ocfish024 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Recieve timeout error occurred... over and over for days #338

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
A few things to consider before submitting an issue:

0. We write documentation for a reason, if you have not read it and are
having problems with Reaver these pages are required reading before
submitting an issue:
http://code.google.com/p/reaver-wps/wiki/HintsAndTips
http://code.google.com/p/reaver-wps/wiki/README
http://code.google.com/p/reaver-wps/wiki/FAQ
http://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers
1. Reaver will only work if your card is in monitor mode.  If you do not
know what monitor mode is then you should learn more about 802.11 hacking
in linux before using Reaver.
2. Using Reaver against access points you do not own or have permission to
attack is illegal.  If you cannot answer basic questions (i.e. model
number, distance away, etc) about the device you are attacking then do not
post your issue here.  We will not help you break the law.
3. Please look through issues that have already been posted and make sure
your question has not already been asked here: http://code.google.com/p
/reaver-wps/issues/list
4. Often times we need packet captures of mon0 while Reaver is running to
troubleshoot the issue (tcpdump -i mon0 -s0 -w broken_reaver.pcap).  Issue
reports with pcap files attached will receive more serious consideration.

Answer the following questions for every issue submitted:

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)
    1.4
1. What operating system are you using (Linux is the only supported OS)?
Ubuntu 12.04
2. Is your wireless card in monitor mode (yes/no)?
    Yes
3. What is the signal strength of the Access Point you are trying to crack?
-87 on the first one and -75 on the second one
4. What is the entire command line string you are supplying to reaver?
reaver -i mon0 -b F8:D1:11:AC:59:42 --vv -S --no-nacks -d 9
5. Please describe what you think the issue is.
It seems to be that the AP's stop receiving EAPOL packets after a certain 
amount of time. This happened to two different AP's that I tried both at a 
different point during the cracking. the first one jumped from like 30% to 92% 
the one day now all I get is errors no matter how I change the commands around. 
The second went a little quicker and got to about 30% but gives me the same 
errors with no way around them!
6. Paste the output from Reaver below.

Restore previous session for F8:D1:11:AC:59:42? [n/Y]
Restored previoous session
Waiting for beacon from F8:D1:11:AC:59:42
Swwitching mon0 to channel 4
Associated with F8:D1:11:AC::59:44442 (ESSID: surf)
Trying pin 34945674
Sending EAPOL START request
WARNING: Receive timeout occurred
Sending EAPOL START request
WARNING: Receive timeout occurred
Sending EAPOL START request
WARNING: Receive timeout occurred
Sending EAPOL START request
WARNING: Receive timeout occurred
Sending EAPOL START request
WARNING: Receive timeout occurred

it goes on and on like this forever no matter how i change my commands. does 
the same on the other AP as well.  I am not sure how to get to the pcap file 
but I can provide that if necessary, if I am told how. :)  Thanks for your help!

P.S. my comp gets WEP passwords and injects fine I just don't know what could 
be going on and its frustrating! 

Original issue reported on code.google.com by ffej5...@gmail.com on 18 Jun 2012 at 4:27

GoogleCodeExporter commented 8 years ago
oh i figured out the tcpdump. i put the code in and it says---

tcpdump: WARNING: mon0: no IPv4 address assigned
tcpdump: listening on mon0, link-type IEEE802_11_RADIO (802.11 plus radiotap 
header), capture size 65535 bytes

thats all it says when i run reaver....

Thanks again!

Original comment by ffej5...@gmail.com on 18 Jun 2012 at 4:39

GoogleCodeExporter commented 8 years ago
Those TP-LINK routers that start with F8:D1:11 have a lock-up of the WPS 
function until restarted after 10 incorrect PINs.
I am very interested to know how you managed to get to PIN 3494.
Use wash
Code:
wash -i mon0
or
wash -i mon0 -C -s
to see if the AP is locked. It needs to be rebooted to get unlocked so you can 
try ti brute the PIN again.
What options did you use when bruting this AP to get over the automatic lock 
mechanism?

Original comment by BHT...@gmail.com on 20 Jun 2012 at 5:33

GoogleCodeExporter commented 8 years ago
ok. did wash =i mon0 and the AP does not have WPS locked. Either of the 2 I 
can't crack. The MAC's are A0:21:B7:A2:0B:CA and F8:D1:11:AC:59:42. It seemed 
that injecting the AP and airodump are what helped me get to key 3494 but I 
can't do anything to get past that key. Then with the MAC ending in CA the key 
it got to is 2667182 but does the same thing as the one ending with MAC 42. 
Both do not have WPS locked. The MAC ending in CA I had to mess with a lot but 
-i mon0 -b A0:21:B7:A2:0B:CA  -vv -N -n -w -S that code worked the best for me 
until now. 

Original comment by ffej5...@gmail.com on 21 Jun 2012 at 2:41

GoogleCodeExporter commented 8 years ago
Can you please share what commands did you use for airodump and AP injecti0on?

Original comment by BHT...@gmail.com on 21 Jun 2012 at 5:21

GoogleCodeExporter commented 8 years ago
aireplay-ng -1 0 -e surf -a F8:D1:11:AC:59:42 mon0 for test injecting which is 
all I figured I needed. And airodump-ng -c 4 --bssid F8:D1:11:AC:59:42 mon0. 
Nothing helps anymore though. :'( so frustrating! 

Original comment by ffej5...@gmail.com on 22 Jun 2012 at 4:21