Ap rate limitations ( maybe a solution)

Discussion in 'The Off Topic Lounge' started by Anas, 31 May 2014.

  1. Anas

    Anas Active Member

    Joined:
    8 Jun 2012
    Messages:
    21
    Likes Received:
    1
    Hello,
    I'm going to begin with a brief configuration : I have two alfa wireless cards + 24dbi parabolic antenna + 16 dbi Yagi antenna.
    I'm trying to bypass ap rate limitations.
    Suggestions: the first alfa card is used with rreaver, ND the second card I use it to try and connect to the same hotspot I'm trying to retrieve the wps pin from, I have noticed that ap rate limitations no longer shows, my question is : is there an automated software that can try to connect in loop while the other card is trying to retrieve the wps pin. a

     
  2. meknb

    meknb Mod
    Moderator Dev Team VIP

    Joined:
    2 Jun 2012
    Messages:
    702
    Likes Received:
    202
    You could just use aireplay-ng to fake authentication
    Code:
    Select All
    aireplay-ng -1 6000
    Re authenticate every 6000 seconds "change time to suit".
    Other things to try is varmacreaver https://forums.kali.org/showthread.php?19460-Varmacreaver-sh-Available-For-Free-Download which changes your mac address of your card during reaver attack.
    And others have reported running wash during attack can unstick stubborn router's and sometimes increase pins, use the same channel though
    Code:
    Select All
    wash -c
    With WPA CCMP use
    Code:
    Select All
    aireplay-ng -1
    With WPA TKIP try
    Code:
    Select All
    aireplay-ng -8
    the migration attack you might have to put this command in a loop to keep repeating it.
     
    #2 meknb, 1 Jun 2014
    Last edited: 2 Jun 2014
  3. Anas

    Anas Active Member

    Joined:
    8 Jun 2012
    Messages:
    21
    Likes Received:
    1
    I will try and get back to you with results
    --- Double Post Merged, 2 Jun 2014 ---
    Hello, i used the wash -i "monX" -c "Y" and along with reaver trying pin on with monX ( the same card ), i had the
    Found packet with bad FCS, skipping...

    is it normal ? should i use
    --ignore-fcs option
     
    #3 Anas, 1 Jun 2014
    Last edited: 2 Jun 2014
  4. meknb

    meknb Mod
    Moderator Dev Team VIP

    Joined:
    2 Jun 2012
    Messages:
    702
    Likes Received:
    202
    Try with a capital -C that's for frame checksum errors that usually works for bad fcs, and the lowercase -c is for your channel.
     
  5. Anas

    Anas Active Member

    Joined:
    8 Jun 2012
    Messages:
    21
    Likes Received:
    1
    -c, --channel=<num> Channel to listen on [auto]
    -o, --out-file=<file> Write data to file
    -n, --probes=<num> Maximum number of probes to send to each AP in scan mode [15]
    -D, --daemonize Daemonize wash
    -C, --ignore-fcs Ignore frame checksum errors
    -5, --5ghz Use 5GHz 802.11 channels
    -s, --scan Use scan mode
    -u, --survey Use survey mode [default]
    -h, --help Show help

    I should use the " c " not the capital Letter one "C".

    Anyhow i haven't noticed any improvements accelerating the process of finding the WPS PIN.
     
  6. meknb

    meknb Mod
    Moderator Dev Team VIP

    Joined:
    2 Jun 2012
    Messages:
    702
    Likes Received:
    202
    Code:
    Select All
    wash -C -i mon0 -c 11
    Is what i meant, i wish i could say it worked for all routers but it doesn't it's all trial and error i'm afraid.
     
  7. Anas

    Anas Active Member

    Joined:
    8 Jun 2012
    Messages:
    21
    Likes Received:
    1
    Thank you for your assitance Meknb, i use varmacreaver and i can say it's a powerful tool to bypass Ap rate Limitations. i have only one question.

    Can varmacreaver restore previous sessions when the system stops and restarts ?
     
  8. meknb

    meknb Mod
    Moderator Dev Team VIP

    Joined:
    2 Jun 2012
    Messages:
    702
    Likes Received:
    202
    No problem it's good to get a question to stimulate the grey cell's, rather than the dumb one's we get on here.

    I'm not sure varmacreaver save's reaver's session in the usual place, i just usually resume my reaver session the usual way with the -s switch I'll have a look next time i use it. I Only use varmacreaver when needed.

    From the varmacreaver thread
    However when EAPOL hangs start occuring and key rates drop or get erratic we suggest you try varmacreaver.sh. When the problem goes away stop varmacreaver.sh and continue from a reaver command line in a terminal window.

    What os you use ? If a live distro are you using persistence ?
     
  9. Anas

    Anas Active Member

    Joined:
    8 Jun 2012
    Messages:
    21
    Likes Received:
    1
    Hello, I use Wifislax installed on VMware workstation, how about when trying to resume a session on varmacreaver we use the same name to the output file we named in our previous session. Got to try
     
  10. meknb

    meknb Mod
    Moderator Dev Team VIP

    Joined:
    2 Jun 2012
    Messages:
    702
    Likes Received:
    202
    I've never used wifislax so wouldn't know where the session is stored but it would be named the bssid of the victim<bssid> .wpc.
    If you copy this to pendrive just run reaver -your usual reaver commands -s /path to wpc on pendrive
    With vmware there is probably a option to save machine state or something to that effect which would save your session ,but i never use vmware either, the best option is when you first run reaver use the -s /path to pendrive and your session will be saved there.
     
  11. Anas

    Anas Active Member

    Joined:
    8 Jun 2012
    Messages:
    21
    Likes Received:
    1
    Thank you a lot for your assistance and sorry for the delay I had exams on the way. Thread closed
     

Share This Page

Loading...