Failed To Retrieve A Mac Address For Interface

admin

Disclaimer: This is for educational and personal use only. This was originally done as an assignment for SEC701 – Ethical Hacking. I do not condone potential illegal uses of this information. However it is perfectly legal to “hack” your own equipment or equipment you’re authorized to administer. If you use this for malicious purposes, it is not my fault.

For

Background

WPS is a security standard that allows users to connect to WPA/WPA2 networks easier, through use of an 8 digit pin code. As a result this actually weakens the security of WPA/WPA2 as this can be brute forced, and once compromised allows the hacker the ability to access the router/access point and have it provide it’s own passphrase or PSK (pre-shared key). The tools used in this attack are as follows, all included in Kali linux.

  • Run sudo airmon-ng start. Check that iwconfig shows the new interface (usually mon0) as being in Monitor mode. Managed will not work. Run aircheck-ng and turn off any processes it tells you might be bad. Afterwards, use airmon-ng stop mon0 and then airmon-ng start wlan0 to recreate the (hopefully) monitoring interface.
  • I'll look to see if there is a newer driver for the Intel Pro/1000, but if that were the issue I'd expect to see it on the workstations not just a couple?

Sadly, I can't remember what the command is the find the previous entry, but. Hope this helps, and if you need to find the previous entry, I hope this inspires you enough to google and figure it out! Edit: THANKS ALL! There is some GREAT info in the comments; I really appreciate everyone's contribution, and I'm learning even more.

  • macchanger (for MAC spoofing, not directly connected to the attack)
  • airmon-ng
  • wash
  • reaver

The video used as a basis for this attack (and shown for demonstration in class) can be found here:

Part 1 – MAC Spoofing

While not essential to our hack, in order to simulate doing this for real we’re going to spoof our MAC Address to limit the potential for getting caught. To do this requires only a few steps. For demonstration purposes, show the current MAC address:

The first thing we do is bring the interface down and stop network manager, by issuing the following commands:

Now we generate a random MAC address using macchanger. There are a couple of different options here, either using -r which will generate a random MAC or -a which will generate a random MAC with the same manufacturer prefix (if it can determine the manufacturer). In my case, it couldn’t so the output is the same as using -r.

Finally bring the interface up, and note the MAC has changed (the previous step actually shows you the original MAC and the new MAC).

Part 2 – Hacking WPS

Hacking WPS was actually less work than hacking WEP, though it took a lot longer. The first thing we need to do is run airmon-ng without options to ensure our wireless interface is being detected properly.

Next issue the command again with the interface included to start monitoring.

Issue the wash command to scan for access points in the area.

The output should look something like the following.

Failed To Retrieve A Mac Address For Interface 'mon0' Reaver

Now we’re going to run reaver with the MAC address of the access point as an argument, which was obtained as a result of the command used in the previous step. This step can take anywhere from 4 to 20+ hours. In my case it took about 6 hours to successfully crack the WPS pin.

Once you have the pin, run reaver again providing it the pin as an argument and it will return the PSK fairly quickly.

Which resulted in the following output.

Conclusions

The attack method used to compromise WPA/WPA2 by way of hacking the WPS was in my opinion much easier than that used to hack WEP in a previous demonstration this semester. While WEP took about 30 minutes to crack, hacking WPS took approximately 6 hours. After some very brief research online I discovered that this process can take anywhere from 4 to 30 hours. You would think the length of time required to perform the hack would be somewhat of a deterrent, however once WPS has been compromised it opens up a permanent vulnerability (unless one disables WPS) as the same key can be used to repeat the process once the Administrator for the access point changes the pre-shared key. To further complicate matters the WPS key is hard coded for each router, and cannot be changed. Which leads us to another problem. Some access points don’t actually disable WPS even when you’ve disabled the ability in the device’s settings. This has been patched by many of the leading manufacturers, but it is up to the Administrator responsible for the access point to see if this is in fact an issue for their particular hardware.

Failed To Retrieve A Mac Address For Interface 'wlan1mon'

-->

This article helps fix an issue where a DHCP client can't get a DHCP-assigned IP address.

Original product version: Windows Server 2012 R2
Original KB number: 167014

Symptoms

When a DHCP client is moved from one subnet to another, it may fail to obtain a valid IP address on the new subnet.

Resolution

To work around this problem, do one of the following methods:

  • Don't use IP addressing schemes that overlap.

  • Run the following commands after you move the client to a new segment:

More information

When a DHCP client that has previously had a DHCP-assigned address is started again, the client goes into an INIT-REBOOT state. The client will attempt to verify that it can still use the same address by sending a DHCPRequest packet, populating the DHCP Option Field 'DHCP Requested Address' with the previously assigned IP address.

Failed To Retrieve A Mac Address For Interface 'mon0'

If the DHCP server remains silent, the client assumes the previous address is still valid and keeps it. If a DHCP server sends a NACK packet in response to the DHCPRequest, the client goes into the Discover cycle; it also requests the previously assigned address in the DHCPDiscover packet.

When a DHCP server receives a DHCPRequest with a previously assigned address specified, it first checks to see if it came from the local segment by checking the GIADDR field. If it originated from the local segment, the DHCP server compares the requested address to the IP address and subnet mask belonging to the local interface that received the request.

If the address appears to be on the same subnet, the DHCP server will remain silent even if the address isn't in the range of its pool of addresses. The DHCP server assumes that the address was assigned by another DHCP server on the same segment if it's not from its own pool. If the address fails the subnet mask/IP address check, the DHCP server checks to see if it came from a Superscope, if one is defined. If not, the server responds to the DHCPRequest with a NACK packet.

If the client sending the DHCPRequest is requesting an address that appears to be on the same subnet but was actually assigned with a different subnet mask, the DHCP server will remain silent and the client will fail to obtain a valid IP address for the new subnet.

Failed to retrieve a mac address for interface

Failed To Retrieve A Mac Address For Interface 'wlan0'

For example, assume the DHCP client obtains address 172.17.3.x with a subnet mask of 255.255.255.0, and the client is moved to a new segment where the address of the DHCP server is 172.17.1.x with a subnet mask of 255.255.0.0. When the subnet mask/IP address comparison is done on the DHCP server, the DHCP server will remain silent, assuming another DHCP server on the segment assigned the address. If the subnet masks were reversed, the client would obtain a valid address.