WPS (Pixie-Dust & PIN attacks) is a mess about wifite2 HOT 23 OPEN

Based on the "Wireless Security Database" on Google Docs (linked on various sites around the net), I ordered:

1. Tp-Link Archer C20i (includes a/5ghz band)
2. Netgear WNDR3700 V2
3. F5D8236-4 V3

Now we wait.

from wifite2.

Let me just say: I would very much appreciate a test router that is vulnerable to Pixie-Dust!

I've tried many times to find a router...

I shot you an email

from wifite2.

Only got 2 routers, and none are vulnerable to Pixie-Dust (or the PIN attack for that matter).

So I'm getting 3 more. Will rinse-repeat until I get a vulnerable router.

Again, if anyone has suggestions...

from wifite2.

from wifite2.

from wifite2.

I got a Belkin N600 DB v2 that is my dedicated WPS pixie test router. F9K1102V2.

from wifite2.

Has anyone had any luck in debugging why WPS pixie (using bully) doesn't work ? It is working - in that bully writes out the .bully/.run file. Wifite2 is missing something in the output and crack_result is staying "None". I'm running the latest Kali - and the arguments for bully in Bully.py look good. From what I can tell - the regex looks good too in matching the lines with PIN and KEY. Feel like something process/pipe related - which is where my python skills fall off...

I'm still playing with Bully.py to see if I can see where it's bailing, but no luck yet.

from wifite2.

I may confirm that WPS/PixieDust got problems, no further knowledge in python here to fix the issue either :/

from wifite2.

@binarymaster got some spare time to investigate the pixiewps issue in wifite2 ? :)

from wifite2.

I know that the old Wifite works when using pixie attack ...have not been able to even get a target to even show up with the new Wifite2 -wps attack even using it in the same spot .. but the first wifite has trouble capturing a handshake while wifite2 captures that shit like a boss... Around here (red Oak ,IOwa) Rual Area centurylink (SSID =Century link xxxx)routers are vun to the pixie attack / Belkin /and
a few netgear routers are vun... How do you get wps attack to bring up target n wifite2?... and yeah little ass towns allways have old ass equip /no update...

from wifite2.

The current version of wifite2 - uses bully by default for WPS attacks. The current issue seems to revolve around wifite2 not interpreting the output from bully correctly. Even though wifite2 will say that pixie was unsuccessful for example, you can check the actual bully output files and see that it was indeed cracked. So it seems to be launching and driving bully correctly - but the output is getting dropped or confused.

from wifite2.

from wifite2.

@derv82 do you still need a pixiedust vulnarable router? I May donate you one, no problem. Give me a heads up

from wifite2.

Contact me private at kimocoder(at)hotmail.com I may provided a router for both this issue and this one. Thanks.

from wifite2.

@alldayi420 The issue of WPS detection was fixed in #62

However, Wifite 2 should not be trusted with WPS attacks right now. You can run bully/reaver manually in the meantime.

# Running reaver:
reaver -i INTERFACE -vv -K -c CHANNEL -b BSSID
# Example for channel 11 and interface wlan0mon:
reaver -i wlan0mon -vv -K -c 11 -b AA:BB:CC:DD:EE:FF

# Running bully:
bully --pixiewps -c CHANNEL -b BSSID IFACE
# Example for channel 11 and interface wlan0mon:
bully --pixiewps -c 11 -b AA:BB:CC:DD:EE:FF wlan0mon

I can fix Wifite2's WPS PixieDust/PIN attacks once I get a router that is susceptible to Bully/Reaver.

Pasting what I said in #60 :

Can you (or anyone else) provide me the entire output of bully (and reaver too)? With the output, I can try to get Wifite working again. Separating stdout/stderr would help.

from wifite2.

No problem. I'll check it later today and may send one after this weekend.

from wifite2.

Got the output for both reaver and bully from @vom513 in #60

Already I see why Wifite2 doesn't work: The output of Reaver/Pixiewps appears to have changed (again).

Here's the output of reaver, I'm assuming it's a newer version of reaver:

 Pixiewps 1.4

 [?] Mode:     3 (RTL819x)
 [*] Seed N1:  -
 [*] Seed ES1: -
 [*] Seed ES2: -
 [*] PSK1:     2c2e33f5e3a870759f0aeebbd2792450
 [*] PSK2:     3f4ca4ea81b2e8d233a4b80f9d09805d
 [*] ES1:      04d48dc20ec785762ce1a21a50bc46c2
 [*] ES2:      04d48dc20ec785762ce1a21a50bc46c2
 [+] WPS pin:  11867722

 [*] Time taken: 0 s 21 ms

Wifite2 was expecting this format (old reaver output):

First, the regexes do not match the new format:

Second, Wifite fails if the PSK is not found. Apparently Reaver/Pixiewps no longer print this out:

from wifite2.

Added some "tests" for the output given by vom513, and updated Wifite's regexes so it looks like Pixie-Dust attacks should work now (for both reaver & bully).

Wifite uses reaver by-default. You can run bully using the --bully switch.

Let me know if it works (or crashes 😭).

Even if Wifite2 can crack WPS using Pixie-Dust again (hopefully), I still want to clean up the entire WPS attacking method:

I added a note on the TODO.md about improving the output of WPS attacks (more-verbose but not too verbose, consistent between reaver/bully). And I want to remove WPS PIN cracking entirely from Wifite 😱 because Wifite shouldn't even try to do something that may take multiple days/weeks/months.

from wifite2.

Alright, the PixieDust attacks should look a whole lot better now. And behave better.

From the commit above:

• --wps-time X: (-wpst) Total time for WPS attack to complete (5min)
• --wps-timeouts X: (-wpsto) Max number of timeouts before failing (100 -- was 30)
• --wps-fails X: (-wpsf) Max number of WPSFails before failing (100 -- was 30)

All other WPS-related switches were removed. Except for the base switches:

1. Specify WPS networks --wps
2. Specify only PixieDust attack --wps-only
3. Specify to not use PixieDust at all --no-wps
4. Specify to use bully instead of reaver: --bully

And the output is more consistent between reaver & bully:

Looking at the GIF... The attack progress line is getting kind of long. I might remove BSSID from the output (but leave power/db).

from wifite2.

Hey derv82 long time fan and ravenphreaker from tophatsec forum. Just letting you know any ralink chipset router I have come across has been susceptible. I get the pin almost every time the only reason it fails would be signal strength usually. Atheros is hit and miss. Broadcom usually isn't if they have been updated. Hope that helps

from wifite2.

Hi @ravenphreaker i dont know how you managed , I have been trying with 3 different router and nothing Dlink 850L , Dlink 803 and another tp link still nothing , however before with pixie 1.2 it used to work in all my routers no exception

from wifite2.

Help, i need conclusion.

First Time:

Other Time:

Failed: Reaver says "WPS pin not found"

from wifite2.

from wifite2.