REAVER ON THE MARK V

[GermanMeat]

A important noob Linux terminal question.

If I SSH to create a session and disconnect. Is there any way to reconnect continue that session?

[eXsoR65]

Nice! I'm going to try that out, thank you!

As of for the SSH I don't think that is possible, If your goal is to have multiple terminals open then "Tmux" a terminal multiplexer is what i would recommended.

On that note.. now with Bully installed. Installed BullyWPS script (Ver 2.1 but in spanish)

BullyWPS Automation Script + mode

http://xiaopan.co/forums/downloads/bullywps-automation-script-mode-bruteforce-checksum-8c-0c-a3.241/

A important noob Linux terminal question.

If I SSH to create a session and disconnect. Is there any way to reconnect continue that session?

[jf12849]

Can't wait to see this happen. I want to try bully on Kali and test it. Hopefully I figure out my autossh relay server issues.

[yabasoya]

A important noob Linux terminal question.

If I SSH to create a session and disconnect. Is there any way to reconnect continue that session?

look up Linux command 'screen'

[Whistle Master]

WPS ;)

Edited January 24, 2014 by Whistle Master

[MagicPie]

Whistle Master. Will this infusion be available for the mark 4 aswell? This would be a great opportunity to make use of the mark 4.

[Whistle Master]

No, this infusion is only available for MK5.

[xrad]

Nice! I'm going to try that out, thank you!

As of for the SSH I don't think that is possible, If your goal is to have multiple terminals open then "Tmux" a terminal multiplexer is what i would recommended.

Actually you can using "screen" for Linux. Install through opkg.

[koolkarnt]

Hi all.

Is there a way for the Site Survey to reveal is the AP has WPS enabled please? I see some networks that I know dont support WPS pins or have them disabled. I have looked and looked and either I missing something or there is no clear indication of the supported WPS feature..

[raz0r]

By the way Bully u need to be close to the AP IE your own or have a good antenna !! Reaver will wait for a beacon but Bully wont chaps

Regards

Raz0r

[Darren Kitchen]

Hi all.

Is there a way for the Site Survey to reveal is the AP has WPS enabled please? I see some networks that I know dont support WPS pins or have them disabled. I have looked and looked and either I missing something or there is no clear indication of the supported WPS feature..

If it's in iwlist we can most likely highlight this.

[koolkarnt]

If it's in iwlist we can most likely highlight this.

Actually I started digging into the ssh side of the PA, and wouldnt ya know it? wash is already installed. - doesnt seem to work at this moment - just sits there.

So looking further found wifite can be installed and ran on Mrk 5 - tested

/# wget -O wifite.py http://wifite.googlecode.com/svn/trunk/wifite.py
/# chmod +x wifite.py
/# python wifite.py

anyways this is how I am now able to determine if a AP is WPS pin protected. ...

[ZaraByte]

Uhhhh! I just noticed last night that bully doesn't appear to work on the Mark 5 at least not for me.

i put wlan0 into monitor mode set the interface to mon0 change option from reaver to bully highlight my network running WPS click start Bully starts then stops and says wps is not running

i'll try again later today again maybe after their might have been some conflict when i was using some other app on the pineapple.

[Sebkinne]

Uhhhh! I just noticed last night that bully doesn't appear to work on the Mark 5 at least not for me.

i put wlan0 into monitor mode set the interface to mon0 change option from reaver to bully highlight my network running WPS click start Bully starts then stops and says wps is not running

i'll try again later today again maybe after their might have been some conflict when i was using some other app on the pineapple.

Dont use WLAN0

[ZaraByte]

@Sebkinne just a bad habit when you're used to using that interface all the time with one wireless card.

I'll try again with wlan1 next time i mess around with the pineapple right now i have it up as a honeypot testing something to make sure i don't have another problem on hand i don't wanna get all off topic but long story short my red light keeps going out so i assume the client mode wireless is hopefully just losing the signal from the network its connected to.

And not from the pineapple rebooting it's self or crashing due to a power issue even thou i have it connect via usb to my computers usb port.

[Doctor Matthew]

Uhhhh! I just noticed last night that bully doesn't appear to work on the Mark 5 at least not for me.

i put wlan0 into monitor mode set the interface to mon0 change option from reaver to bully highlight my network running WPS click start Bully starts then stops and says wps is not running

i'll try again later today again maybe after their might have been some conflict when i was using some other app on the pineapple.

