Error on Reaver 1.4 while on a brute force attack

[Xayaan.]

I have been using reaver to brute-force attack on my WPA/WPA2 connection , But i seem to have a problem , The WPS pin cannot be found , It stops searching for a PIN at a specific place. Why is this happening ? And by the way i am using reaver from BEINI OS , Using Minidwep-gtk. I have searched for the WPA/WPA2 handshake and i've got it but i'm not sure if it really has a PSK or not because i tried cracking it using Cloudcracker and so far unsuccessful. I've tried with the 1.2 billion dictionary word list and i was unsuccessful. The router i am using for the WiFi is a Belkin 3bb9 router which is known for it's security standards. So my question is how do i fix this outcome for a positive one and what should i try?

Arguments used on reaver :

I Used the following arguments in reaver : -a -v -S -x 20 -r 100:10 -l 300

And the output is :

Waiting for beacon from : 08:86:3B:FD:CB:B0

Associalted with 08:86:3B:FD:CB:B0 (BSSID: belkin.3bb9)

Trying pin 12345670

Trying pin 12345670

Trying pin 12345670

Trying pin 12345670

Trying pin 12345670

Trying pin 12345670

Trying pin 12345670

(0.00% complete @ 2013-06-26 :18:53 (0 seconds/pin)

WARNING 10 false connections in a row

Trying pin 12345670

Trying pin 12345670

Trying pin 12345670

And it goes on as the same... No change. Is there any solution to this?

and

I Used Wireless card : wlan0 Atheros AR9285 ath9k-[phy0].

I have atta

Edited July 1, 2013 by Xayaan.

[Guest spazi]

Usually when I use reaver i type this:

reaver -i mon0 -c [channel number] -b [access point mac address] -vv

That's it.

Edited July 2, 2013 by spazi

[Pwnd2Pwnr]

2nd that Spazi...

root@kali: reaver -i wlan1 (your interface) -b (ssid) -vv (very verbose)

A quick way to snatch up a ssid:

root@kali:airmon-ng start wlan1 (your interface there)

root@kali:airodump-ng mon0

**:**:**:**:**:** <----SSIDS ! (copy and paste your target)

root@kali: reaver -i wlan1 (your interface) -b **:**:**:**:**:** -vv (very verbose)

...and if it gets nothing... usually means it is not susceptible. You can try wifite, fern (which I do not like and have removed), or airoscript-ng... but those use reaver ( I do believe ) as their WPA2/PSK module.

*EDIT* You should put your atheros to the side and snatch up an Alfa AWUS036h or 036hn (I do believe the 036hn is the newer model). Atheros is becoming a thing of the past from what I see and are buggier than spider sh*t.

.;' `;,
.;' ,;' `;, `;, WiFite v2 (r85)
.;' ,;' ,;' `;, `;, `;,
:: :: : ( ) : :: :: automated wireless auditor
':. ':. ':. /_\ ,:' ,:' ,:'
':. ':. /___\ ,:' ,:' designed for Linux
':. /_____\ ,:'
/ \

Edited July 2, 2013 by Pwnd2Pwnr

[Xayaan.]

Usually when I use reaver i type this:

reaver -i mon0 -c [channel number] -b [access point mac address] -vv

That's it.

I have used that method too. It seems that it really doesn't work.

And

root@kali: reaver -i wlan1 (your interface) -b (ssid) -vv (very verbose)

A quick way to snatch up a ssid:

root@kali:airmon-ng start wlan1 (your interface there)

root@kali:airodump-ng mon0

**:**:**:**:**:** <----SSIDS ! (copy and paste your target)

root@kali: reaver -i wlan1 (your interface) -b **:**:**:**:**:** -vv (very verbose)

I do not use Kali, I use BEINI , And i used the Minidwep-gtk on beini. So Mainly the processes are automated not much modification can be possible.(Which means that i have to push like 2-3 buttons and sit back and watch the airmon-ng screen processes.Yes, Wifite and fern as you have mentioned are available on Kali linux, Which i do not use.

and yeah , Hopefully this year i'll be upgrading it to Alfa AWUS036h or 036hn. ^_^

By the way, I have asked my friends for a challenge to try crack the Handshake file for them of my wireless network, The results were all negative. I cannot seem to recover it.

EDIT

------

I have searched for some articles regarding this and found this -> http://www.chmag.in/article/sep2012/cracking-wpawpa2-non-dictionary-passphrase

Which OS was used in the process?

And many users i have consulted have said that MINIDWEP-GTK on tinycore linux (BEINI) was very effective. But since my password is a non-dictionary passphrase, It's hard. And also, http://www.gnu.org/software/wget/ and http://www.gnu.org/software/wget/ and http://kaoticcreations.blogspot.in/2011/06/wordlists-password-profiling-with.html. Which one do you recommend and how do i install this on BEINI minidwep-gtk , Using root or online?

