raz0r Posted May 29, 2014 Share Posted May 29, 2014 I find it is better then Reaver BUT you need to be really close for it to work smooth, other wise you just get timeouts !! Yea get a good outdoor antenna but make sure you got the right connectors on the end m8 Let me know how u get on Regards Raz0r Quote Link to comment Share on other sites More sharing options...
cheeto Posted May 29, 2014 Share Posted May 29, 2014 Hey Raz0r, IT WORKS!!!!!!!!!! but not on my Dlink Dir655. Could it be because it detects Wps attacks? THANK YOU SO MUCH! Cheeto Quote Link to comment Share on other sites More sharing options...
raz0r Posted May 30, 2014 Share Posted May 30, 2014 (edited) Good to hear its working for you :) Try attacking it with Bully and use the -D option as it detects lockouts. Or you could try putting a delay in with Reaver Best thing to do is try different settings and see what works for you. usage: bully <options> interface Required arguments: interface : Wireless interface in monitor mode (root required) -b, --bssid macaddr : MAC address of the target access point Or -e, --essid string : Extended SSID for the access point Optional arguments: -c, --channel N[,N...] : Channel number of AP, or list to hop [b/g] -i, --index N : Starting pin index (7 or 8 digits) [Auto] -l, --lockwait N : Seconds to wait if the AP locks WPS [43] -o, --outfile file : Output file for messages [stdout] -p, --pin N : Starting pin number (7 or 8 digits) [Auto] -s, --source macaddr : Source (hardware) MAC address [Probe] -v, --verbosity N : Verbosity level 1-3, 1 is quietest [3] -w, --workdir path : Location of pin/session files [~/.bully/] -5, --5ghz : Hop on 5GHz a/n default channel list [No] -B, --bruteforce : Bruteforce the WPS pin checksum digit [No] -F, --force : Force continue in spite of warnings [No] -S, --sequential : Sequential pins (do not randomize) [No] -T, --test : Test mode (do not inject any packets) [No] Advanced arguments: -a, --acktime N : Deprecated/ignored [Auto] -r, --retries N : Resend packets N times when not acked [2] -m, --m13time N : Deprecated/ignored [Auto] -t, --timeout N : Deprecated/ignored [Auto] -1, --pin1delay M[,N] : Delay M seconds every Nth nack at M5 [0,1] -2, --pin2delay M[,N] : Delay M seconds every Nth nack at M7 [5,1] -A, --noacks : Disable ACK check for sent packets [No] -C, --nocheck : Skip CRC/FCS validation (performance) [No] -D, --detectlock : Detect WPS lockouts unreported by AP [No] -E, --eapfail : EAP Failure terminate every exchange [No] -L, --lockignore : Ignore WPS locks reported by the AP [No] -M, --m57nack : M5/M7 timeouts treated as WSC_NACK's [No] -N, --nofcs : Packets don't contain the FCS field [Auto] -P, --probe : Use probe request for nonbeaconing AP [No] -R, --radiotap : Assume radiotap headers are present [Auto] -W, --windows7 : Masquerade as a Windows 7 registrar [No] -Z, --suppress : Suppress packet throttling algorithm [No] -V, --version : Print version info and exit -h, --help : Display this help information root@Raz0r:~# reaver Reaver v1.4 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com> Required Arguments: -i, --interface=<wlan> Name of the monitor-mode interface to use -b, --bssid=<mac> BSSID of the target AP Optional Arguments: -m, --mac=<mac> MAC of the host system -e, --essid=<ssid> ESSID of the target AP -c, --channel=<channel> Set the 802.11 channel for the interface (implies -f) -o, --out-file=<file> Send output to a log file [stdout] -s, --session=<file> Restore a previous session file -C, --exec=<command> Execute the supplied command upon successful pin recovery -D, --daemonize Daemonize reaver -a, --auto Auto detect the best advanced options for the target AP -f, --fixed Disable channel hopping -5, --5ghz Use 5GHz 802.11 channels -v, --verbose Display non-critical warnings (-vv for more) -q, --quiet Only display critical messages -h, --help Show help Advanced Options: -p, --pin=<wps pin> Use the specified 4 or 8 digit WPS pin -d, --delay=<seconds> Set the delay between pin attempts [1] -l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60] -g, --max-attempts=<num> Quit after num pin attempts -x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0] -r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts -t, --timeout=<seconds> Set the receive timeout period [5] -T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.20] -A, --no-associate Do not associate with the AP (association must be done by another application) -N, --no-nacks Do not send NACK messages when out of order packets are received -S, --dh-small Use small DH keys to improve crack speed -L, --ignore-locks Ignore locked state reported by the target AP -E, --eap-terminate Terminate each WPS session with an EAP FAIL packet -n, --nack Target AP always sends a NACK [Auto] -w, --win7 Mimic a Windows 7 registrar [False] Example: reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv Edited May 30, 2014 by raz0r Quote Link to comment Share on other sites More sharing options...
