kampfschrei / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

success on initial reaver attacks, then random weird results after using same equipment and routers #316

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Answer the following questions for every issue submitted:

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)

latest source as of today May 22, 2012, believe its showing as 1.5 now
also used version 1.4
also used version 1.3

1. What operating system are you using (Linux is the only supported OS)?
bt r2

2. Is your wireless card in monitor mode (yes/no)?
yes

3. What is the signal strength of the Access Point you are trying to crack?
22-35

4. What is the manufacturer and model # of the device you are trying to
crack?
linksys and belkin
5. What is the entire command line string you are supplying to reaver?
reaver -vv -i mon0 -b <router's mac> -s <savefile> -c channel 

6. Please describe what you think the issue is.
Getting random results. Only started using reaver as of version 1.4 and switch 
back and forth to recent source version and 1.4 release after problems started.

Using my 2 routers for testing, I was able to successfully reach 100% on both 
routers. No -t and -T needed. Also my routers are very close to my alfa awus36h 
usb adapter and successfully used reaver to grab pin quickly, no problem. 
Version 1.4

Second attempts, on v.1.4, didnt touch anything. I got up to 96% on one router, 
and 25% on another. Now i cant get reaver to associate when i have a good 
signal, its so close I can see them so its not an issue of poor signals. 
Airodump and aireplay confirms this too, also using aireplay -9 confirms a 
solid signal to pentest my routers besides showing injection is working. 

Basically I been getting this..

Waiting for beacon from <mac> 

So I did a quick test using airodump and beacons are normal and fast obviously 
since the routers are so close and in terms of sorting of beacons, its top 2 on 
the list so its not the lack of beacons, and using aireplay -1 on my first try 
Im already Assosciated 
06:44:35  Sending Authentication Request (Open System) [ACK]
06:44:35  Authentication successful
06:44:35  Sending Association Request [ACK]
06:44:35  Association successful :-) (AID: 1)

06:44:40  Sending keep-alive packet [ACK]
06:44:45  Sending keep-alive packet [ACK]
06:44:50  Sending keep-alive packet [ACK]
06:44:55  Sending keep-alive packet [ACK]
06:45:00  Sending keep-alive packet [ACK]
06:45:05  Sending keep-alive packet [ACK]
and it goes on, since Im so close to routers 

Tried the latest source, same thing. 
I setup a crontab to do a module reset, i.e rmmod rtl18187, airmon-ng start 
wlan0, reaver .... just to make sure my interfaces didnt crap out on me, but 
not the case. Since running airodump I can clearly see my routers, and the 
beacons as if you were testing your own routers nearby your wifi adapter.

More troubleshooting stuff I did. Running airododump and aireplay together, I 
can get reaver to Associate, using -A or not, it will say its Associated but 
eventually timesout at each EAPOL sent request. 

[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request

Then suddenly as I type this I get this out of reaver
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Switching mon0 to channel 11
[+] Restored previous session
[+] Waiting for beacon from xx:xx:xx:xx:xx
[!] WARNING: Failed to associate with xx:xx:xx:xx:xx (ESSID: linksys)
[!] WARNING: Failed to associate with xx:xx:xx:xx:xx (ESSID: linksys)

This is reaver itself, not running airodump or aireplay btw. 

Then my other router, I get flooded with this had to control-C 
root@bt:/root# reaver -vv -i mon0 -b xx:xx:xx:xx:xx -c 11 -s belkin 

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Switching mon0 to channel 11
[+] Restored previous session
[+] Waiting for beacon from xx:xx:xx:Xx:xx

[!] WARNING: Failed to associate with xx:xx:xx:xx:xx (ESSID: (null))
[!] WARNING: Failed to associate with xx:xx:xx:xx:xx (ESSID: (null))

Then after a little while reaver looks like its working, it associates again, 
but unable to continue the saved session, nor a new session, since I read 
people were getting stuck at 99% or at a certain pin. So a new session didnt 
make any difference in the output. 

snipped off some of the same messages below
[!] WARNING: 10 failed connections in a row
[+] Trying pin 38996061
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] 96.45% complete @ 2012-05-22 07:44:08 (0 seconds/pin)

Reaver looks promosiing, worked awesome first go, but i tried many 
troubleshooting methods that hopefully can help with our adapters. The alfa 
adapter has been very popular and has worked 100% great with everything. I 
successfully pentest'd using many tools with this adapter. Im not sure why so 
many have problems with this and the rt2800usb N version as well, because that 
worked great for me too. But again I did successfull grabbed pins off my 2 
routers, so the adapter works just all of the sudden im having issues. 

I have a workstation running ubuntu with vmware with btr2 installed, some guy 
said to use the live cd instead of installing which is nonsense on a different 
issue ticket. Also I have a laptop with bt r2 installed, no dual boot, just bt 
on it installed. Results are the same. I tried things like moving away from the 
router getting right next to it, same weird outputs. 

I would like to see the awus036h exclusively tested with future releases, even 
just any rtl8187 adapter should suffice to support users like myself and the 
majority here. im pretty sure a good fraction of bt users or just wifi 
pentesting users uses this adapter and or realtek rtl8187 adapters. Will 
continue testing and try to figure out whats the problem on my end and submit 
if anything new comes up. And will test rt2800usb adapter once I have some time.

Original issue reported on code.google.com by fuufu...@gmail.com on 22 May 2012 at 12:53

GoogleCodeExporter commented 8 years ago
Did you try restarting the routers?

Original comment by BHT...@gmail.com on 2 Jun 2012 at 2:53