LexMichdeappel Posted April 30, 2014 Share Posted April 30, 2014 (edited) More and more routers are becoming resistant to the Reaver magic. That's a good thing, because we all want easy and secure working hardware in our (grand-)parents' homes. But are they really secure? Today I had an encounter with a stubborn fellow that tried to stop me from brutally forcing myself into his backdoor. WARNING: Detected AP rate limiting, waiting 60 seconds Good job boy, you kept me out, you're safe! Yeah right... So I fired up another command: mdk3 mon0 a -a [MAC] -m Let that rip for a minute, tried reaver again, bingo! It accepted my brute force methods again. But after a few minutes it locked up again. Time for some more of that mdk3 vaseline, let it rip again, and after reavering it accepted my crowbar. Now my question is, can someone explain to me or show me how to write some kind of script that does this automatically? So it should do this on it's own: reaver -i mon0 -b [MAC] -vv -S When it hits the AP rate limiter: ctrl-C mdk3 mon0 a -a [MAC] -m Run that for a minute or something and then again from the top: reaver -i mon0 -b [MAC] -vv -S When it hits the AP rate limiter: ctrl-C mdk3 mon0 a -a [MAC] -m And so on and so on and so on... Edited April 30, 2014 by LexMichdeappel 1 Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted May 1, 2014 Share Posted May 1, 2014 Funny stuff, I actually experimented with this last weekend.But for me it didn't work.You/I could probably write a script in python or something :) Quote Link to comment Share on other sites More sharing options...
LexMichdeappel Posted May 1, 2014 Author Share Posted May 1, 2014 Funny stuff, I actually experimented with this last weekend. But for me it didn't work. You/I could probably write a script in python or something :) My problem is, I can't. But I'd love to learn how. Should I first learn how to do Python or is it understandable how it works without in depth knowledge about Python? Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted May 1, 2014 Share Posted May 1, 2014 I'm not an expert in python, but it's pretty easy to learn.I would recommend learning python first, but maybe learning is by doing hehe :)I'll look into it though. I have spare tim this weekend. I want to make a script to make my life easier.There are several python modules to interact with the terminal and controlling applications such as Reaver. Quote Link to comment Share on other sites More sharing options...
LexMichdeappel Posted May 2, 2014 Author Share Posted May 2, 2014 I'm not an expert in python, but it's pretty easy to learn. I would recommend learning python first, but maybe learning is by doing hehe :) I'll look into it though. I have spare tim this weekend. I want to make a script to make my life easier. There are several python modules to interact with the terminal and controlling applications such as Reaver. That would be awesome. Especially if you do a little tiny bit of explaining how the script works. I don't really care if I crack open the router, I want to be able to understand how it's done. I found out the router starts complaining after 21 tries and after that it locks up. The mdk3 command only needs a few seconds of time to reset the router, I always ctrl-C when it hits 3000 clients connected. After that it's back to reaver again. I found out that " reaver -i mon0 -b [MAC] -vv -S -a -g 21 " works best. I added -c 1 to it, but I saw the router hop channels a few times. Went from channel 1 to 11 after having the backdoor raped by mdk3 a few times, so I sat there waiting for beacons that were not going to come anymore. I think reaver should come with some of those mdk3 functions embedded. When it hits the limiter, automatically switch to mdk3 and rape it. I guess I'm going to have to watch some more of that Coding 101 with Snubs and that Christian guy... Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted May 2, 2014 Share Posted May 2, 2014 Yeah, maybe making the script so that it takes user input on how many clients should be connected with mdk3 before switching back to reaver. I'll definetly look into this during the weekend. You have to test the script for me though, I don't have a router that is vulnerable to crashing with mdk3 1 Quote Link to comment Share on other sites More sharing options...