I also have this problem, even when using wlan1. I have noticed some issues with the infusions that start the cards in monitor mode, they seem to have a channel -1 error. This sometimes causes some things to malfunction. And in this case, the error isn't reflected in the output on the WPS infusion. It just just appears to start then stop.

If you run airmon-ng and then run bully from SSH, this is the error that is given.

root@Pineapple:~# airmon-ng start wlan1

root@Pineapple:~# bully -b FF:FF:FF:FF:FF:FF -c 1 mon0

[!] Bully v1.0-22 - WPS vulnerability assessment utility

[+] Switching interface 'mon0' to channel '1'

[!] ioctl(SIOCSIWFREQ) on 'mon0' failed with '-1'

[X] Unable to set channel on 'mon0', exiting

For laughs, I just tested airodump-ng as well

CH 1 ][ Elapsed: 0 s ][ 2014-06-15 01:12 ][ fixed channel mon0: -1

It then proceeded to pick up packets of traffic on channel 11. Bazinga.

It works if I do this:

ifconfig wlan1 down

iwconfig wlan1 mode monitor

ifconfig wlan1 up

bully -b FF:FF:FF:FF:FF:FF -c 1 wlan1

etc etc

I haven't even seen a benefit or difference of using airmon-ng after putting the card in monitor mode anyway? Is there one?

When I first started playing around with my pineapple on firmware 1.2.0, it seemed that this issue was present then as well. However I worked around it this way. IIRC, at the time the downside of not using airmon-ng appeared to be that I had to also run iwconfig wlan1 channel X commands every time I wanted to specify a new channel, or airodump etc, would not run unless it was already on the channel I specified. In firmware 1.4.1, I no longer have to issue an iwconfig command to change channels beforehand. It just works, as I'm used to in backtrack/kali.

TL:DR It does work, I successfully pentested an older router just this weekend using the above method. The infusion I could not get to operate as it was, but I think it's a core problem with airmon-ng itself, which if memory serves, requires recompiling the kernel to fix a -1 channel issue? Been a while since I read up on how to fix it with certain cards.

[Sebkinne]

If you see the -1 issue, it's because the interface used to create the monitor interface is up. Just issue an "ifconfig wlan1 down" and the -1 goes away.

This helps foefor bully, reaver airodump.

There are lots of posts on the -1 topic already, so for more information please search the forums.

Best regards,

Sebkinne

[Doctor Matthew]

Oh.

Well. Touche. Now I understand. If I click that big friendly button that says '[disable]' and then '[start monitor]' it works fine from the infusion.

I did not get the memo. I apologize. Now I know, and knowing is half the battle.

[Sebkinne]

Oh.

Well. Touche. Now I understand. If I click that big friendly button that says '[disable]' and then '[start monitor]' it works fine from the infusion.

I did not get the memo. I apologize. Now I know, and knowing is half the battle.

Not your fault, I should put it into the FAQ. Would be good if infusion developers made it all automatic ;)

Best regards,

Sebkinne

[koolkarnt]

exciting update: have managed to installed Wpspy.py, wpscan.py & scapy which has assisted with nothing..... but hey.. nice to know they work.

was toying with the idea of accessing PA via eth0 and seeing wlan0 to do somework (ath card rather than realtek). the above posts suggest nah.. waste of time. thought the different cards may make difference on my tg587n v3...

If anyone has had any... and I mean more than 20% wps pin success rate with a technicolour tg587n v3 .. let me know. best i have gotten so far is like 0.03% with a 320 timeout on lockouts.

Edited June 15, 2014 by koolkarnt

[koolkarnt]

bvtw - Hating the "Disable Wlan0" option so close to the others.. since im accessing via wlan0 on wifi.. its a rather annoying to accidently disable your access to PA - how do I code this line to be on the far right ... waaaay away from directly above "diable wlan1" option????

Not your fault, I should put it into the FAQ. Would be good if infusion developers made it all automatic ;)

Best regards,
Sebkinne

[ZaraByte]

@koolkarnt possibly by adding a <br > between the two wireless names. you'd have to either ssh into the pineapple or use WinSCP which is easier :B

[yabasoya]

Now I know, and knowing is half the battle.

G.I. Joe!!

Edited June 15, 2014 by yabasoya

[ZaraByte]

Welp i had no luck figuring out where to place a break at for the WPS tool so that wlan0 and wlan1 would have a gap i would assume you'd need to add a echo "<br />" some place in the large tile or maybe something in the css file.

[koolkarnt]

Thanks Zarabyte -will have a look via ssh and have a chat to the WPS infusion code - see if I can have a win with moving that little irratation to another place.