Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

Sorry Guest, you are banned from posting and sending personal messages on this forum.

This ban is not set to expire.

[musket33]

VMR-MDK-K2-011x8.sh for Kali2.0

Musket Teams have voted to release the following WPS Locked Intrusion Script for General Use:

Included in the VMR-MDK package

1. mdk3-v6 folder
2. configfiledetailed for reference only
3. Help Files
4. PDDSA-K2-06.sh
5. VMR-MDK-K2-2016R-011x9.sh

For Kali 1.10a

Loaded 8 March 2016
Download VMR-MDK011x8 package at:

http://www.datafilehost.com/d/4f95b97f

For kali 2.0 and 2016.1R

You can download VMR-MDK-K2-2016R-011x9.zip package at

Loaded 8 March 2016
http://www.datafilehost.com/d/c2a2b474


MTeams

[misterx]

The file does not exist.

[Unknown]

The file does not exist.

I saved it yesterday, but be carefull i dont had the time to check it:

http://www.file-upload.net/download-10111196/VMRMDK-150107.zip.html

[musket33]

We have found an error in one(1) configuration file named:

     configfiledetailed1x2

You can REM/COMMENT out with a # the following two(2) variables

USE_PIN1=  should read #USE_PIN1=
WPS_PIN1=  should read #WPS_PIN1=


or you can download the corrected version


New Download

http://www.datafilehost.com/d/18156813

Musket Teams

[misterx]

You should upload it here, that would be easier.

[madafakaz]

any ideas how to properly authenticate with a routers that throw Association denied (code 18) error ? reaver does nothing, aireplay gives code 18 if try to use it as external authentication.

someone mentioned the same issue but there was no progress/solution posted so far. http://code.google.com/p/reaver-wps/issues/detail?id=377

[musket33]

Sorry Mr X we simply did not know a download facility was available.

We have included the attachment here.

MTeams

[musket33]

To madafakaz

Mteams have used the following three aireplay-ng and mdk3 commands to try and activate the router to respond to reaver:

aireplay-ng -0 10 -a XX:XX:XX:XX:XX:XX mon0

aireplay-ng -1 20 -a XX:XX:XX:XX:XX:XX -q 10 mon0

mdk3 mon0 f  -t XX:XX:XX:XX:XX:XX -f 99:99:99

We also suggest you use the following long reaver command line suggested by the author of auto-reaver

reaver  -i mon0 -a -f -c 1 -b XX:XX:XX:XX:XX:XX -r 3:10 -E -S -vv -N -T 1 -t 20 -d 0 -x 30

If you spoof your mac in reaver, change it from the command line first and only then add the --mac=XX:XX:XX:XX:XX:XX to the reaver command line otherwise reaver will fail.  Make sure the mac you spoof is the same as the mac in your command line.
MTeams

[musket33]

Reaver tools - aireplay-ng fakeauth and mdk3 MAC Filter brute force restart.

   The following bash script has been rereleased for public use. This simple program is designed to be used with reaver to activate router response to a reaver request for pins.
    The script assumes a reaver attack is in progress and the user has already placed the wifi device in monitor mode thru airmon-ng.


Musket Teams

[pedropt]

Your script is interesting , i will give you an idea for you to apply in the next version :

- Some aps have Mac address filtered , to bypass this you can put airodump listening to that particular AP and look for connected clients , then you can pick the mac address of that specific connected client and change mon0 mac address to that client mac address .

As soon as i remember more i will write them down here .

Note : try to change the configuration in script the varmac_config folder to script folder , it is anoying to have the script in :
/root/tools/wifi/vmrmdk

and the varmac_config folder in :
/root/varmac_config/

[Atmadja]

Hy, thanks for your job, it seems to work for me !! 
I'm at 8% now, hope it will found the right pin before one month ^^

[musket33]

To Atmadja

    Note the following:

    You have found a WPS Locked router that is susceptible to this apporach.

     Note the first six hex digits of the routers BSSID there is a good chance other routers with this hex sequence are also vulnerable.  This has been the case in areas we do field operations in.

     Do not be surprised if the pin completion jumps  suddenly to 91%

     Read our steps should your  pins spin endlessly at 99.99%

     It may take a few weeks so give it time to work.

     MTeams

     

[musket33]

To pedropt
     
     As we note in the help files, you can run the script from root or place it in the user/bin folder and run it from the command line. We only support kali-linux distros.

      AS to mac spoofing - we have never seen a single case where reaver was blocked by mac filtering. That being said we cannot prove that a routers lack of response was due to mac filtering by the router. We have tested  this by spoofing the mac of associated clients but this did not change the routers lack of response to reaver. For this reason we did not include the ability to select a specific mac address.

       MTeams would be interested in any view you have on this subject.

[pedropt]

About the MAC spoof it already happened to me 3 times , the situation is that some people configure their APS to get accessed only by their only configurable MAc addresses (TVS , Phones , LAptops) , and no matter what you try to do with aireply  , it will not get an authentication due the fact that every mac address generated does not match with the configured ones on the router .
For those cases i have to wait and see witch mac addresses do the handshake and stay connected , and then i have to change mon0 to one of those mac addresses so i can be authenticated with the router .

[Atmadja]

Code: [Select]

[code]I had a problem yesterday, the script was working normaly and suddently something happened and kali wrote a 100G file "xsession-error" so the partition gone full.
After deleting this file, I restarted your script but reaver started from 0%.
Thank's to the logs, I knew that the attack stopped at pin 1190XXXX.
So I entered "1190" in the first line of /etc/reaver/"bssid".wpc.
After restarting the script, reaver continues testing from 10% but it test pins like this :
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Entering recurring delay of 15 seconds
[+] Trying pin 1375
8
[+] Sending EAPOL START request

Do you have an idea for why does it test a 4digits pin only? and what is this "8"?

Thank you your help and nice job again :)