repzeroworld Posted May 15, 2014 Share Posted May 15, 2014 (edited) A script that i had worked on for fun but never meant to distribute....so now it is in distribution..have fun... Bash Script name: ReVdK3.sh Operations Gives you the option of running any of the mdk3 attacks (Authentication DoS Flood, Eapol Start Flood and Eapol Log off Attack) Starts reaver and detects when the AP is rate limiting pins, if rate limiting is detected.it floods the AP (three monitor interfaces must be started) for a time period you input until AP unlock itself....after unlocking it resumes reaver.. the link is below http://www72.zippyshare.com/v/82770958/file.html Edited November 30, 2014 by repzeroworld Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted May 15, 2014 Share Posted May 15, 2014 (edited) It may be simpler to add some code-patch to the source. So when it detects the limiter it runs a script. Edited May 15, 2014 by GuardMoony Quote Link to comment Share on other sites More sharing options...
repzeroworld Posted May 15, 2014 Share Posted May 15, 2014 you mean to the "source" reaver?..that seems like a great idea!..hope they do that someday :) Quote Link to comment Share on other sites More sharing options...
kerpap Posted May 27, 2014 Share Posted May 27, 2014 There is always more than 1 way to skin a tac I actually like this idea, I will try and whip up something. I can see a few ways of doing this in bash and python. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted May 27, 2014 Share Posted May 27, 2014 Quickly looking at the source, patching this functionality in is rather trivial. See line 143 of cracker.c. Simply do a system call to a script there. If you wish to change the script locations, you'll need to look at argparser.c and globule.c. You would have to add the argument to argparser.c and a get/set pair to globule.c. I might do this when I get some time.. Best Regards, Sebkinne 2 Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted May 27, 2014 Share Posted May 27, 2014 Line 211 is wps connection failed. You mean line 144 Sebkine? Maybe a quick and dirty line of testcode like: system("rateLimitScript.sh"); Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted May 27, 2014 Share Posted May 27, 2014 Line 211 is wps connection failed. You mean line 144 Sebkine? Maybe a quick and dirty line of testcode like: system("rateLimitScript.sh"); Yeah, no idea where I got 211 from. Anyway, the above will do the trick for a static script indeed. You will also want to basically decrease the wait timeout to a second or so - as the script will be executed in a blocking manner, you won't need the delay. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
repzeroworld Posted June 14, 2014 Share Posted June 14, 2014 (edited) RELEASE OF REVDK3-R1.shDOWNLOAD LINKhttp://www32.zippyshare.com/v/12811261/file.html----------------------------------------ReVdK3-r1.sh (Revision 1 README Section |---------------------------------------------------------------------------------------------WARNING: |Do not use this script without permission from the victim to carry out the specified attacks. ||This is the first offical revision of ReVdK3.sh script |----------------------------------------------------------------------------------------------Script features in this revision1. Runs reaver,aireplay-ng in one terminal and detects continously when reaver is rate limiting pins.After input of wireless adapter interface..it checks to see if there are any monitor interfaces on that adapter interface. Any existing monitor interfaces are wiped out and three new monitor interfaces are created. The script also uses these interface during the attacking process. In the event that aireplay times out because association issues or switches to "shared key open authentication", the script will re-run aireplay-ng.2. Runs mdk3 attacks until reaver detects that the WPS state of the AP has been unlocked. Once WPS has been unlocked it kills all mdk3 attacks and waits until reaver detects WPS has been locked again..this process goes on...3. Upon detection of 25 successive EAPOL start failures, the script floods the AP for 60 second to see if the AP will do a fresh reboot!4. Killing the script in a terminal will trigger it to remove all tmp files, force all processes started by the script to terminate and wiping out the three monitor interfaces it created..be patient about 1-2 seconds for termination of the script...Also you call close the terminal instead of killing this will send a hang up signal to do the necessary cleaning up.. Edited June 17, 2014 by repzeroworld 2 Quote Link to comment Share on other sites More sharing options...
