deviouschu / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

reaver v1.4 either hangs at Waiting for beacon or fails to associate #172

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
A few things to consider before submitting an issue:

0. We write documentation for a reason, if you have not read it and are
having problems with Reaver these pages are required reading before
submitting an issue:
http://code.google.com/p/reaver-wps/wiki/HintsAndTips
http://code.google.com/p/reaver-wps/wiki/README
http://code.google.com/p/reaver-wps/wiki/FAQ
http://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers
1. Reaver will only work if your card is in monitor mode.  If you do not
know what monitor mode is then you should learn more about 802.11 hacking
in linux before using Reaver.
2. Using Reaver against access points you do not own or have permission to
attack is illegal.  If you cannot answer basic questions (i.e. model
number, distance away, etc) about the device you are attacking then do not
post your issue here.  We will not help you break the law.
3. Please look through issues that have already been posted and make sure
your question has not already been asked here: http://code.google.com/p
/reaver-wps/issues/list
4. Often times we need packet captures of mon0 while Reaver is running to
troubleshoot the issue (tcpdump -i mon0 -s0 -w broken_reaver.pcap).  Issue
reports with pcap files attached will receive more serious consideration.

Answer the following questions for every issue submitted:

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)
reaver v1.4

1. What operating system are you using (Linux is the only supported OS)?
backtrack 5

2. Is your wireless card in monitor mode (yes/no)?
yes, mon0

3. What is the signal strength of the Access Point you are trying to crack?
-55

4. What is the manufacturer and model # of the device you are trying to
crack?
Cisco Linksys E1000

5. What is the entire command line string you are supplying to reaver?
reaver -i mon0 -c 11 -b 00:11:22:33:44:55 -vv 

6. Please describe what you think the issue is.
In version 1.3, reaver associates fine and continues the cracking process.
Mac filtering disabled and able to connect to the router fine.
In version 1.4 there appears to be an association problem, so am wondering 
whether hardware support has changed at all.. ?
Chipset Realtek RTL8187L 
Driver rtl8187

7. Paste the output from Reaver below.

root@bt:~# reaver -i mon0 -c 11 -b 00:11:22:33:44:55 -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Switching mon0 to channel 11
[+] Waiting for beacon from 00:11:22:33:44:55
^C
[+] Nothing done, nothing to save.

Original issue reported on code.google.com by TAPE.RU...@gmail.com on 23 Jan 2012 at 9:15

GoogleCodeExporter commented 9 years ago
Try using r8187 driver on wlan0 by blacklisting rtl8187 and unblacklist r8187

Original comment by olli...@gmail.com on 24 Jan 2012 at 9:55

GoogleCodeExporter commented 9 years ago
If reaver can't see beacons from the target then it won't start the attack. 
Check your monitor mode interface and channel.

Original comment by cheff...@tacnetsol.com on 25 Jan 2012 at 4:41

GoogleCodeExporter commented 9 years ago
Hey and thanks for the comments, the strange thing is that v1.3 works fine on 
exactly
the same setup.
So to recap ; 
I installed and used reaver v1.3 in backtrack 5 R1 (HD install on a Samsung 
N110)
Runs fine and all is well. 
Download v1.4 and install (./configure - make - make install  in the src/ 
directory)
Wash works great and shows my AP as vulnerable.
Reaver though does not..unable to associate even though using the exact same 
steps on the exact same system as when running v1.3
Others all seem to report that v1.4 is the shitsnitz, so I must be doing 
something differently as I also cant get it to work on a VMware backtrack 
image. 

Is there a particular update/reinstall procedure which MUST be followed ? 

Confused..  :/

Original comment by TAPE.RU...@gmail.com on 25 Jan 2012 at 6:08

GoogleCodeExporter commented 9 years ago
v1.4 definitively seems broken.

I'm using BT5R1 with an Alfa AWUS036H.

Was using v1.3. All good. Cracked 5 different test-lab APs.

