Help with Reaver

[gmaslin]

I have successfully penetrated my D-Link 'N' router with reaver-1.4 in 8 hours. For the record, I had a complex 14 character key, WPS was disabled on the AP and I was using 2.4GHz Celeron. I read that a person experienced a problem similar to yours after successfully resolving a key. Check your settings to make sure that each pentest is properly flushed. Which package did you use? Did you 'make' and 'install' in one line or two subsequent lines like so: (make) then (make install)?

[hongman]

Yep shows up in wash.

The length of the actual passphase is irrelevant in this attack if I understand it correctly?

How do I make sure each pentest is properly flushed short of rebooting?

Also when you say which package...I just used whatever BT5R2 comes with. No manual installing.

[gmaslin]

I didn't know reaver shipped with bt5r2 so I installed it manually and that is what I assumed with my references to the "make" commands. Yes, you understood correctly, my WPA2 password is irrelevant with reaver but I disclosed it for comparative purposes to a dictionary attack. I use gerix to clear old session files. If you haven't used a file to resume a reaver attack and you have only one version of reaver on your box then the issue of residual files is not a concern.

Has anyone reading this optimized the delay setting to avoid the 'waiting for 60 seconds'? A nice sticky would include a table of routers, reaver option settings and the total time it took. Conversely, someone could put a spreadsheet in a wiki where the users could input their experience. With that kind of information, it wouldn't be long before we'd see what works best for which router. Any thoughts from the mods?

[hongman]

I'm not a mod but that idea sounds great.

I found a few posts referring to Draytek routers, all of which indicate they are immune to WPS attacks.

I have a spare Netgear WG602 v4 AP which im going to sey up in a mo to try with.

[hongman]

Ah well it seems the WG is not WPS enabled...

[Snayler]

Has anyone reading this optimized the delay setting to avoid the 'waiting for 60 seconds'?

Using the option -L. It will not work with all routers, tough. Another option is using a script that changes our MAC Address from time to time, in order to fool the router.

A nice sticky would include a table of routers, reaver option settings and the total time it took. Conversely, someone could put a spreadsheet in a wiki where the users could input their experience. With that kind of information, it wouldn't be long before we'd see what works best for which router. Any thoughts from the mods?

This you're describing already exists: WPS Flaw Vulnerable Devices.

[hongman]

Thank you! If there was a thank button...

[gmaslin]

Snayler
Thumb up for the page link! The -L option has locked or bounced me out of every router I've tried so far and changing your MAC won't help if the router is WPS rate limited. The router won't care who is asking, it just won't hand out more than x pins per y minutes. The best you can do to speed things up is play with the -T and -d options. If you are using the -S option, the optimum setting is -d 1.5 and -T .3 for most routers with a connection better than -70 on a noisy channel. By looking at the -vv output, you'll get a sense of how efficiently you are testing your pins. The aim is to successfully try at least four pins of five attempts.

[Akittta]

I have a Question. When using Wireshark or Tcpdump to monito Reaver. There is traffic from other AP's.
Is this normal..?