1

I was trying to crack my WiFi Router. I have two laptops an older one(Lenevo 3000 G430) and a newer one(HP Elitebook 840 G3) with their internal adapter. The old one has BCM4312 802.11b/g chipset and the newer one has Intel Dual Band Wireless AC 8260 (rev 3a) with Linux Drivers b43(older one) and iwlwifi(newer one) respectively. I was doing wps attack using reaver on Kali The old laptop has Kali installed but the new laptop is running on Live Persistent Kali USB. And this the output I get on both of them:

BSSID               Ch  dBm  WPS  Lck  Vendor    ESSID
--------------------------------------------------------------------------------
00:17:7C:91:XX:XX    6  -55  2.0  No   RealtekS  DIGISOL   (Target)
XX:XX:XX:XX:YY:XY 6  -82  2.0  No   RealtekS  sjefbwdb
root@XYZ:~# reaver -i wlan0mon -b 00:17:7C:91:XX:XX -vv -K 1

Reaver v1.6.5 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:17:7C:91:XX:XX
[+] Switching wlan0mon to channel 1
[+] Switching wlan0mon to channel 2
[+] Switching wlan0mon to channel 3
[+] Switching wlan0mon to channel 4
[+] Switching wlan0mon to channel 6
[+] Received beacon from 00:17:7C:91:XX:XX
[+] Vendor: RealtekS
[+] Trying pin "12345670"
[+] Sending authentication request
[!] Found packet with bad FCS, skipping...
[!] WARNING: Receive timeout occurred                                                                                                                      
[+] Sending authentication request
[!] WARNING: Receive timeout occurred
[+] Sending authentication request
[!] WARNING: Receive timeout occurred
[+] Sending authentication request
[!] WARNING: Receive timeout occurred
[+] Sending authentication request
[!] WARNING: Receive timeout occurred
[+] Sending authentication request

[+] Nothing done, nothing to save.

With verbosity 4:

reaver -i wlan0mon -b 00:17:7C:91:XX:XX -vvvv -K 1

Reaver v1.6.5 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:17:7C:91:XX:XX
[+] Switching wlan0mon to channel 1
[+] Switching wlan0mon to channel 2
[+] Switching wlan0mon to channel 3
[+] Switching wlan0mon to channel 4
[+] Switching wlan0mon to channel 6
[+] Received beacon from 00:17:7C:91:XX:XX
[+] Vendor: RealtekS
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 32 33 34 35 36 37 30                           12345670        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg                                                                                                                              
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:333
send_packet called from authenticate() 80211.c:364
[+] Sending authentication request
[!] Found packet with bad FCS, skipping...
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161

And yes WPS is enabled on the Router and even when I try from my android phone using WPS WPA Tester it works and the WPS gets locked after incorrect attempts...

Tanmay B
  • 11
  • 1
  • 2

0 Answers0