Upgraded to v1.4. I get most of the errors/anomalies reported elsewhere here 
PLUS it will now NOT crack ANY of the 5 APs successfully cracked with v1.3. 
Just hangs or repetitively tries same PIN.

No other environment changes bar the v1.4 upgrade.

I have also noted the mon0 gets lost often too. Need to disconnect/reconnect 
etc.

Thanks for all your efforts!

Original comment by synap...@gmail.com on 27 Jan 2012 at 3:45

GoogleCodeExporter commented 9 years ago
I feel like the same about v1.4, will stay at 1.3

Original comment by olli...@gmail.com on 27 Jan 2012 at 4:16

GoogleCodeExporter commented 9 years ago
I've been running 1.4 all day against various APs with no issues. The only 
difference between my set up and what most people in this thread have seems to 
be that I'm not using Ubuntu 10.04, not BT5. I'll test on BT5 to see if I can 
replicate the problems. 

Can anyone provide actual pcaps?

Original comment by cheff...@tacnetsol.com on 28 Jan 2012 at 4:14

GoogleCodeExporter commented 9 years ago
Yep, just tested in BT5 and I get the same issues. No problems in Ubuntu 10.04 
with the same code. Can't say for sure why this would be, but I'd suggest not 
using BT5 for now.

Original comment by cheff...@tacnetsol.com on 28 Jan 2012 at 4:33

GoogleCodeExporter commented 9 years ago
I have this same issue. I noticed it happened after I did an apt-get upgrade 
and upgraded my backtrack. before then, it was fine. Im not sure what broke it?

Original comment by Jakob.Ch...@gmail.com on 28 Jan 2012 at 8:29

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Craig...

Can I make a suggestion please ?  I think it may be a good idea for you to use 
Backtrack as your test OS as I suspect most, if not all, of the Reaver user 
base will be using Backtrack.

Original comment by keyfo...@veryrealemail.com on 28 Jan 2012 at 11:43

GoogleCodeExporter commented 9 years ago
It would be very interesting to hear what the apt-get update/upgrade package was
that fubarred the reavr installation.
Jakob, when did you update BT5 ?  

Original comment by TAPE.RU...@gmail.com on 28 Jan 2012 at 11:55

GoogleCodeExporter commented 9 years ago
This may or may not be relevant but you can reproduce this error with 
dissimilar macs

If you spoof your mac in backtrack like this.

--macchanger -r wlan0

Then use Reaver with no -mac specified you will get the error above.

If you spoof your mac in backtrack and then define a different mac in Reaver 
you still get the error.

If however you spoof your mac in backtrack, then check what it is  using 
--macchanger -s wlan0 and copy the result into reaver --mac 00:11:22:33:44:55 
for example it should work !

Just to clarify this, the same spoofed mac in backtrack must be defined in 
Reavers command line using --mac.

Original comment by keyfo...@veryrealemail.com on 28 Jan 2012 at 1:31

GoogleCodeExporter commented 9 years ago
Any update on the BT5 anomaly?  Could it be conflict of driver patches?

Original comment by ryanjna...@gmail.com on 31 Jan 2012 at 5:14

GoogleCodeExporter commented 9 years ago
All I can say is that I have tried (in vmware) on both BT5 & BT5R1 and did
not have any success with reaver v1.4

Original comment by TAPE.RU...@gmail.com on 31 Jan 2012 at 6:01

GoogleCodeExporter commented 9 years ago
What I have to do to get v1.4 working is to use the -A switch and associate 
using 
aireplay-ng.. 

Then reaver seems to work fine, so seems like possibly something changed with 
the
way v1.4 associates.

This issue did not come up for me in v1.3

Original comment by TAPE.RU...@gmail.com on 4 Feb 2012 at 9:55

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Dont use VMWARE, use the Live CD, it solved my problems.

One other important thing: you must be close to the AP or have a good antenna, 
the power needs to be better than -50 in backtrack for example need to be 
"less" the better the "lower" -45 -40 and so on...

