Reaver Pro (Wifi Hacking Software) 2017 ##VERIFIED##
Janae Nowinski
Before launching a brute-force PIN hacking effort with Reaver, the attack platform's wireless adapter needs to be put into "monitor" mode. In Linux, that's done from the command line using ifconfig (an interface configuration tool) and iwconfig (which controls the configuration of wireless interfaces); both need to be run as the root user. After making sure I was disconnected from any other WiFi network, I went into an Ubuntu terminal window and entered:
I have tried the tools on WEP, WPA and WPA2, where only WEP is able to get cracked. The weak point of routers was WPS, but reaver and bully seems outdated and I have not gotten them to work on a single router yet. WPA2 cannot be cracked as far as I have understood, and the only way to actually get a password from WPA/WPA2 is by having a word list, which in itself is an extremely bad solution. There is an incredibly low chance of a password being in a word list, and if we talk outside the USA, they are non existant. Since WPS cracking seems to be secured, WPA/WP2 not being able to be cracked without word lists and WPA3 on the way, would that mean that currently Wi-Fi with WPA/WPA2 protection is most likely impossible to hack?
I can grab the 4 way handshake in a matter of seconds then go back to some deep dark hole to brute force it on a power machine. Whereas reaver needs access to the AP which I can only assume means it's making network noise. Common sense would dictate that the more network noise there is the worse off you are.
Reaver is more noisy. A person might look at there router and see wifi light flashing on it when their computers are off. Most people would just think there kids gave out the wifi password or they would think it's odd but not look into it. I have seen some routers that have a wps lock light on them so after too many failed attempt the router will disable wps for a certain amount of time. If the person knows about wps cracking and see's the wps lock light on his router it is likely he will be looking out his front window. So I believe using aircrack to capture a handshake is more stealthy than using reaver.
The original Reaver implements an online brute force attack against, as described in here [PDF]. reaver-wps-fork-t6x version 1.6b is a community forked version, which has included various bug fixes and additional attack method (the offline Pixie Dust attack).
Because in my experience which is a bit premature and is only based on testing on 3 laptops and 2 kali distros namely Kali 1 and Kali SANA, Reaver hasn't worked for me. It used to do its charm till the mid of last year i.e. 2015 but with the advent of new routers that come with improved technology and lock-out defenders, reaver remains at bay now. It gets interesting when you test it against the same old routers that you once used to employ it against and get the password within 4-5 hours of cracking but now surprisingly it doesn't work against them either. I have tested it against two such routers. It is giving results against one of them but only on the previous old Kali distro not on the Sana one. While no results at all against another router on both distros. I'm attaching a screencap as a piece of evidence to prove my point.
If you try reaver now, it is extremely arduous to get it associated with the AP in the first place. It takes around 5 minutes to associate with the targeted AP and once connected, it makes a few PIN attempts and then again displays the same 'Unable to Associate' message.
If you have managed to bypass that as well, then comes the ultimate weapon called the lock-out technology against which reaver is clueless. So it stops the process and sits there like a defeated warrior with a message "AP rate limiting, cracking shalt be resumed after __ seconds depending upon the delay time you have set". I have tried setting the delay time to even 10 minutes only to receive the same message again.
Hey guys , I think i have a solution for this.the problem occurs only with kali rolling and kali sana distributions.All you gotta do in this case is downgrade reaver pixiewps cowpatty and all other wireless attacks using apt-get purge command and download the old versions of these and install using dpkg command.DO NOT USE APT-GET since the repos are of sana and not to forget never upgrade your wireless attacks until kali shows up with some excuse. I am using a lenovo g-570 and this worked in my case.my chipset is of broadcom. And coming to Ap rate limiting I have already posted a method to overcome it. VIsit my post to see how to overcome AP rate limiting
Will try it in a while. Can it be upgraded back with the apt-get update reaver command? And how sure are you about the fact that downgrading reaver will make it to work just like it used to in Kali 1?
In your previous comment, you said I may have to remove some dependencies. What are you exactly alluding to? Could you walk me through the whole process so that I could use reaver like I used to before all hell went loose? Thankyou !
I had the same problem with reaver on Kali Sana. Any how I will give a try to your suggestion and see how it works. I hope this process is not irreversible (i.e. I can upgrade it back to the latest version)
Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.
With some routers i've tried on, the reaver process never went past M3 message, never getting E-S1 and Es2 properly, so the pixie dust attack actually never starts. let me know what output you get with the chips that are not working, we could do a little list of the chips we tested.
i want to use pixie dust and reaver attack against a wifi router but when i try to scan wps enabled devices using "wash -i mon0" command in linux it does'nt shows up the target router like its not wps enabled but i know it is because in my 2 android phones it is showing wps enable alongwith the windows 10 in my pc and i also know that linux is not broken because it is showing other networks with wps enabled. i have also checked with wifite but it is not showing wps. so is it a kali linux problem or its the problem with my router.
I am facing some issues(like "send _packet called from resend_last_packet() send.c:161") with the reaver that came with kali 2020.1b(Live USB). So, I installed the reaver that shown here. But now I am not getting that how can I run the reaver that I install later. Because when I run command like (reaver -b _______ -i ___ ) this it always uses the built-in reaver.
WiFi hacking became (almost) harder with the use of WPA2-CCMP. If you live in a residential neighborhood or near an office complex, you still find some access point with WEP enabled (or wide open), but nowadays most of them are configured with WPA2 by default.
Reaver developers (reaver-wps-fork-t6x mod) are trying to correct this situation, several bugs have already been fixed in the latest release, but the work has not yet been completed. At the time of writing, it is recommended to use the Alfa AWUS036NHA wireless adapter with Reaver, since it has an Atheros AR9271 chipset that works great with Reaver.
I thought I would share how easy it is to take down a router that is vulnerable against WPS attacks like my own. Reaver is an open source tool that brute forces WPS (Wifi Protected Setup). This is the pin (usually printed on the bottom of your router) that you can use to authenticate other devices to your wireless network without typing in a password. With enough time, reaver can crack this pin and reveal the WPA or WPA2 password.
If it is not showing anything that means you are using a external wifi adaptor , then you should change your command wlan1 or 2 instead of wlan0 , monitoring interface automatically will change to mon1 or mon2 . Whatever you just notify your monitoring interface , we need it later
Am I missing something or is there no tool available to do that? Not even with a specified target bssid? Like "reaver -i mon0 -b 02:02:02:02:02:02 -wpsbutton" and then spits out the same result as when supplied with the correct PIN. I also never read about this passive attack vector other than in a sidenote.
So obvious to me too. You are missing something. Effort. There ARE tools out there for sniffing wifi and cracking WPS. What I will say is, you haven't looked hard enough nor tried enough to test on your own. There are posts on these very forums for tools that will do what you ask, and sure google will find you an answer as well with little trouble. YouTUBE should find you a quick walk through in showing you various tools as well. I'm not even going to list a single tool. Too easy. There is a tool though, that will do almost all of the above, automatically.
And you clearly haven't read my post. I don't want to crack WPS or sniff wifi. While wpa_cli provides for the wps_pbc method it also needs the BSSID and is therefore a very manual method. Besides I don't even need to establish a WPA connection.
If you don't "sniff" anything, how do you plan to capture the data? Locally on the device? Where/how are you capturing the data, if not sniffing wifi or probing devices with injection or queries? WPS is only used with things like WPA for automation, so, what exactly are you expecting to accomplish, while NOT sniffing the wifi? You want the password from a WPS connection, but don't want to crack the pin to obtain the password through the process, I think maybe I'm missing something, or your not explaining yourself well enough.
dd2b598166