vdub Posted May 10, 2012 Posted May 10, 2012 I am not sure what I am doing wrong here but I have tried about 1600 keys in about 12 hours and have had to reset the router 3 times. This is the command I am using. reaver -i mon0 -b 20:4E:7F:A3:16:0A -d 10 -v -s ./204E7FA3160A.wpc I have created a 10 second delay between attempts and lowered my txpower to 1mW. This is a few week old Netgear N150 router. This router is out of stock so its never been used in a network. Its brand new. The only thing I changed in the configuration was the wpa2 key. I did not upgrade the firmware. Personally I don't see how this could possibly be effective in a situation where you don't have access to reboot the router every few hours. This could take weeks to get though. I'm also getting this error constantly WARNING: 10 failed connections in a row This error happens about every 2 or 3 key attempts. I also tried to suspend the terminal and change my mac address on my wifi card but that broke the program. I had to pull the wifi card and start over with the factory mac. However, that might be my fault because I think I changed the mac while still in monitor mode. The first 1000 keys went without a hitch and then this started happening. Quote
bobbyb1980 Posted May 11, 2012 Posted May 11, 2012 I think for Reaver to function correctly with a spoofed MAC you need to change it on the interface (ie wlan0) and not on mon0. Quote
vdub Posted May 11, 2012 Author Posted May 11, 2012 I think for Reaver to function correctly with a spoofed MAC you need to change it on the interface (ie wlan0) and not on mon0. I noticed earlier that if I change the mac on the wlan0 interface and then start airmon the mon0 interface uses the original wlan0 mac address not the spoofed mac. Quote
vdub Posted May 11, 2012 Author Posted May 11, 2012 (edited) Well I just had to reset the test router for the 4th time. At least It went almost all day by adding the -d 10. I am going to try increasing the delay to 15 seconds and see if that helps. This time it locked up at 2640 pin attempts. Is it typical for reaver to ddos the router this many times. If you ask me it seams like wps is pretty secure if that’s the case. In the wild there is no way this would work. By the time you get the pin the owner of the router would have reset it or replaced it thinking it was bad. At this rate I will have to reset the router another 12 times before getting the pin since the pin is 9441****. Edit: I am now trying -d 15 -t 3 -x 300 -d = delay in seconds -t = pin reply timeout -x = seconds delay after 10 failed pin attempts. I'm hoping with these settings it will be more like walking on egg shells. Because it looks like that's what its going to take. Is there a way to start reaver back words. I mean start at 9999 rather then 0000? Edited May 11, 2012 by vdub Quote
Mr-Protocol Posted May 11, 2012 Posted May 11, 2012 Well I just had to reset the test router for the 4th time. At least It went almost all day by adding the -d 10. I am going to try increasing the delay to 15 seconds and see if that helps. This time it locked up at 2640 pin attempts. Is it typical for reaver to ddos the router this many times. If you ask me it seams like wps is pretty secure if that’s the case. In the wild there is no way this would work. By the time you get the pin the owner of the router would have reset it or replaced it thinking it was bad. At this rate I will have to reset the router another 12 times before getting the pin since the pin is 9441****. It only blocks out the WPS, the rest of the router functionality is not interrupted at least on my router. I haven't tried changing MAC addresses but I think it's more on the router firmware side that either shuts down for X time or until reboot. Not too sure. Quote
vdub Posted May 11, 2012 Author Posted May 11, 2012 It only blocks out the WPS, the rest of the router functionality is not interrupted at least on my router. I haven't tried changing MAC addresses but I think it's more on the router firmware side that either shuts down for X time or until reboot. Not too sure. I tried connecting to the router with an Ethernet cable and it was dead. Completely locked up. After pulling the power plug and letting it reboot its back to taking keys again. However, this is the 4th time and I am only 25% of the way though. The router does have a 5 minute timeout after 30 missed keys but the 10 second timeout that I did took care of that. It does not timeout for any time at all until it just locks up. BTW, I'm not sure if I mentioned this but this router is a Netgear n150. Its one of the new ones that does not come with an external antenna. However my alfa is about 5' away so I don't think its a connection problem. I tried earlier to lower the txpower on the alfa thinking that maybe it was overwhelming it but that had no effect. Its running at 20mW again. I have a hand full of wrt54g routers but they are all running ddwrt which does not support wps. I assume I could always flash the Linksys firmware back on to one of them and see if its just due to a cheap netgear router. However, I know a ton of people use the n150 and I sell these things like crazy. I guess there also the chance that netgear did something to protect from this kind of attack and making the router lock up was the easiest way to stop the attack. However, I checked the routers logs and they showed no indication that the router was under attack. Quote
Mr-Protocol Posted May 11, 2012 Posted May 11, 2012 I would almost say that router companies didn't code it well enough to deal with tons of WPS requests. Who would have ever thought it would be abused like that? Then again, I wish I could view the source of popular router companies to find out :). Quote
vdub Posted May 11, 2012 Author Posted May 11, 2012 I would almost say that router companies didn't code it well enough to deal with tons of WPS requests. Who would have ever thought it would be abused like that? Then again, I wish I could view the source of popular router companies to find out :). lol, Yeah I wonder how much obscurity we would find. Maybe even a backdoor WPA key. Quote
vdub Posted May 11, 2012 Author Posted May 11, 2012 I'm pretty sure that the 15 second delay was the ticket. Its been running smooth for hours. Not a single missed pin attempt. Real slow though. Quote
vdub Posted May 11, 2012 Author Posted May 11, 2012 I'm pretty sure that the 15 second delay was the ticket. Its been running smooth for hours. Not a single missed pin attempt. Real slow though. Nope. Woke up to a locked up router. Quote
vdub Posted May 12, 2012 Author Posted May 12, 2012 Locked up agian. I have done 4649 pin attempts with 5 lockups. Has anyone else gotten this to work. I thought it was more of a sure thing then it seams to be. Quote
shadowmmm Posted May 12, 2012 Posted May 12, 2012 (edited) Its your components or the signal strength on my 24 ap's i tried it with the alfa awus036h and all where succsessful. Edited May 12, 2012 by shadowmmm Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.