Open GoogleCodeExporter opened 8 years ago
Reference the above Belkin router. If the router inititally doesnot lock and
then locks try the following reaver command to slowly access the key
reaver -i mon0 -a -f -c XX -b D8:5D:4C:XX:XX:XX -vv -x 60 -L
--mac=00:11:22:33:44:55 # Router Name
Note you can remove the --mac command. However if you do wish to spoof the mac
code you must preload other commands prior to using the above command indicated
above or the spoof will not work and reaver will fail. We have noted this
problem elsewhere in the forum.
Original comment by muske...@yahoo.com
on 15 Apr 2013 at 12:45
We have done further work on this router. If the router initially displays its
ESSID name, AND 1. at first is seen to not have its WPS locked by wash but
latter after starting a reaver attack is shown as WPS locked OR 2. allows
association but fails to complete any pins or 3. allows association, obtains a
few pins and then locks try using the -e command and the "ESSID name" in the
reaver command string.
MTA
Original comment by muske...@yahoo.com
on 22 May 2013 at 2:51
[deleted comment]
[deleted comment]
Hi, I had two Arris routers available in wash with lock status as NO initially.
I tried the basic command of reaver to do them, and after 3 attempts, it kept
on showing "detected ap rate limiting waiting 60 seconds before re-checking". I
stopped the attack and when I try to resume it, I couldn't even accociate with
them, accosiate fail message and timeout message kept on showing. I checked
wash list, they both disappeared from the wash list. I don't know if my initial
attack was discovered by their security software and they turned off the WPS
feature or the two routers turned off the WPS by temselves due to my attack.
Later I got familiar with reaver and tried to play with those arguements but
none of them were working, which showed their WPS seemed already turned off
permanently for sure.
So what should I do?
I have some plans in mind.
1. Try to force these APs to reboot or reset, either by crash them via DDos or
anything else that will bring the similar results and then they will reboot or
reset by themselves or their holders will find their network are not working so
manually reset their routers. So by that I can use reaver again, but yet the
new problem is how to prevent they lock the WPS again.
2. I also tried the aircrack, but since their default passwords are up to 16
chacacters with combination of numbers and letters, the dictionary would be
extremely large. So after a try, I gave up.
3. As I know I can somehow use the MAC address or the manufactuer of the router
to search for their default PIN and WEP online(I believe they are still
defalut).
4. I don't know if I can log in to the routers' gateway page (192.168.100.1)
without actually successfully connected to the router(I mean just type a random
password when I try to connect them and it will still show the status as
"connected" in my connection panel). (And again, I still believe that username
and password are still default, which are admin and 1234).
Above are all the ways I can think of, could you please give me some
suggestions or how did you successfully crack those self-locked-permanently
routers?
Many many thanks for your help in advance.
Original comment by fdsavv...@gmail.com
on 4 Aug 2013 at 8:01
If the router ends up becomming locked at any point in your attack.. it may be
helpful to change your --lock-delay to 330 even though its default should be at
315 (5min 15 sec) i run reaver using reaver -i mon0 -b XX:XX:XX:XX:XX:XX -c 11
-d 180 --lock-delay=330 -vv
it may also be helpful to use wicd network manafer and run a false connection
(bad password) to take the router out of lock mode. works very seldomly but has
been known to work for me here and there.
Good luck and happy hacking.
please do not use any of this advice for illegal usage. this is for educational
purposes only. send attacks to your own router.
Original comment by dj.kil...@gmail.com
on 1 Sep 2013 at 5:50
Hi My Dear Brothers,
I got success in cracking over WPA-PSK routers/modem by using Reaver1.4 and
Currently i am using BackTrack5R3.
While cracking WPA2-PSK ( Wash tell me that -WPS Locked-"No". So i run
Reaver1.4 to crack it, i use Reaver -i mon0 -c XX -b XX -S -L -vv
Then
" switching mon0 channel xx
Waiting Becon from xx:xx:xx:xx:xx
associating with xx:xx:xx:xx:xx (ESSID:XXXX)
Trying Pin 12345670
Sending EAPOL start request
Received Identity request
Sending Identity Repose.
--------------------------------------------------
Now it stop here does not go further. Even waited one hour.
Then i Saw in google code that in this case open another konsol and try
aireplay-ng -1 120 -a BSSID mon0
But Issue remain same. Is there any issue over attacking WPA2-Psk Pin Codes.
Guidance is required about this Issue on this forum.
Thanks
Original comment by farrukhb...@gmail.com
on 20 Dec 2013 at 5:28
Original issue reported on code.google.com by
muske...@yahoo.com
on 27 Aug 2012 at 8:15