Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
I just got the reaver pro hardware
Simply hooked up to my laptop via lan and opened up web interface (192.168.69.1)
nice interface - simply hit a big play button and it scans for hackable routers
found a big list and first trying the one in my house. can also pause it if need be :)
will let you know how it goes on.....
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Where can you buy a reaver from, since there availability I cant seem to find one anywhere. Cant wait to hear the results too
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Tried doing mine at home (a Netgear DGN2000 with latest DGTeam firmware) and it found the WPS pin but never gave me the PSK - that was using Backtrack 5 R1 and a USB wireless dongle with the RT73 chipset.
I've just been down to PC World and picked up a Netgear WNA1100 USB dongle which was £14.99 and is supposed to work fine - I've got it into monitor mode and I'm retrying on my router now to see if it gets the same pin - it's definitely quicker than the old RT73 one! Now getting 12 pins a minute as opposed to 4!
It detects a load more networks than the old Edimax EW7318USG (RT73) I had - looks from using wash that most round here are old DG834GTs which don't support WPS anyway - bummer!
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Quote:
Originally Posted by
reverend
Tried doing mine at home (a Netgear DGN2000 with latest DGTeam firmware) and it found the WPS pin but never gave me the PSK - that was using Backtrack 5 R1 and a USB wireless dongle with the RT73 chipset.
I've just been down to PC World and picked up a Netgear WNA1100 USB dongle which was £14.99 and is supposed to work fine - I've got it into monitor mode and I'm retrying on my router now to see if it gets the same pin - it's definitely quicker than the old RT73 one! Now getting 12 pins a minute as opposed to 4!
It detects a load more networks than the old Edimax EW7318USG (RT73) I had - looks from using wash that most round here are old DG834GTs which don't support WPS anyway - bummer!
how long did it take on the old adapter to pick up the PIN Rev?
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
To be honest mate I kicked it off at about 9pm and it had finished when I'd woken up but there was no timestamp so not sure exactly how long it took - less than 10 hours though!
..:: Edit ::..
Actually just realised it does timestamp when it saves progress but I'd never scrolled back to take a look - I'll let you know when this one finishes mate :)
These are supposed to work as well (same chipset) and they're under 9 quid delivered :)
http://www.amazon.co.uk/gp/product/B...A3P5ROKL5A1OLE
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Not too bad then, interested to hear how this one performs. Even £15 is cheap enough and I have to pass a currys/pcgirls on the way home so could easily pick one up (patience is not my strong point!)
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Mine seems to show seconds a pin not pins a seconds, curious to why this is, using BT5R1 VM.
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Quote:
Originally Posted by
koola2
Mine seems to show seconds a pin not pins a seconds, curious to why this is, using BT5R1 VM.
That is normal mate, it's just me worked it out in my head in pins per minute :)
Right now it's running at 4 seconds per pin :)
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Quote:
Originally Posted by
Undertaker
mc.dodd - could be the wash program
only available on 1.4 i think
how do I run/use the wash program?
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Quote:
Originally Posted by
mc.dodd
how do I run/use the wash program?
It's just as follows mate:
wash -i mon0
That will then list the AP's found with WPS enabled and the version etc - if your interface is different to mon0 just change that bit.
If you get FCS errors reported then you can just add either -C or --ignore-fcs to the end of the command :)
Just to check your workflow (sorry if it's teaching you to suck eggs mate) - you boot say Backtrack 5 R1, update everything and install reaver, and then command wise you would do:
airmon-ng
This lists the interfaces - it's more than likely to be wlan0 you're after - then you would do:
airmon-ng start wlan0
This starts up monitor mode and adds mon[x] to the list of interfaces - once done you can use any of the tools such as wash
wash -i mon0
Then once you've got the MAC just do
reaver -i mon0 -b [bssid] -vv
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
I prefer the single 'v' you don't get as much verbose. Also I have been using -c <channel number> (to stop it jumping channels after 10 connection losses) and -d 0 for no delay (just speed it up)
i.e. reaver -i mon0 -b [bssid] -v -c [channel from wash] -d 0
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
I noticed some weird behaviour here - the pin that returned last night started 1995 but was different to what was under the router itself - tried various pins and it said they were all correct but did not give a password.
Just reread the changelog for my DGTeam firmware and they removed a lot of the WPS code from this router so I guess that's why it's weird!
Time to try someone else's now!
Just noticed as of 1.3 there's a --dh-small option which speeds things up too and reduces load on the remote access point to help prevent crashing etc.
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Tried a few wireless cards with this now, the D-Link one, a TP-Link TL-WN722N and now an Alfa AWUS036NHR.
The Alfa is an absolute bitch to get working right in BT5R1 - in fact in the end it kept getting association errors and it's a known problem with BT5R1, it works fine in Ubuntu 10 or 11 with the same compat-wireless drivers.
If any of you are trying these then be careful - the current bleeding edge compat-wireless drivers have a problem with the rtlwifi driver as used in the Alfa and it won't compile, 24th of Jan works fine, I haven't had chance to drill into it a bit more and see which one broke it!
The Alfa card has an awesome signal (N mode doesn't work in monitor mode though) - I did find something saying that you can turn up the power of the other two cards I've got to 2mW but I've not tried that yet!
So far I haven't managed to hack a single network - the only routers where I live with WPS all have rate limiting so it's only doing around 150 - 200 keys a day - I might just leave it running in the background for a couple of days and see if it spits anything out!
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
I still can't get it to find a compatible network, the wireless dongle seems to be working correctly but when I scan for networks nothing shows up...the network is showing up as WPA/WPA2[WPS]
...wonder if i tried the TP-Link TL-WN722N it would make a difference. The dongle I'm using is a Ralink..
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Quote:
Originally Posted by
mc.dodd
...wonder if i tried the TP-Link TL-WN722N it would make a difference. The dongle I'm using is a Ralink..
Have to admit the TP-Link isn't the strongest of the ones I've tried -picked up an AWUS036H as everyone raves about those but after some hands on I've had better results with the AWUS036NHR so far so wouldn't bother with the TP-Link now, gave it to the mrs, with the Alfa I managed to hack the compat-wireless drivers from the 6th Feb up to 31dBM and it managed to sort out a couple of networks via Reaver as well as every WEP network it can see!
Got an AWUS051NH on the way now so that I can try that out and see if there are many networks on 5Ghz around these parts.
Backtrack 5 R2 made a big difference too, I was using Reaver with Ubuntu 10.04 before which I'm using my modified compat-wireless drivers with but Backtrack 5 R2 seems very stable with Reaver so they've sorted those issues out.
Re: Hands-on: hacking WiFi (WPA/WPA2) Protected Setup with Reaver
Quote:
Originally Posted by
reverend
Have to admit the TP-Link isn't the strongest of the ones I've tried -picked up an AWUS036H as everyone raves about those but after some hands on I've had better results with the AWUS036NHR so far so wouldn't bother with the TP-Link now, gave it to the mrs, with the Alfa I managed to hack the compat-wireless drivers from the 6th Feb up to 31dBM and it managed to sort out a couple of networks via Reaver as well as every WEP network it can see!
Got an AWUS051NH on the way now so that I can try that out and see if there are many networks on 5Ghz around these parts.
Backtrack 5 R2 made a big difference too, I was using Reaver with Ubuntu 10.04 before which I'm using my modified compat-wireless drivers with but Backtrack 5 R2 seems very stable with Reaver so they've sorted those issues out.
ahh, right, I'll see if I can grab backtrack5 R2 and try that first.. bit of a noob with all this and just want to hack network next to work , it's the only one there!