100j Posted June 24, 2014 Share Posted June 24, 2014 Repzeroworld. i downloaded your file i just need help with how to execute it. do i have to fill in anything? Im sure i do but im not exactly sure what. i came to this site after running into ap limits. im hoping youd be nice enough to help me considering im no where near you in skill set level. thanks Quote Link to comment Share on other sites More sharing options...
repzeroworld Posted June 27, 2014 Share Posted June 27, 2014 (edited) hello 100j download script and type in a linux terminal chmod a+x <drag script here> afterwords just drag script into a terminal this is a bash script....i am thinking to write script in python..but i will leave it in bash codes for a while.... cheers Edited June 27, 2014 by repzeroworld 1 Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 27, 2014 Share Posted June 27, 2014 Keeping to the original post, I don't think MDK3 really makes a difference to the timeout of Reaver. Quote Link to comment Share on other sites More sharing options...
ViTALiTY Posted July 31, 2014 Share Posted July 31, 2014 Is there anything like this for Bully? Reaver doesn't work with me unfortunately. Quote Link to comment Share on other sites More sharing options...
oblivion2k Posted October 13, 2014 Share Posted October 13, 2014 Heads up, gnome-terminal throws an error on pwnpi using this script, mainly because gnome-terminal is not installed. Currently installing gnome-terminal and it's related packages to test fix. Quote Link to comment Share on other sites More sharing options...
LexMichdeappel Posted November 2, 2014 Author Share Posted November 2, 2014 The router I was doing this with was nowhere to be found a few days after posting this, so I completely forgot about it. Good to see it was picked up by others for testing, love you guys xxx. (Better late than never!) Quote Link to comment Share on other sites More sharing options...
repzeroworld Posted November 26, 2014 Share Posted November 26, 2014 I am working on incorporating bully in revdk3 script (95% completed)....I notice mac spoofing is affecting proper functioning of bully as compared to reaver... a little scared of this (still thinking...). 2 Quote Link to comment Share on other sites More sharing options...
DataHead Posted November 29, 2014 Share Posted November 29, 2014 Is there a chance that there will be an openwrt compatible version of this? Quote Link to comment Share on other sites More sharing options...
repzeroworld Posted November 30, 2014 Share Posted November 30, 2014 (edited) ****************ReVdK3-r2 (Revision 2)********************************Download Linkhttp://www56.zippyshare.com/v/UZrMxTtZ/file.htmlI have revised the script for those who prefer to use bully wps pin cracker. Now you have two options for pin cracking either reaver 1.4 or bullyDependency checks:the program checks to see if you have the following are installed so that the script can function well[1] reaver[2] bully (if you are using)[3] mdk3[4] aireplay-ng[5] gnome-terminal[5] timeoutPossbily the last revision of the script since new access points are getting invulnerable to the attacks...however i will experiment new attacks and see if they are effective for rebooting APs ..best of luck ReVdK3 users!..Credit to my friend WaLkZ and others who prefer bully wps pin cracker Edited January 29, 2015 by repzeroworld 1 Quote Link to comment Share on other sites More sharing options...
repzeroworld Posted November 30, 2014 Share Posted November 30, 2014 Is there a chance that there will be an openwrt compatible version of this? seems a little technical for me AT THIS POINT but you are looking to embedd the program into a device?.. a little more details would be good :D Quote Link to comment Share on other sites More sharing options...
DataHead Posted November 30, 2014 Share Posted November 30, 2014 (edited) Well, instead of using the gnome terminal, could the terminal invocations be replaced for an openwrt compatible one? Such as screen or tmux, byobu? As I'm still learning, this is beyond my current knowledge to make a working port for openwrt of your nice script! :-)My reason for wanting such, is to have it running on my ( and im sure many others ) Pineapple MarkV. so far it appears that the gnome terminal is the only thing hampering this from running on an openwrt system. even if lets say it were made to run in all one screen would be fine aswell. 0E 800 had attempted this and modified your script and named it "ReVdK3-rW.sh", that version is here: https://drive.google.com/file/d/0BzolLN2vKwxjcGNrYmp1cVBFT28/edit but i recall that one not working as planned on the pineapple, its been a while since ive tried it in order to pinpoint the problem. but there is a want / need for this script to be able to run on other systems that only supply a screen,tmux, byobu etc interfaces Edited November 30, 2014 by datahead Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.