Xayaan. Posted June 26, 2013 Share Posted June 26, 2013 I have been using reaver to brute-force attack a WPA/WPA2 connection , But i seem to have a problem , The WPS pin cannot be found , It stops searching for a PIN at a specific place. Why is this happening ? And by the way i am using reaver from BEINI OS , Using Minidwep-gtk. I have searched for the WPA/WPA2 handshake and i've got it but i cannot crack it since i don't have a proper dictionary to and i don't have the means to download one. I look forward to a reply to this thread. Thank you ^_^ Quote Link to comment Share on other sites More sharing options...
kerpap Posted June 26, 2013 Share Posted June 26, 2013 what arguments did you use during your scan? can you post some output? reaver wont work the same for every router and sometimes not at all. there is some tweeking that needs to be done when scanning like timeout settings, delays, no nacks etc. Quote Link to comment Share on other sites More sharing options...
Zombie_Testicle Posted June 26, 2013 Share Posted June 26, 2013 what antenna are you using, maybe get closer. ^ what he said ; give some more infio Quote Link to comment Share on other sites More sharing options...
Xayaan. Posted June 26, 2013 Author Share Posted June 26, 2013 kerpap,I Used the following arguments in reaver : -a -v -S -x 20 -r 100:10 -l 300 And the output is : Waiting for beacon from : 08:86:3B:FD:CB:B0 Associalted with 08:86:3B:FD:CB:B0 (BSSID: belkin.3bb9) Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 (0.00% complete @ 2013-06-26 :18:53 (0 seconds/pin) WARNING 10 false connections in a row Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 And it goes on as the same... No change. Is there any solution to this? and Zombie_Testicle,I Used Wireless card : wlan0 Atheros AR9285 ath9k-[phy0]. :) Quote Link to comment Share on other sites More sharing options...
digip Posted June 26, 2013 Share Posted June 26, 2013 (edited) Reaver has some drawbacks regardless of the antenna and how close, as in some routers, it can DOS them, make them reboot, or crash them, not to mention eventually get stuck in a loop and the router just ignores after so many failed attempts. Trial and error mainly, and can sometimes take over 24hours to work. Be sure to let it run slow, throttled, as sometimes letting it run fast, causes it to fail so use ( --dh-small ) at the end of your command line. Someone had a modification of the script that enabled slowing the speed of pin tries with multiple sessions and fake mac addresses under multiple terminals(recall seeing something on youtube that launched more than one terminal against the same router) but that in my mind, would still cause a DOS or crash most routers. I think the thing many people are moving over to now is wifite which has much of these things automated for you. I know Bwall and Ballast Security had taken the original project and forked their own version too - https://defense.ballastsecurity.net/wiki/index.php/Wifite which apparently works better than the original wifite tool. https://github.com/derv82/wifite/ Edited June 26, 2013 by digip Quote Link to comment Share on other sites More sharing options...
Xayaan. Posted June 26, 2013 Author Share Posted June 26, 2013 Reaver has some drawbacks regardless of the antenna and how close, as in some routers, it can DOS them, make them reboot, or crash them, not to mention eventually get stuck in a loop and the router just ignores after so many failed attempts. Trial and error mainly, and can sometimes take over 24hours to work. Be sure to let it run slow, throttled, as sometimes letting it run fast, causes it to fail so use ( --dh-small ) at the end of your command line. Someone had a modification of the script that enabled slowing the speed of pin tries with multiple sessions and fake mac addresses under multiple terminals(recall seeing something on youtube that launched more than one terminal against the same router) but that in my mind, would still cause a DOS or crash most routers. I think the thing many people are moving over to now is wifite which has much of these things automated for you. I know Bwall and Ballast Security had taken the original project and forked their own version too - https://defense.ballastsecurity.net/wiki/index.php/Wifite which apparently works better than the original wifite tool. https://github.com/derv82/wifite/ So basically , I have to use this python script along with reaver? And by the way , I use BEINI OS to use Reaver , Although reaver is a discontinued project. How do i use the python script along with reaver and Is it effective ? Quote Link to comment Share on other sites More sharing options...
digip Posted June 26, 2013 Share Posted June 26, 2013 Wifite and reaver are two different tools, but wifite, the forked version, can also do wps pin cracking like the original reaver script if I am not mistaken and does what reaver does. Read the documentation and sourcecode. Requires python(and aircrack if you want to crack a 4-way WPA handshake). Quote Link to comment Share on other sites More sharing options...
vector Posted June 27, 2013 Share Posted June 27, 2013 So basically , I have to use this python script along with reaver? And by the way , I use BEINI OS to use Reaver , Although reaver is a discontinued project. How do i use the python script along with reaver and Is it effective ? yes you must have reaver installed in order for wifite.py to do any WPS cracking, otherwise it will default to the aircrack-ng wpa cracking methods and will try to deauth and capture handshakes.wifite is just a script that will automate tools in reaver and aircrack-ng. check the wifite.py --help for more commands and options. wifite wont do anything that reaver cannot. Quote Link to comment Share on other sites More sharing options...
Xayaan. Posted June 27, 2013 Author Share Posted June 27, 2013 Yes , The actual problem here is, I already have a handshake but i don't have the means (A dictionary) to crack it and I have looked over a few paid-cracking services But before i go to that part i want to see if there is another way to crack the WPA/WPA2 connection. So as you have said : Wifite and reaver are two different tools, but wifite, the forked version, can also do wps pin cracking like the original reaver script if I am not mistaken and does what reaver does. Read the documentation and sourcecode. Requires python(and aircrack if you want to crack a 4-way WPA handshake). yes you must have reaver installed in order for wifite.py to do any WPS cracking, otherwise it will default to the aircrack-ng wpa cracking methods and will try to deauth and capture handshakes.wifite is just a script that will automate tools in reaver and aircrack-ng. check the wifite.py --help for more commands and options. wifite wont do anything that reaver cannot. Is reaver installable on Windows 7 ? I currently has reaver installed on BEINI OS , Regardless that it is a discontinued project. I still want to give it a try. And If reaver is uninstallable on windows 7? How exactly do i run reaver with the python script on BEINI OS? And If i Run Reaver on with the python script , Can i crack WPA/WPA2 ? Thank you all for your time. :) Best regards. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 8, 2013 Share Posted July 8, 2013 (edited) Just want to add, that Reaver can become infective against some routers. And that's due to the fact, that some routers have built in protection against Reaver. You're better off, just capturing the 4 way handshake and cracking it. Edited July 8, 2013 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Jeremy Jacobs Posted July 25, 2013 Share Posted July 25, 2013 The difference between getting a 4-way handshake and cracking wps with reaver is a no-brainer. after you get the handshake you have to challenge it against a dictionary. if you dont have the exact password in the dictionary then it tells you it wasn't there. Not that you were close or even an almost. Ontop of that it takes a long time (even with gpu acceleration). I have gotten many handshakes and not been able to crack them and i've cracked them within 10 minutes. On the other hand Reaver is a guarenteed crack. It just takes time and a pretty good signal (basically if you got a handshake you have a good enough signal to use reaver). play with the options. sometimes if you have minimum signal its just going to take a few days, or if you have a good signal you will want to alter options for speed. basically to crack any wifi it takes time and a little dedication jus tto learn the ins and outs. it isn't easy. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.