musketteams Posted December 5, 2014 Share Posted December 5, 2014 (edited) Musket Teams developed what we term the Reaver Replay Attack for our own use. We have published this previously but have found a mac-spoofing twist. Using a simple reaver command line did not work against the targeted router. To drag WPS pins out of the router we had to use the longer command line suggest by the author of autoreaver: reaver -i mon0 -a -f -c 1 -b XX:XX:XX:XX:XX:XX -r 3:10 -E -S -vv -T 1 -t 20 -d 0 -x 30 --mac=00:11:22:33:44:55 The pins jumped from less than 10% up to 91% but it still took two days to move thru approx 1000 pins. Finally as we suspected would occur, at 99% the pins spun endlessly . To solve the problem we used the replay attack - we ran reaver again: reaver -i mon0 -c 1 -b XX:XX:XX:XX:XX:XX -r 3:10 -E -vv -T 1 -t 20 -d 0 -x 30 --mac=00:11:22:33:44:55 We removed the -a and the -f and the -S use DH-SMALL Reaver asked us to restore previous session AND WE SELECTED NO This started reaver with a new session BUT NOT using DH-Small The WPS pin fell out after a single successful pin request HOWEVER there was no WPA key? Confused we ran the attack again -still no WPA Key . We checked the command line and found that the mac address that we were spoofing had not been set up properly. The mac in the reaver command line did not match the actual spoofed mac address. We corrected, this, ran the reaver attack again, ie new session without DH-small and bingo both the WPA Key and the WPS pin were provided. Note the mac problem only occured when we ran the replay. In all other sessions the mac was correct as we used our new version of VMR-MDK009x.sh which will be released soon, However the replay was done from the command line. . In short if the WPS pin spins at 99:99%. Restart the attack from the beginning, remove the -S DH-small. Make sure the mac address you are spoofing in the reaver command line is the mac address shown for the monitor when you type ifconfig. We have duplicated the reaver replay attack many many times however the mac problem was something new. .MTeams Edited December 5, 2014 by musketteams Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.