###========================= CHANNEL1=6

###=========================
###========================= USE_R1=y
###=========================
###=========================
RX1=9
RY1=2
###=========================
###========================= LIVE1=240
###=========================
###========================= USE_LONG1=y
###=========================
####========================= MDKTYPE1=3
####=========================
###========================= MDKLIVE=1
###=======================
###========================= PAUSE=1
###=========================
###========================= REAVER_COUNT=y
###=========================
###========================= MDK3_COUNT=y
###=========================
###========================= WASH_COUNT=y
###=========================
###========================= DAMP_MDK=y
###=========================
###========================== ADVAN_TIME=120
###=========================
###========================= USE_AIRE1=y
###=========================
###========================= USE_AIRE0=n
###=========================
###========================= USE_DHSMALL=y
###=========================
###========================= MACSEL=n
###=========================
###========================= ASSIGN_MAC=XX:XX:XX:XX:XX:XX
###=========================
###========================= USE_PIXIE=n
###=========================
###========================= USE_FIRSTPIN=n
###=========================
###========================= RETESTPin=50
###=========================
1. Hi All,
First of all thanks for this lovely script, but there are
some concerns that I would like to point out.
I dont know if this is normal or not, coz the attack is
not suucessful.
Here are my observation:
So after running VMR-MDK-K2-2016R-011x9 script on
my router TP Link WR740N

USB wireless adapter= TP Link WN722N

Kali Linux 2016 roling
All updated
Here are the results
All settings as default with interface selected as Mon0
ATTEMPT 1
setting default as the script
reaver result:
p2 index set to 2
10002
90.95% complete
aireplay-ng reception test= association successful
AID: 1
Client associated=yes
EAPOL Flood attack
wash WPS locked = NO
ATTEMPT 2
Reaver start/stop cycles remaining = 999
p1 index set to 3
pin count advanced 3
0.03% complete
WPS transaction failed code 0x0
aireplay-ng reception test: association successful AID:
1
Wash WPS locked= YES
client associated= yes
ATTEMPT 3
Reaver= Warning: receive timeout occured and
continues
Sending EAPOL start request
aireplay-ng reception test= association successful
AID: 1
Wash WPS locked= YES
client associated= yes
ATTEMPT 4
WPS transaction failed code 0x04
0.03% complete
sending EAPOl start request
trying PIN 1115670

aireplay-ng reception test= association successful

AID: 1
client associated= yes, 2
MDK3 DOS 1 and 2 = client still responding with 1500
packets
Wash WPS locked=YES
ATTEMPT 5
Reaver start/stop cycles remaining = 996
Reaver:
Warning: receive timeout occured and continues
sending EAPOl start request ( cycle continues)
aireplay-ng reception test= association successful
AID: 1
Wash WPS locked= YES
WPS not found
2 clients still connected
Router stop responding
default router page doesnt open up
Restarted the router finally
Please advice.
Thanks.
Last edited by machx; 2016-06-29 at 06:35 PM.
Reply With Quote

2.

2016-06-30, 01:25 AM#127

mmusket33

Senior Member
Join Date
Jul 2013
Posts
732

Reference the use of the VMR-MDK script.

1. VMR-MDK is only effective against a SMALL number of routers.
2. Users should read the help files before employing.
3. Procedure for testing for the flaw are outlined there.
Reference the attack outlined by machx
ATTEMPT 1
Reaver is running the default pin 12345670 attack
Attempt 2

Reaver starts the brute force attack against a the WPS system. Status of WPS
unclear but pin count increased.
ATTEMPT 3 thru 5
Router appears partially locked
If the router provides more pins after resetting then this approach may work.
If the router stays locked and no more pins collected the VMR-MDK approach will
not work.
Suggestion if VMR-MDK does not work
Test to see if the router automatically unlocks the WPS system after x number of
seconds
From the command line(CL) run reaver
Make sure the -L is NOT in the CL.
Add the -l or --lock-delay to 100 "Set the time to wait if AP locks WPS pin attempt"
With a -l 100 reaver will attempt to collect pins every 100 seconds.
Run reaver and wait. If pin collection restarts just count the number of times reaver
attempts to collect pins before pin count restarts.
For example if reaver tries 10 times before pin count retarted then 100 times 10 =
1000 seconds.
Now set your -l to 1200 run reaver from the CL and sit back.
You can tweak the 1200 lower if the attack develops a pattern.
MTeams
Reply With Quote

3.

2016-06-30, 09:21 AM#128

machx

Junior Member
Join Date
May 2015
Posts
25

Thank you MTeam,

I was wishing that you could take a look at my post, and you did.
Thank you for your advice.
I have observed that the router TP-Link WR740N is not vulnerable against this
script.
After the DOS attack 1 and 2 , the router stops responding to any devices.
Router page doesn't show up, You have to manually restart the router.

Even after restarting the router the PIN doesn't disable. You have to manually
disable the PIn if you want to continue with the attack.
The question is: If I install the old script which is VMR-MDK011x8 for Kali 1.1.0, will
it work better than the new script on Kali 2016 rolling.
I have heard that this script gives false results on most Kali 2016 rolling edition..
Please advice MTeam.
Thank you.
Reply With Quote

4.

2016-06-30, 02:00 PM#129

mmusket33

Senior Member
Join Date
Jul 2013
Posts
732

Reference VMR-MDK011x8, this script cannot be run in kali2.0 and 2016

As for false results MTeams is unsure which program is providing false results.
MTeams has never seen any problems with the latest version.
We do get allot of commentary about pin counts but this is because users do not
read carefully the retest pin feature. Furthermore during setup many users input
the wrong data causing the program to fail. If you youtube VMR-MDK you will find a
new video that states VMR-MDK doesnot work because the user tested it against
three routers. MTeams has no objection to the user stating the program was not
effective against the routers attacked however during the setup the user input
incorrect setup info.
VMR-MDK is a administrative script. It just runs various processes already installed
in robotic fashion. Most of the newer scripts changes deal with avoiding network
manager problems and handling differences in text output.
If you have info on false results please provide details. We use the script all the
time with both 1.1 2.0 and 2016 and have seen no problems. Normally if the router
locks we run up VMR-MDK and see if the flaw exists. If the attack collects pins we
continue if not we try other tactics. VMR-MDK is just one small tool in the WPA Tool
Box.
In closing we have heard the Network Manager problems are finally being
addressed and will eventually filter down to users.
Last edited by mmusket33; 2016-06-30 at 02:25 PM.
Reply With Quote

5.

2016-06-30, 02:38 PM#130

machx

Junior Member
Join Date
May 2015
Posts
25

Thank you for your advice.

Could you let me know the settings you are using from 1 - 22
I have tried to switch setting 22 to N,
Thank you M team.
The settings that your team use and proven to be successful, we can try and test
on our routers and tweak a bit to get the bets out of it.