Edited July 2, 2013 by Xayaan.

[digip]

It was backtrack (judging from the root@bt) with probably an updated version of reaver and better wireless card. Distance, power, throttling, can all play into how you can get the pin. My old router was refurbished, and even with WPS enabled, I couldn't get the pin with the latest firmware. My new router, I just have WPS disabled, and the WPS key, now acts as my radio on/off switch due to the settings in the router, I can set it to do this vs WPS syncing. Not every router is vulnerable to WPS either. Some routers end up crashing, or you end up in a loop where it just repeats the first pin try over and over again, which is what my old router would do. Suggestions, try different OS and updated tools, with different wifi card, see if results change. Card I used was an old ralink (Linksys wusb54gc) with enhanced rt73 drivers but it could also have been my card that was causing more issues than anything else.

[Pwnd2Pwnr]

I am not familiar with BEINI... I will assume it is another flavor distro for pentesting. Good luck.

[Xayaan.]

Suggestions, try different OS and updated tools, with different wifi card, see if results change. Card I used was an old ralink (Linksys wusb54gc) with enhanced rt73 drivers but it could also have been my card that was causing more issues than anything else.

Yes , I have been looking for suitable OSes and Have found one, Seems to have a reputed knowledge of success. , If you don't mind :) -> http://xiaopan.co/

And also as you have mentioned above, Yes my router seems to crash and the looping seems to occur when using reaver for the attack. It cannot get the WPS and it fails everytime. So my luck with reaver has ended. However, I wonder if all the updated OSes and Tools work. And also , My laptops GPU and CPU power is not good based on the review , It has Intel ATOM processor and a Nvidia GPU. I use this laptop for such processes since i cannot risk another good laptop of mine being damaged (Hardware-damage and something deletion of OS)

I am not familiar with BEINI... I will assume it is another flavor distro for pentesting. Good luck.

Yes thank you :) , Thank you for your help anyway :) Appreciate it.

[Guest spazi]

I have the Alfa AWUS036h, freaking love it. From what I've read it's one of the best tool for cracking wifi, be it through WPS or WPA.

I've tried others and most have let me down. Might try the AWUS036NHA someday.

If reaver get's stuck it's probably a crappy access point/router or the signal is too low.

[digip]

Just to be clear, the software cracks the wifi, the card just maintains good injection and connectivity, range, etc. Cracking actually happens on the PC side with software.

@Xayaan as mentioned before, could try the WPA cracking method, check if your laptop(even though its a little Atom processor) has the ability to do CUDA cracking (which happens on the GPU side, not the CPU side) and may be sped up by creating a hashcat compatible file for cracking through OCLhashcat.

https://hashcat.net/cap2hccap/

http://hashcat.net/oclhashcat-plus/

http://hashcat.net/wiki/

Just have to let it run for days if needed.

[Guest spazi]

Just to be clear, the software cracks the wifi, the card just maintains good injection and connectivity, range, etc. Cracking actually happens on the PC side with software.

Yup

[Xayaan.]

@Xayaan as mentioned before, could try the WPA cracking method, check if your laptop(even though its a little Atom processor) has the ability to do CUDA cracking (which happens on the GPU side, not the CPU side) and may be sped up by creating a hashcat compatible file for cracking through OCLhashcat.

https://hashcat.net/cap2hccap/

http://hashcat.net/oclhashcat-plus/

http://hashcat.net/wiki/

Just have to let it run for days if needed.

To be confirmed, I have gotten many suggestions for hashcat and xiaopan as well, Since i have only one more chance at this. I just have to install hashcat on windows 7 or do i have to make it bootable on a pendrive like OS?

From the screenshot on the hashcat oclhascat-plus website, It looks like it wasn't run on Windows 7 , My best guess is it is bootable?

and it provides :

Straight *

Combination

Brute-force

Hybrid dict + mask

Hybrid mask + dict

and as i read the documentation on the website to know more , I found out that the "Brute-force" documention on it was out-dated and they recommended Hybrid mask attack method. I really don't know how it works. It's much more complicated than reaver and Is it automated? So i should just let it run continuosly (Or days if i have to) without any worries? :)

EDIT

-------

Also , I have got a tip from google that Crunch and Aircrak-ng on Xiaopan OS is a recommended method too. What is your view on this? ^_^

and i recieved a guarantee of 10% if i use the method mentioned above however, I would like to know the chances on Hashcat. And try both :)

Edited July 3, 2013 by Xayaan.