Jump to content

[Support] WPS

Whistle Master

By Whistle Master
in Mark V Infusions

 Share

Recommended Posts

raz0r Newbie

raz0r

Posted
Posted

I find it is better then Reaver BUT you need to be really close for it to work smooth, other wise you just get timeouts !!

Yea get a good outdoor antenna but make sure you got the right connectors on the end m8

Let me know how u get on

Regards

Raz0r

Link to comment
Share on other sites
  • Replies 436
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

raz0r Newbie

raz0r

Posted
Posted (edited)

Good to hear its working for you :)

Try attacking it with Bully and use the -D option as it detects lockouts.

Or you could try putting a delay in with Reaver

Best thing to do is try different settings and see what works for you.

usage: bully <options> interface
Required arguments:
  interface      : Wireless interface in monitor mode (root required)
  -b, --bssid macaddr    : MAC address of the target access point
Or
  -e, --essid string     : Extended SSID for the access point
Optional arguments:
  -c, --channel N[,N...] : Channel number of AP, or list to hop [b/g]
  -i, --index N          : Starting pin index (7 or 8 digits)  [Auto]
  -l, --lockwait N       : Seconds to wait if the AP locks WPS   [43]
  -o, --outfile file     : Output file for messages          [stdout]
  -p, --pin N            : Starting pin number (7 or 8 digits) [Auto]
  -s, --source macaddr   : Source (hardware) MAC address      [Probe]
  -v, --verbosity N      : Verbosity level 1-3, 1 is quietest     [3]
  -w, --workdir path     : Location of pin/session files  [~/.bully/]
  -5, --5ghz             : Hop on 5GHz a/n default channel list  [No]
  -B, --bruteforce       : Bruteforce the WPS pin checksum digit [No]
  -F, --force            : Force continue in spite of warnings   [No]
  -S, --sequential       : Sequential pins (do not randomize)    [No]
  -T, --test             : Test mode (do not inject any packets) [No]
Advanced arguments:
  -a, --acktime N        : Deprecated/ignored                  [Auto]
  -r, --retries N        : Resend packets N times when not acked  [2]
  -m, --m13time N        : Deprecated/ignored                  [Auto]
  -t, --timeout N        : Deprecated/ignored                  [Auto]
  -1, --pin1delay M[,N]  : Delay M seconds every Nth nack at M5 [0,1]
  -2, --pin2delay M[,N]  : Delay M seconds every Nth nack at M7 [5,1]
  -A, --noacks           : Disable ACK check for sent packets    [No]
  -C, --nocheck          : Skip CRC/FCS validation (performance) [No]
  -D, --detectlock       : Detect WPS lockouts unreported by AP  [No]
  -E, --eapfail          : EAP Failure terminate every exchange  [No]
  -L, --lockignore       : Ignore WPS locks reported by the AP   [No]
  -M, --m57nack          : M5/M7 timeouts treated as WSC_NACK's  [No]
  -N, --nofcs            : Packets don't contain the FCS field [Auto]
  -P, --probe            : Use probe request for nonbeaconing AP [No]
  -R, --radiotap         : Assume radiotap headers are present [Auto]
  -W, --windows7         : Masquerade as a Windows 7 registrar   [No]
  -Z, --suppress         : Suppress packet throttling algorithm  [No]
  -V, --version          : Print version info and exit
  -h, --help             : Display this help information

root@Raz0r:~# reaver

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

Required Arguments:
	-i, --interface=<wlan>          Name of the monitor-mode interface to use
	-b, --bssid=<mac>               BSSID of the target AP

Optional Arguments:
	-m, --mac=<mac>                 MAC of the host system
	-e, --essid=<ssid>              ESSID of the target AP
	-c, --channel=<channel>         Set the 802.11 channel for the interface (implies -f)
	-o, --out-file=<file>           Send output to a log file [stdout]
	-s, --session=<file>            Restore a previous session file
	-C, --exec=<command>            Execute the supplied command upon successful pin recovery
	-D, --daemonize                 Daemonize reaver
	-a, --auto                      Auto detect the best advanced options for the target AP
	-f, --fixed                     Disable channel hopping
	-5, --5ghz                      Use 5GHz 802.11 channels
	-v, --verbose                   Display non-critical warnings (-vv for more)
	-q, --quiet                     Only display critical messages
	-h, --help                      Show help

Advanced Options:
	-p, --pin=<wps pin>             Use the specified 4 or 8 digit WPS pin
	-d, --delay=<seconds>           Set the delay between pin attempts [1]
	-l, --lock-delay=<seconds>      Set the time to wait if the AP locks WPS pin attempts [60]
	-g, --max-attempts=<num>        Quit after num pin attempts
	-x, --fail-wait=<seconds>       Set the time to sleep after 10 unexpected failures [0]
	-r, --recurring-delay=<x:y>     Sleep for y seconds every x pin attempts
	-t, --timeout=<seconds>         Set the receive timeout period [5]
	-T, --m57-timeout=<seconds>     Set the M5/M7 timeout period [0.20]
	-A, --no-associate              Do not associate with the AP (association must be done by another application)
	-N, --no-nacks                  Do not send NACK messages when out of order packets are received
	-S, --dh-small                  Use small DH keys to improve crack speed
	-L, --ignore-locks              Ignore locked state reported by the target AP
	-E, --eap-terminate             Terminate each WPS session with an EAP FAIL packet
	-n, --nack                      Target AP always sends a NACK [Auto]
	-w, --win7                      Mimic a Windows 7 registrar [False]

Example:
	reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv
Edited by raz0r
Link to comment
Share on other sites
cheeto Newbie

cheeto

Posted
Posted

Hi Raz0r,

I was playing around with bully last night. (attacking my Dlink Dir655 router)

And i noticed that it timed out on me after 10 minutes.

