaver tutorial or the link?

Do not use the -P flag by the way. To my understanding, you would use that if you already cracked the pin.  So later inthe future, if the WPA pass phrase is changed then you can instantly crack it.
Title: Re: Reaver in bt5r2 , same pin.
Post by: GalaxyNinja on July 09, 2012, 06:19:52 PM
TAPE's link is http://adaywithtape.blogspot.com/2012/01/cracking-wpa-using-wps-vulnerability.html
Title: Re: Reaver in bt5r2 , same pin.
Post by: batman1538 on July 14, 2012, 05:06:43 PM
Hello to all once again running Reave 1.5 and having the same problem, router is in the same room WPS is not lock

Router is a Technicolor model: TG582n

tryed solo
reaver - i mon0 -b (mac address) -c (channel) -e (name) -vv -S -L
reaver - i mon0 -b (mac address) -c (channel) -e (name) -vv
reaver - i mon0 -b (mac address) -c (channel) -e (name) -vv -t 7

 :o






Title: Re: Reaver in bt5r2 , same pin.
Post by: R4v3N on July 14, 2012, 05:51:43 PM
From TAPE'S Tutorial:

reaver -i mon0 -f -c 11 -b 98:FC:11:8E:0E:9C -vv -x 60

Also, you guys need to do an airodump-ng and see what your beacon rate is. Do the beacons pause or stop at any time? There are things that you need to check for signal quality. If your signal quality sucks, then this isn't going to work.
Title: Re: Reaver in bt5r2 , same pin.
Post by: batman1538 on July 14, 2012, 06:53:03 PM
Was this last post for me??

From TAPE'S Tutorial:

reaver -i mon0 -f -c 11 -b 98:FC:11:8E:0E:9C -vv -x 60

Also, you guys need to do an airodump-ng and see what your beacon rate is. Do the beacons pause or stop at any time? There are things that you need to check for signal quality. If your signal quality sucks, then this isn't going to work.

Because if so don't find the "TAPE's Tutorial"
and the beacons are always going up ^

TY
Title: Re: Reaver in bt5r2 , same pin.
Post by: xen on July 15, 2012, 12:38:26 AM
I know this is probably not helpful in this case, but when I used reaver to attack my AP I started having that same issue. I know you really won't be doing this if you were working on somebody else, or maybe you would, but I ended up power cycling my AP and it cleared up the issue. Just a thought lol
Title: Re: Reaver in bt5r2 , same pin.
Post by: batman1538 on July 21, 2012, 11:17:49 AM
Any help on

Router is a Technicolor model: TG582n pls I keep getting a time out
Title: Re: Reaver in bt5r2 , same pin.
Post by: n1tr0g3n on July 21, 2012, 11:25:04 AM
I would say it's just about Reaver Pro time lol   ;D
Title: Re: Reaver in bt5r2 , same pin.
Post by: ultra_lazer on July 22, 2012, 01:39:21 PM
Hey n1tr0
Hey Bro... reaver pro is a waste of time and money ( My experience ) !! did not perform any better than the command line tool !!!
the command line 1.4 version works like a charm on every Os i installed it on. if the wifi card is reliable and the drivers are right !
oh Btw, reaver keeps trying the same PIN if it keeps receiving time out error !  ( the answer is for Masonx who started the thread).
  ;) keep safe Bro...
Title: Re: Reaver in bt5r2 , same pin.
Post by: 3therk1ll on July 31, 2012, 08:25:17 AM
You gotta play with different settings for different routers, I've never had a fail on it once I've spent a few minutes working out the chosen routers idiosyncrasies.
Title: Re: Reaver in bt5r2 , same pin.
Post by: n1tr0g3n on July 31, 2012, 09:00:10 AM
I've actually had pretty good luck with Reaver Pro, the command line version always has issues every time they update it and are a pain to figure out.
Title: Re: Reaver in bt5r2 , same pin.
Post by: 3therk1ll on August 01, 2012, 02:11:38 AM
Yeah same here, Reaver Pro has run like a pro for me.
Title: Re: Reaver in bt5r2 , same pin.
Post by: masonx on November 24, 2012, 09:46:26 PM
Hey n1tr0
Hey Bro... reaver pro is a waste of time and money ( My experience ) !! did not perform any better than the command line tool !!!
the command line 1.4 version works like a charm on every Os i installed it on. if the wifi card is reliable and the drivers are right !
oh Btw, reaver keeps trying the same PIN if it keeps receiving time out error !  ( the answer is for Masonx who started the thread).
  ;) keep safe Bro...
                Thanks Gh0std0g and everyone else that posted.... I,ve been reading and theres alot of useful info. Im putting some of it to the test. Thanks again everyone.
Title: Re: Reaver in bt5r2 , same pin.
Post by: 0E 800 on June 27, 2014, 02:31:16 PM
0ld topic, but still very good tidbits in here.

I recommend people to review this Kali forums thread about using MDK3 to help reaver.
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode