Bully on router with WPS lockout 06-15-2014, 10:57 PM
#1
I have recently moved and fired up my Kali machine to see what networks were in the area. I have a usb wifi card with usb extension cables so finding a good signal is relatively easy. I found a network with suitable signal so ran wash on mon0 with no results, then tried reaver with constant dis-associations so i thought maybe WPS was off. I had heard about bully but never tried it so i went into that using the syntax
"bully -b <bssid> -N mon0". First i had an error "Unknown frequency '2412' reported by interface 'mon0'" so i added -c 11 to specify the channel which fixed this, then i had a lot of FCS errors so added -N to disable reporting it. I got an association and it ran 3 pins then reported a WPS lockout. the default waiting time after this is 43 seconds but when it retried the lockout was still in effect. I ended up specifying time to wait after lockout to 70 seconds with -l70. bully reported my seconds per pin at 30 because of this so i thought this is going to take ages. Luckily it found the first pin after 700 attempts which is great considering there are 10000 possibilities then it moved on to pin2 which it got after 800 attempts. This entire process took me around 12 hours.
I like bully over reaver because of some of the features.
Here is a link to the usage for it https://github.com/bdpurcell/bully
Remember, hacking into a network that is not yours or that you do not have permission to is illegal. I am not responsibefor what you do with this information!
"bully -b <bssid> -N mon0". First i had an error "Unknown frequency '2412' reported by interface 'mon0'" so i added -c 11 to specify the channel which fixed this, then i had a lot of FCS errors so added -N to disable reporting it. I got an association and it ran 3 pins then reported a WPS lockout. the default waiting time after this is 43 seconds but when it retried the lockout was still in effect. I ended up specifying time to wait after lockout to 70 seconds with -l70. bully reported my seconds per pin at 30 because of this so i thought this is going to take ages. Luckily it found the first pin after 700 attempts which is great considering there are 10000 possibilities then it moved on to pin2 which it got after 800 attempts. This entire process took me around 12 hours.
I like bully over reaver because of some of the features.
Here is a link to the usage for it https://github.com/bdpurcell/bully
Remember, hacking into a network that is not yours or that you do not have permission to is illegal. I am not responsibefor what you do with this information!
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)