fbpx

Auto Reaver – multiple Access Point Attack using Reaver

This is bash script which provides multiple access point attack using reaver and BSSIDs list from a text file.

If processed AP reaches rate limit, script goes to another from the list, and so forth.

HOW IT WORKS ?

Script takes AP targets list from text file in following format

BSSID CHANNEL ESSID

For example:

AA:BB:CC:DD:EE:FF 1 MyWlan 
00:BB:CC:DD:EE:FF 13 TpLink 
00:22:33:DD:EE:FF 13 MyHomeSSID

And then following steps are being processed:

  • Every line of list file is checked separately in for loop
  • After every AP on the list once, script automatically changes MAC address of your card to random MAC using macchanger (you can also setup your own MAC if you need),
  • Whole list is checked again and again, in endless while loop, until there is nothing to check loop is stopped,
  • Found PINS/WPA PASSPHRASES are stored in {CRACKED_LIST_FILE_PATH} file.

REQUIREMENTS

  • Wireless adapter which supports injection (see [https://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers Reaver Wiki])
  • Linux Backtrack 5
  • Root access on your system (otherwise some things may not work)
  • AND if you use other Linux distribution*
    • Reaver 1.4 (I didn’t try it with previous versions)
    • KDE (unless you’ll change ‘konsole’ invocations to ‘screen’, ‘gnome-terminal’ or something like that… this is easy)
    • Gawk (Gnu AWK)
    • Macchanger
    • Airmon-ng, Airodump-ng, Aireplay-ng
    • Wash (WPS Service Scanner)
    • Perl

USAGE EXAMPLE

First you have to download lastest version

git clone https://code.google.com/p/auto-reaver/

Go to auto-reaver directory

cd ./auto-reaver

Make sure that scripts have x permissions for your user, if not run

chmod 700 ./washAutoReaver
chmod 700 ./autoReaver

Run wash scanner to make a formatted list of Access Points with WPS service enabled
./washAutoReaverList > myAPTargets

Wait for 1-2 minutes for wash to collect APs, and hit CTRL+C to kill the script.
Check if any APs were detected

cat ./myAPTargets

If there are targets in myAPTargets file, you can proceed attack, with following command:

./autoReaver myAPTargets

ADDITIONAL TOOLS

In auto-reaver directory you can find additional tools:

washAutoReaverList

Script that will scan network using wash, to search for Access points with WPS service enabled, and generate auto-reaver formatted list like:

AA:BB:CC:DD:EE:FF 1 MyWlan
00:BB:CC:DD:EE:FF 13 TpLink
00:22:33:DD:EE:FF 13 MyHomeSSID

Important: You can always block AP checking by simply adding # sign before each line, as follows:

# 00:22:33:DD:EE:FF 13 MyHomeSSID

so MyHomeSSID will be skipped during list check.

showPinDates

Script shows last PIN attempt dates for the certain BSSID
It depends on PIN_DATE_TMP_DIR variable (see configuration section), from configurationSettings file.
You can use this tool to adjust setting of LIMIT_WAIT_MINUTES, it should help you discover, for how long certain AP is blocked during AP rate limit.
Using:

./showPinDates [BSSID] [OPTIONS]

Example:

./showPinDates AA:BB:CC:DD:EE:FF

Example output:

2014-06-26 06:06:54
2014-06-26 08:06:09
2014-06-26 13:06:08
2014-06-26 14:06:06
2014-06-26 15:06:10

You can use additional options for grouping PIN dates:

Example:

./showPinDates AA:BB:CC:DD:EE:FF –group-by-day

Outputs:

Grouping PINs by day
2014-06-23: 24 PINs
2014-06-29: 20 PINs
2014-06-30: 51 PINs

Options available:
–group-by-day – Grouping PIN dates, by day and shows PIN count of each day
–group-by-hour – Grouping PIN hours, by day+hour and shows PIN count of each day+hour

Download & Learn More

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...