You are not logged in.
I'm trying to reaver to work, but it won't associate. I'm a beginner, please excuse the possible obvious mistakes
0. My wireless card is Intel Corporation Wireless 7260 (rev 73), kernel driver in use iwlwifi.
The network is WPA2, PSK, WPS is enabled (checked from beacon frames.)
Reaver version is 1.4.
1. When I run reaver, it sends out authentication packets but the AP doesn't respond to them, no association happens. I CAN associate using wpa_supplicant.
Using wpa_supplicant, I was able to get reaver through the associating stage to start trying pins.
2. Some people report success when they let aireplay-ng associate them and make reaver skip the part using -A. The AP ignores all fakeauth authentication attempts.
3. Might be somehow related, I also tried capturing a successful authentication packet and then replay it with aireplay-ng, but for some reason, it just returns 'End of file'. I'm quite a beginner so I'm not sure if I didnt set some selection flag wrong. However, I tried it with bigger pcap files and set the filter to something quite simple (like me being the source address) - still nothing.
If I try it with live capture, aireplay get's stuck on 'read X packets', it never does anything else.
4. I tried injection test but no AP seems to respond. I tried multiple APs, so it leads me to question if my card/driver can actually inject at all.
[root@sigma caps]# aireplay-ng -9 mon0
12:32:13 Trying broadcast probe requests...
12:32:15 No Answer...
12:32:15 Found 2 APs
Additional information:
Wash -i mon0 always fails with '[!] Found packet with bad FCS, skipping...'
It seems that reaver 1.3 get's stuck on 'waiting on beacon from [AC]' and doesn't even send AUTH requests.
interfaces:
iwconfig
wlp2s0 IEEE 802.11abgn ESSID:off/any
Mode:Managed Frequency:2.412 GHz Access Point: Not-Associated
Tx-Power=0 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
mon0 IEEE 802.11abgn Mode:Monitor Frequency:2.432 GHz Tx-Power=0 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:on
ip addr
3: wlp2s0: <BROADCAST> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 0c:8b:fd:51:d9:ca brd ff:ff:ff:ff:ff:ff
5: mon0: <BROADCAST,ALLMULTI,PROMISC,NOTRAILERS,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN qlen 1000
link/ieee802.11/radiotap 0c:8b:fd:51:d9:ca brd ff:ff:ff:ff:ff:ff
Thanks for any help. I'm getting hopeless about this.
//more information
My attempt to use reaver:
[root@sigma caps]# airodump-ng mon0
CH 13 ][ Elapsed: 20 s ][ 2013-10-27 13:04
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
AA:AA:AA:AA:AA:AA -63 32 0 0 6 54e WPA2 CCMP MGT AP
...
...
BSSID STATION PWR Rate Lost Packets Probes
[root@sigma caps]# reaver -b AA:AA:AA:AA:AA:AA -i mon0 -vv -c 6
Reaver v1.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
[+] Switching mon0 to channel 6
[+] Waiting for beacon from AA:AA:AA:AA:AA:AA
[+] Switching mon0 to channel 6
[!] WARNING: Failed to associate with AA:AA:AA:AA:AA:A (ESSID: AP)
Getting more desperate, I tried multiple APs, so the signal isn't always that bad. Same results.
Last edited by skyer (2013-10-27 12:12:20)
Offline
2. Some people report success when they let aireplay-ng associate them and make reaver skip the part using -A. The AP ignores all fakeauth authentication attempts.
You can't associate with aireplay-ng, but can with wpa_supplicant ? That's weird..
Try http://www.aircrack-ng.org/doku.php?id= … entication
For your original issue, https://code.google.com/p/reaver-wps/is … ail?id=205
"It would seem that if the router you are targeting does not show when you use 'wash', reaver can't work with it." and "I believe this happens because the AP turns of the WPS function after so many failed attempts."
Last edited by Resistance (2013-11-05 11:04:03)
Offline
'Fake authentication cannot be used to authenticate/associate with WPA/WPA2 Access Points. '
Tried that one already, doesn't work.
WPS is not turned off. For me, wash does not display anything except for the 'invalid FCS' message - no matter where I am and which AP I try to associate with.
Offline
Make sure the dir /usr/etc/reaver/ exists, and tell wash to ignore frame checksum errors with -C --ignore-fcs.
Offline