iluvethreeway Posted May 30, 2014 Share Posted May 30, 2014 Hey I successfully started to crack with bully. But after 5 mins, I only get timeouts. any ideas to fix? Quote Link to comment Share on other sites More sharing options...
raz0r Posted May 30, 2014 Share Posted May 30, 2014 Try getting a little closer to the AP or get a better antenna buddy Raz0r Quote Link to comment Share on other sites More sharing options...
iluvethreeway Posted May 30, 2014 Share Posted May 30, 2014 Im using alfa with 16dBi antenna Quote Link to comment Share on other sites More sharing options...
raz0r Posted May 30, 2014 Share Posted May 30, 2014 Then I'm not to sure I'm affraid someone here maybe able to assist you further Regards Raz0r Quote Link to comment Share on other sites More sharing options...
cheeto Posted May 30, 2014 Share Posted May 30, 2014 Hi Raz0r, I was playing around with bully last night. (attacking my Dlink Dir655 router) And i noticed that it timed out on me after 10 minutes. Maybe if i leave it on over night it might get out of the time out state. It´s worth a try. I will take your advice and try the "-D" option tonight after work. I'll keep everyone posted. Thanks, cheeto Quote Link to comment Share on other sites More sharing options...
raz0r Posted May 30, 2014 Share Posted May 30, 2014 (edited) Yea I find that also with bully sometimes But I have a little present for you one that has been over looked !! I'm no good at PHP but I got friends who are How about making this into an infusion !!! I have used it many times on routers my own of course http://lampiweb.com/foro/index.php?topic=9834.0 Now what about if this were to be an infusion download the script in Kali and let me know what you think Raz0r Edited May 30, 2014 by raz0r Quote Link to comment Share on other sites More sharing options...
cheeto Posted May 30, 2014 Share Posted May 30, 2014 WHERE ON EARTH DO YOU FIND THESE THINGS? :) That looks sweet! I know that there are some people who are really contributing in making infusions. I think there should be a "infusion request, or vote section" This place here is really good too: http://www.wifislax.com/ Much easier than Kali. There is a great script called "Yamas" It will sslstrip a whole network, Simply amazing. Quote Link to comment Share on other sites More sharing options...
raz0r Posted May 30, 2014 Share Posted May 30, 2014 Wifislax is good I've been using it but I'm a Kali fan I have been using it since it started off now I'm 31 lol and still love security . Believe me m8 translate that page and sign up. Download the script and use it on Kali But only on your own router other wise u might get into trouble Regards Raz0r Quote Link to comment Share on other sites More sharing options...
raz0r Posted May 30, 2014 Share Posted May 30, 2014 Also the best way to lern is not by scripts but the manual way other wise people will call u a script kiddie Learn the hard way first , that script is good for mitm and evil twin I believe ;) Raz0r Quote Link to comment Share on other sites More sharing options...
cheeto Posted May 31, 2014 Share Posted May 31, 2014 (edited) Hi folks, I made a small Reaver tutorial for those who are just getting their feet wet. (like myself) Thanks for helping me out, I hope this tutorial could help someone else out. Cheers, cheeto https://mega.co.nz/#!mYVw1CzT!4sNWGUmTstnnPiCnCIdhrMla3Cg_ihRBoDNzRDdc03g Edited May 31, 2014 by cheeto Quote Link to comment Share on other sites More sharing options...
raz0r Posted May 31, 2014 Share Posted May 31, 2014 Well done buddy thanks for the credit. Why dont you post this in the tutorial section Raz0r Quote Link to comment Share on other sites More sharing options...