Original comment by frederi...@gmail.com on 20 Feb 2012 at 4:33

GoogleCodeExporter commented 9 years ago
Thanks your comment, however I was testing on both VMware version as well as a 
HDD install, as testing on my personal router, distance never more than 10M... 
csignal was adequate. 

Original comment by TAPE.RU...@gmail.com on 20 Feb 2012 at 6:07

GoogleCodeExporter commented 9 years ago
hi to all readers and supporters..

im just wanna ask if im finish installing reaver on backtrack 5 running in 
Vmware.
when everytime i attack the router.. i install reaver again? please let me know 
thank you.. your answer is very appreciated.

Original comment by elaj...@gmail.com on 8 Mar 2012 at 9:09

GoogleCodeExporter commented 9 years ago
Once i get pin ..........
if i change the wpa2 psk passphare 
how can i recover it if i had pin???

Original comment by parth3...@gmail.com on 11 Mar 2012 at 2:56

GoogleCodeExporter commented 9 years ago
I am also not able to associate the the AP. when used airodump-ng mon0 ,,i get 

BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 00:1C:A5:36:CC:5B  -66     3631        0    0   1  54e. WPA2 CCMP   PSK  Hawai
 00:1E:B3:05:5A:7E  -79     5954        0    0   4  54e. WPA2 CCMP   PSK  Jack
 00:19:C6:8D:9B:20  -88      512        0    0  11  54   OPN              ZXDSL

 BSSID              STATION            PWR   Rate    Lost    Frames  Probe     

 (not associated)   00:22:69:0E:1D:B3  -89    0 -12      0       15             
 (not associated)   00:26:82:8E:D4:61  -83    0 -12      0        9            

 I used reaver 1.4 and reaver 1.3 both and it nevers associates with the APs.
Earlier I cracked the same APs, but i think now they have enabled some filters 
on AP.
I even used mac spoofing, but it does not work may be because i did'nt get any 
associated clients with AP. 
I used wash -i mon0 -C and it shows the above two APs.
Does reaver works if DHCP is disabled, or if there is IP filtering enabled.
how to know the ip address of associated clients.
why i am getting "not associated clients", if all clients use static ip 
addreress will i always get not associated clients.???
Please help me i had spend 10 days on this and got nothing.

Original comment by toshu...@gmail.com on 7 May 2012 at 7:44

GoogleCodeExporter commented 9 years ago
i am using reaver-1.4 on vmware backtrack5r2 and i can not assoctoiated to the 
AP some body hellp me?

Original comment by tutu7...@live.com on 14 May 2012 at 6:23

GoogleCodeExporter commented 9 years ago
@tutu : paste the output of airodump-ng mon0, wash -i mon0 -C.

Original comment by toshu...@gmail.com on 14 May 2012 at 7:11

GoogleCodeExporter commented 9 years ago
if wash shows WPS Locked : No, does this means that i can run reaver on it ?

Original comment by Lwc.W.C...@gmail.com on 24 Jul 2012 at 3:58

GoogleCodeExporter commented 9 years ago
I've encountered this issue with BT5R2 under VMWare Workstation, using RTL8187L 
USB nics.
The NICs seem to get 'hung up', especially when forcing a channel.
Try not setting a channel on your cmdline. Also, try an ifconfig down/rmmod 
<wlan_driver_module>/modprobe <wlan_driver_module>/ifconfig up
Also if you're using monX interfaces, try ifconfig <wlan_if> down/iwconfig 
<wlanif> mode monitor/ifconfig <wlan_if> up and use the interface directly in 
monitor mode.
These are what has helped me with the "waiting for beacon" issue..

Original comment by benrya...@gmail.com on 28 Jul 2012 at 12:56

GoogleCodeExporter commented 9 years ago
in wash -i mon0 the name of ap didnot seen what can i do

Original comment by riyasbe...@gmail.com on 4 Mar 2013 at 6:57

GoogleCodeExporter commented 9 years ago
Help!
A few days ago,I used raver 1.4 to attack,everything went well.But now,it stays 
waiting for beacon from......Even on all the APs !why?
What can I do to make it continue to attack?

