Home Unlabelled Auto Reaver - multiple Access Point Attack using Reaver

Auto Reaver - multiple Access Point Attack using Reaver

By
Thursday, May 14, 2015
Read
Add Comment
This is bash script which provides multiple access point attack using reaver and BSSIDs list from a text file.

If processed AP reaches rate limit, script goes to another from the list, and so forth.

HOW IT WORKS ?

Script takes AP targets list from text file in following format

BSSID CHANNEL ESSID
For example: 
AA:BB:CC:DD:EE:FF 1 MyWlan 
00:BB:CC:DD:EE:FF 13 TpLink 
00:22:33:DD:EE:FF 13 MyHomeSSID

And then following steps are being processed:

  • Every line of list file is checked separately in for loop
  • After every AP on the list once, script automatically changes MAC address of your card to random MAC using macchanger (you can also setup your own MAC if you need),
  • Whole list is checked again and again, in endless while loop, until there is nothing to check loop is stopped,
  • Found PINS/WPA PASSPHRASES are stored in {CRACKED_LIST_FILE_PATH} file.

REQUIREMENTS

  • Wireless adapter which supports injection (see [https://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers Reaver Wiki])
  • Linux Backtrack 5
  • Root access on your system (otherwise some things may not work)
  • AND if you use other Linux distribution*
    • Reaver 1.4 (I didn't try it with previous versions)
    • KDE (unless you'll change 'konsole' invocations to 'screen', 'gnome-terminal' or something like that... this is easy)
    • Gawk (Gnu AWK)
    • Macchanger
    • Airmon-ng, Airodump-ng, Aireplay-ng
    • Wash (WPS Service Scanner)
    • Perl

USAGE EXAMPLE

First you have to download lastest version
git clone https://code.google.com/p/auto-reaver/
Go to auto-reaver directory
cd ./auto-reaver
Make sure that scripts have x permissions for your user, if not run
chmod 700 ./washAutoReaver chmod 700 ./autoReaver
Run wash scanner to make a formatted list of Access Points with WPS service enabled
./washAutoReaverList > myAPTargets
Wait for 1-2 minutes for wash to collect APs, and hit CTRL+C to kill the script. Check if any APs were detected
cat ./myAPTargets
If there are targets in myAPTargets file, you can proceed attack, with following command:
./autoReaver myAPTargets

ADDITIONAL TOOLS

In auto-reaver directory you can find additional tools:

washAutoReaverList

Script that will scan network using wash, to search for Access points with WPS service enabled, and generate auto-reaver formatted list like:
AA:BB:CC:DD:EE:FF 1 MyWlan 00:BB:CC:DD:EE:FF 13 TpLink 00:22:33:DD:EE:FF 13 MyHomeSSID
Important: You can always block AP checking by simply adding # sign before each line, as follows:
# 00:22:33:DD:EE:FF 13 MyHomeSSID
so MyHomeSSID will be skipped during list check.

showPinDates

Script shows last PIN attempt dates for the certain BSSID
It depends on PIN_DATE_TMP_DIR variable (see configuration section), from configurationSettings file.
You can use this tool to adjust setting of LIMIT_WAIT_MINUTES, it should help you discover, for how long certain AP is blocked during AP rate limit.
Using:
./showPinDates [BSSID] [OPTIONS]
Example:
./showPinDates AA:BB:CC:DD:EE:FF
Example output:
2014-06-26 06:06:54 2014-06-26 08:06:09 2014-06-26 13:06:08 2014-06-26 14:06:06 2014-06-26 15:06:10
You can use additional options for grouping PIN dates:
Example:
./showPinDates AA:BB:CC:DD:EE:FF --group-by-day
Outputs:
Grouping PINs by day 2014-06-23: 24 PINs 2014-06-29: 20 PINs 2014-06-30: 51 PINs
Options available:
--group-by-day - Grouping PIN dates, by day and shows PIN count of each day
--group-by-hour - Grouping PIN hours, by day+hour and shows PIN count of each day+hour

Download & Learn More
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us