Maybe if i leave it on over night it might get out of the time out state. It´s worth a try.

I will take your advice and try the "-D" option tonight after work.

I'll keep everyone posted.

Thanks,

cheeto

Link to comment
Share on other sites
raz0r Newbie

raz0r

Posted
Posted (edited)

Yea I find that also with bully sometimes

But I have a little present for you one that has been over looked !!

I'm no good at PHP but I got friends who are

How about making this into an infusion !!!

I have used it many times on routers my own of course

http://lampiweb.com/foro/index.php?topic=9834.0

Now what about if this were to be an infusion download the script in Kali and let me know what you think

Raz0r

Edited by raz0r
Link to comment
Share on other sites
cheeto Newbie

cheeto

Posted
Posted

WHERE ON EARTH DO YOU FIND THESE THINGS? :)

That looks sweet! I know that there are some people who are really contributing in making infusions.

I think there should be a "infusion request, or vote section"

This place here is really good too: http://www.wifislax.com/

Much easier than Kali. There is a great script called "Yamas" It will sslstrip a whole network, Simply amazing.

Link to comment
Share on other sites
raz0r Newbie

raz0r

Posted
Posted

Wifislax is good I've been using it but I'm a Kali fan I have been using it since it started off now I'm 31 lol and still love security .

Believe me m8 translate that page and sign up.

Download the script and use it on Kali

But only on your own router other wise u might get into trouble

Regards

Raz0r

Link to comment
Share on other sites
raz0r Newbie

raz0r

Posted
Posted

Also the best way to lern is not by scripts but the manual way other wise people will call u a script kiddie

Learn the hard way first , that script is good for mitm and evil twin I believe ;)

Raz0r

Link to comment
Share on other sites
cheeto Newbie

cheeto

Posted
Posted

Raz0r your credit is more than deserved, I really appreciate you walking me through the steps.

My idea will be to make small tutorials as I learn how to use the Mkv.

This might come in handy for all the newbies out there. By the way, is there a tutorial section in this webpage?

I updated the video tutorial, Take a look at it now:.

https://mega.co.nz/#!mYVw1CzT!4sNWGUmTstnnPiCnCIdhrMla3Cg_ihRBoDNzRDdc03g

Also, you once mentioned something about saving your Reaver session. For example, I could leave my Mkv on all night and get 30% but I later wish to shut it off and continue another day.

Do you remember how to do that? In Kali, it's simply a question of stopping Reaver. (as it automatically saves the session) .

Cheers,

Cheeto

Link to comment
Share on other sites
GermanMeat Newbie

GermanMeat

Posted
Posted

Raz0r your credit is more than deserved, I really appreciate you walking me through the steps.

My idea will be to make small tutorials as I learn how to use the Mkv.

This might come in handy for all the newbies out there. By the way, is there a tutorial section in this webpage?

I updated the video tutorial, Take a look at it now:.

https://mega.co.nz/#!mYVw1CzT!4sNWGUmTstnnPiCnCIdhrMla3Cg_ihRBoDNzRDdc03g

Also, you once mentioned something about saving your Reaver session. For example, I could leave my Mkv on all night and get 30% but I later wish to shut it off and continue another day.

Do you remember how to do that? In Kali, it's simply a question of stopping Reaver. (as it automatically saves the session) .

Cheers,

Cheeto

Thanks bro for the much needed tutorial... I always wondered if it needed to be enabled or disabled.

Thanks

Link to comment
Share on other sites
thesugarat Newbie

thesugarat

Posted
Posted

Enabled or disabled was still a question?

I'd like to confirm some behaviors with WPS... Anybody else seeing that you have to enable the wlanX interface that you are trying to use so that the Refresh APs button will work? Otherwise it won't show anything.... I'm guessing that is on purpose to make sure it is in the "up" state. The problem with that is that both bully and reaver need the wlanX to be in the down state, but in monitor mode, to work. So what I've done is go into the WPS infusion. Pick the wlan interface I want to use and hit Start so that I can get the Refresh APs to work so that I can choose the AP I want to target. When I do this it populates the BSSID and channel info below. Once that is populated I hit the Stop button so that it disables the wlan interface, or at least gives it the down command. Once that is done I hit the Start Monitor mode button so that it creates mon0. After that I choose mon0 in the below section and choose either bully or reaver. Once I've done all this I can hit the Start button.

Link to comment
Share on other sites
thesugarat Newbie

thesugarat

Posted
Posted

You've completely missed my point. I wasn't asking... I quoted myself from this thread back in February for a reason. I pointed out then very specifically that both reaver and bully needed the interface to be in the "down" state or what you call disabled. The fact that in the infusions the words Disabled and Enabled are used could be providing some of the confusion as to how you can use an interface that is "disabled". That's because it's actually just in the "down" state.

Link to comment
Share on other sites
ZaraByte Newbie

ZaraByte

Posted
Posted

My complaint about WPS 1.3 is how do you tell if WPS is enabled on the networks that show up or not :B I know a couple of them have WPS enabled because i ran wash on kali linux but on this app it doesn't tell you if WPS is enabled or not just lists all the networks around.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...