ViTALiTY
-
Posts
36 -
Joined
-
Last visited
Posts posted by ViTALiTY
-
-
Is there anything like this for Bully? Reaver doesn't work with me unfortunately.
-
Would anyone kindly explain to what exactly happened here and how can I improve the attack?
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'mon0' to channel '6'
[!] Using '**:**:**:**:**:**' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '**:**:**:**:**:**' on channel '6'
[+] Got beacon for '***-********' (**:**:**:**:**:**)
[+] Loading randomized pins from '/root/.bully/pins'
[!] Restoring session from '/root/.bully/58983579b651.run'
[+] Index of starting pin number is '0002000'
[+] Last State = 'NoAssoc' Next pin '25770940'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '93460941'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Sent packet not acknowledged after 3 attempts
[+] Tx( Assn ) = 'Timeout' Next pin '89430941'
[+] Rx( Auth ) = 'Timeout' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Sent packet not acknowledged after 3 attempts
[+] Tx( M2 ) = 'Timeout' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'
[+] Rx(M2D/M3) = 'WPSFail' Next pin '89430941'Thanks in advance!
-
Any news on this?
-
You can do this when you ssh into the pineapple wifi or you can click disable on the specified interface and then click monitor. This also is done on Reaver as well I believe.
Its for Reaver but the concept is the same for Bully
https://forums.hak5.org/index.php?/topic/32748-mark-v-reaver-video-tutorial/#entry244818
Thanks. I don't know why have I forgot to set the SSH access.
Another question... Because now this is happening and I have no idea why.
[!] Bully v1.0-22 - WPS vulnerability assessment utility[+] Switching interface 'mon0' to channel '6'
[!] Using '00:13:37:93:58:34' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from 'XX:XX:XX:XX:XX:XX' on channel '6'
[X] Unable to get a beacon from the AP, possible causes are
[.] an invalid --bssid or -essid was provided,
[.] the access point isn't on channel '6',
[.] you aren't close enough to the access point.
Using Kali, Bully gets the beacon right away but times out.
Here, Bully does not get the beacon. The power is always around 70%. The AP shows up on wash, it has the vulnerability. Isn't that enough?
Or is anything else wrong?
-
Yes, that's what I mean. That should allow the monitor interface to channel hop.
Best Regards,
Sebkinne
Ok, great. Sorry for the stupid question, but where exactly do I enter the command?
-
Make sure that wlan1 is DOWN.
Best Regards,
Sebkinne
What do you mean by that? "ifconfig wlan1 down"?
-
Forgot to add something. If it helps, I'm using wlan0 as client to another AP and wlan1 to use Bully (but not on that AP of course).
-
Everytime I try to use Bully, this happens.
Could anyone please help me out?
Thanks in advance.
[Support] WPS
in Mark V Infusions
Posted
Nevermind, it's just a WPS lock.
Now, from what I've seen, there are some things to try.
The mdk3 attacks, but they have to be automated. Found a script to do it by repzeroworld:
https://forums.hak5.org/index.php?/topic/32494-reaver-ap-rate-limiting-detected-and-automatic-mdk3-solution/
But it's for reaver... I need it working for Bully, as reaver just hangs on the "Association sucessfull" message.
Another thing I wanted to try out was something like a mac changer automated script, to change mac address every x seconds.
But how viable is this option? Don't the interfaces have to be down in order to change the MAC?
If so, that would mean that I would have to automate that too. Stopping the attack on Bully, changing the MAC, and starting the attack again...
Can anyone shed some light on all this?