Original comment by whao1234...@gmail.com on 26 Apr 2013 at 3:43

GoogleCodeExporter commented 9 years ago
am new to reaver plz help !!
am using reaver 1.3 and 1.4 both giving same errore.
while giving the attack command.

root@bt:~# reaver -i wlan0 -b 00:11:22:33:44:55 -vv
its returning -bash: reaver:command not found 

tried also 
root@src:~# reaver -i wlan0 -c11 -b 00:11:22:33:44:55 -vv
with no luck on both 1.3 and 1.4 versions .
my interface is wlan0(external usb wifi card )
ive noticed an error 2 after giving the make command , but make install ended 
with no errors 
am runing bt3 live from cd .

Original comment by firassa...@gmail.com on 31 Aug 2013 at 12:42

GoogleCodeExporter commented 9 years ago
I was not able to get it to associate either. I added the -A param to release 
association task to aireplay.

first run
root@bt:~# aireplay-ng -1 0 -a <bssid> -h <your-fake-mac> -e "<essid>" mon0 -Q 
(the -Q continuously re-associates you)

then run
reaver -i mon0 -b <bssid> -vv -A
(-A removes association task from reaver)

Nick

Original comment by nicholas...@gmail.com on 24 Sep 2013 at 10:43

GoogleCodeExporter commented 9 years ago
I think I stumbled onto something that works for me 100% om getting reaver 1.4 
to associate with almost every router I've tried. I can't explain why this 
works or why metasploit is even involved with reaver. I assume you have 
metasploit installed on you computer for this to work. This only works for me 
if I do this in order....

Boot Computer, before doing anything like macchanger, or start mon0 
interface....or anything, open a console and type: service postgresql start  , 
then type: service metasploit start   , you might not need the metasploit part 
but I just do it as habit. Now go about the rest of starting reaver as normal. 
Maybe someone here who knows more about reaver or metasploit can explain why 
this works for me. By the way Im now using Kali, but I had the same issues with 
BT5-r3. Another note and problem, If your having trouble with metasploit 
updating and it just isnt right, get it right might help.  Scratching head but 
smiling.

Original comment by CamaroZ2...@gmail.com on 11 Oct 2013 at 1:51

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
I forgot to mention about portmapper. I get an error when starting up Kali, 
Warning: Portmapper not starting, I think this has something to do with Reaver 
not associating, before I had this error, it associated fine using reaver 1.4 
with Kali. 

Original comment by CamaroZ2...@gmail.com on 11 Oct 2013 at 2:54

GoogleCodeExporter commented 9 years ago
HI MR.CRAIG,

I HAVE A PROBLEM WITH REAVER TOOL 1.4 AND 1.3 ...SO IT'S START WPS CRACKING 
FROM 96.90% ON MANY NEW AP'S AND REPEAT THE SAME PIN ON 99.99% ,I HOPE YOU CAN 
FIX THIS PROBLEM SOON PLEASE.

REGARDS

HAPPY NEW YEAR.

Original comment by KMNXP...@gmail.com on 5 Jan 2014 at 4:43

GoogleCodeExporter commented 9 years ago
Hello Thank you everyone for the help, this is my problem. I get the failed to 
associate after about 10 minutes. It works fine the whole time until it reaches 
that point. Then I have to re associate with airodump-ng mon0 and then re run 
my reaver code. 

[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 19525679
[!] WARNING: Failed to associate with <mac> (ESSID: xxxxx)
[!] WARNING: Failed to associate with <mac> (ESSID: xxxxx)
^C
[+] Session saved.

is there a way to have it reassociate every lets say 10 minutes? without having 
to associate it manually the whole time. That would be 7 hours.

Thank you !

THis is my reaver code by the way 
reaver -i mon0 -b  <mac> -S -N -a -c 1 -vv -r 17:30

Original comment by fraf...@gmail.com on 15 Feb 2015 at 5:08

GoogleCodeExporter commented 9 years ago
I had success with Linksys E1000
Thank you. 

Original comment by fraf...@gmail.com on 17 Feb 2015 at 6:11