cheeto Posted May 31, 2014 Share Posted May 31, 2014 Raz0r your credit is more than deserved, I really appreciate you walking me through the steps. My idea will be to make small tutorials as I learn how to use the Mkv. This might come in handy for all the newbies out there. By the way, is there a tutorial section in this webpage? I updated the video tutorial, Take a look at it now:. https://mega.co.nz/#!mYVw1CzT!4sNWGUmTstnnPiCnCIdhrMla3Cg_ihRBoDNzRDdc03g Also, you once mentioned something about saving your Reaver session. For example, I could leave my Mkv on all night and get 30% but I later wish to shut it off and continue another day. Do you remember how to do that? In Kali, it's simply a question of stopping Reaver. (as it automatically saves the session) . Cheers, Cheeto Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 31, 2014 Author Share Posted May 31, 2014 Whistle Master Any update as to getting bully to save over 64.5KB m8 ? Thanks Raz0r Nope, sorry, I've been quite busy those days Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 31, 2014 Author Share Posted May 31, 2014 ... This might come in handy for all the newbies out there. By the way, is there a tutorial section in this webpage? ... You can post your video here :) Quote Link to comment Share on other sites More sharing options...
raz0r Posted June 2, 2014 Share Posted June 2, 2014 Thanks for the update keep us posted :) Raz0r Quote Link to comment Share on other sites More sharing options...
GermanMeat Posted June 2, 2014 Share Posted June 2, 2014 Raz0r your credit is more than deserved, I really appreciate you walking me through the steps. My idea will be to make small tutorials as I learn how to use the Mkv. This might come in handy for all the newbies out there. By the way, is there a tutorial section in this webpage? I updated the video tutorial, Take a look at it now:. https://mega.co.nz/#!mYVw1CzT!4sNWGUmTstnnPiCnCIdhrMla3Cg_ihRBoDNzRDdc03g Also, you once mentioned something about saving your Reaver session. For example, I could leave my Mkv on all night and get 30% but I later wish to shut it off and continue another day. Do you remember how to do that? In Kali, it's simply a question of stopping Reaver. (as it automatically saves the session) . Cheers, Cheeto Thanks bro for the much needed tutorial... I always wondered if it needed to be enabled or disabled. Thanks Quote Link to comment Share on other sites More sharing options...
cheeto Posted June 2, 2014 Share Posted June 2, 2014 no problem. I'm glad to hear that it helped. Don't forget to thank raz0r. He taught me how to do this. Cheers!! Quote Link to comment Share on other sites More sharing options...
thesugarat Posted June 3, 2014 Share Posted June 3, 2014 Enabled or disabled was still a question? I'd like to confirm some behaviors with WPS... Anybody else seeing that you have to enable the wlanX interface that you are trying to use so that the Refresh APs button will work? Otherwise it won't show anything.... I'm guessing that is on purpose to make sure it is in the "up" state. The problem with that is that both bully and reaver need the wlanX to be in the down state, but in monitor mode, to work. So what I've done is go into the WPS infusion. Pick the wlan interface I want to use and hit Start so that I can get the Refresh APs to work so that I can choose the AP I want to target. When I do this it populates the BSSID and channel info below. Once that is populated I hit the Stop button so that it disables the wlan interface, or at least gives it the down command. Once that is done I hit the Start Monitor mode button so that it creates mon0. After that I choose mon0 in the below section and choose either bully or reaver. Once I've done all this I can hit the Start button. Quote Link to comment Share on other sites More sharing options...
raz0r Posted June 3, 2014 Share Posted June 3, 2014 Disabled m8 :) Take a look at the vid Regards Raz0r Quote Link to comment Share on other sites More sharing options...
thesugarat Posted June 3, 2014 Share Posted June 3, 2014 You've completely missed my point. I wasn't asking... I quoted myself from this thread back in February for a reason. I pointed out then very specifically that both reaver and bully needed the interface to be in the "down" state or what you call disabled. The fact that in the infusions the words Disabled and Enabled are used could be providing some of the confusion as to how you can use an interface that is "disabled". That's because it's actually just in the "down" state. Quote Link to comment Share on other sites More sharing options...
raz0r Posted June 10, 2014 Share Posted June 10, 2014 My bad fella i do apologies m8 Regards Raz0r Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted June 13, 2014 Share Posted June 13, 2014 My complaint about WPS 1.3 is how do you tell if WPS is enabled on the networks that show up or not :B I know a couple of them have WPS enabled because i ran wash on kali linux but on this app it doesn't tell you if WPS is enabled or not just lists all the networks around. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.