Hello, I'm going to begin with a brief configuration : I have two alfa wireless cards + 24dbi parabolic antenna + 16 dbi Yagi antenna. I'm trying to bypass ap rate limitations. Suggestions: the first alfa card is used with rreaver, ND the second card I use it to try and connect to the same hotspot I'm trying to retrieve the wps pin from, I have noticed that ap rate limitations no longer shows, my question is : is there an automated software that can try to connect in loop while the other card is trying to retrieve the wps pin. a
You could just use aireplay-ng to fake authentication Code: Select All aireplay-ng -1 6000 Re authenticate every 6000 seconds "change time to suit". Other things to try is varmacreaver https://forums.kali.org/showthread.php?19460-Varmacreaver-sh-Available-For-Free-Download which changes your mac address of your card during reaver attack. And others have reported running wash during attack can unstick stubborn router's and sometimes increase pins, use the same channel though Code: Select All wash -c With WPA CCMP use Code: Select All aireplay-ng -1 With WPA TKIP try Code: Select All aireplay-ng -8 the migration attack you might have to put this command in a loop to keep repeating it.
I will try and get back to you with results --- Double Post Merged, 2 Jun 2014 --- Hello, i used the wash -i "monX" -c "Y" and along with reaver trying pin on with monX ( the same card ), i had the Found packet with bad FCS, skipping... is it normal ? should i use --ignore-fcs option
Try with a capital -C that's for frame checksum errors that usually works for bad fcs, and the lowercase -c is for your channel.
-c, --channel=<num> Channel to listen on [auto] -o, --out-file=<file> Write data to file -n, --probes=<num> Maximum number of probes to send to each AP in scan mode [15] -D, --daemonize Daemonize wash -C, --ignore-fcs Ignore frame checksum errors -5, --5ghz Use 5GHz 802.11 channels -s, --scan Use scan mode -u, --survey Use survey mode [default] -h, --help Show help I should use the " c " not the capital Letter one "C". Anyhow i haven't noticed any improvements accelerating the process of finding the WPS PIN.
Code: Select All wash -C -i mon0 -c 11 Is what i meant, i wish i could say it worked for all routers but it doesn't it's all trial and error i'm afraid.
Thank you for your assitance Meknb, i use varmacreaver and i can say it's a powerful tool to bypass Ap rate Limitations. i have only one question. Can varmacreaver restore previous sessions when the system stops and restarts ?
No problem it's good to get a question to stimulate the grey cell's, rather than the dumb one's we get on here. I'm not sure varmacreaver save's reaver's session in the usual place, i just usually resume my reaver session the usual way with the -s switch I'll have a look next time i use it. I Only use varmacreaver when needed. From the varmacreaver thread However when EAPOL hangs start occuring and key rates drop or get erratic we suggest you try varmacreaver.sh. When the problem goes away stop varmacreaver.sh and continue from a reaver command line in a terminal window. What os you use ? If a live distro are you using persistence ?
Hello, I use Wifislax installed on VMware workstation, how about when trying to resume a session on varmacreaver we use the same name to the output file we named in our previous session. Got to try
I've never used wifislax so wouldn't know where the session is stored but it would be named the bssid of the victim<bssid> .wpc. If you copy this to pendrive just run reaver -your usual reaver commands -s /path to wpc on pendrive With vmware there is probably a option to save machine state or something to that effect which would save your session ,but i never use vmware either, the best option is when you first run reaver use the -s /path to pendrive and your session will be saved there.
