PDA

View Full Version : Bully modified to implement pixiewps attack



aanarchyy
2016-01-02, 22:07
Modified bully to use pixiewps.

https://github.com/aanarchyy/bully

Let me know if there are any problems :-)

soxrok2212
2016-01-02, 22:19
Thanks for this! Will be testing and will (hopefully if I can add more text) will add to the original pixie thread :)

Quest
2016-01-02, 22:50
no way! That's a nice way to begin the year.

soxrok2212
2016-01-02, 22:53
Yes it is, Bully has some speed advantages over Reaver and the code is also much cleaner and easier to work with :)

aanarchyy
2016-01-02, 22:57
no way! That's a nice way to begin the year.

Thanks, if you could test this for me I would appreciate it. Wasn't able to do a whole lot of testing.

Quest
2016-01-02, 23:05
I'll gladly do that, but I do not have access to a pixie vulnerable AP at this moment, and all test will be under KL1. Let'see, I will report back if any positive(s).

Cheers aanarchyy!! :cool:


Edit: even if a negative, it seems to work.

**The text that you have entered is too long (20836 characters). Please shorten it to 10000 characters long.

See post below.

Edit 2: can't even post the results here, Anyways it seems to work :)

aanarchyy
2016-01-03, 00:48
@quest please post the results in pastebin or something then, i want to see if this works the same for others as it does for me.

Quest
2016-01-03, 00:51
will post here. Might take 3 posts even in CODE tags. 2016 The Flintstones. Go figure...

eDiT:
Sucuri WebSite Firewall - CloudProxy - Access Denied
What is going on?
You are not allowed to access the requested page. If you are the site owner, please open a ticket in our support page if you think it was caused by an error: https://support.sucuri.net. If you are not the owner of the web site, you can contact us at soc@sucuri.net. Also make sure to include the block details (displayed below), so we can better troubleshoot the error.

Now the server is blocking me??

aanarchyy
2016-01-03, 01:02
@Quest looks like you are having proxy issues...

Quest
2016-01-03, 01:05
will upload the text file in my mediafire account in a minute...

aanarchyy
2016-01-03, 01:06
or stick it in pastebin and post the link, far easier...

Quest
2016-01-03, 01:12
probly but I never used it and have a tendency to stick with what I know. Will have to try it eventually.

http://www.mediafire.com/download/qpphdi02be8p9vm/Quest+Bully+results

aanarchyy
2016-01-03, 01:16
@Quest is there a way you can private message me so we don't litter this thread? skype? join the irc chan for kali? anything?

Quest
2016-01-03, 01:18
they removed the PM on this forum. I will send you an email aanarchyy!-[at]-!gmail.com

aanarchyy
2016-01-04, 05:28
Updated to add some default pin generations!

aanarchyy
2016-01-09, 17:16
Updated!
Greatly cleaned up printed output and method of printing output(faster code!)
Removed forking of new bully instance, now runs all as one process.
Added new level of verbosity -v 4

Laserman75
2016-01-09, 20:29
Nice aanarchyy :)

I will test later at home after work.

kcdtv
2016-01-10, 20:03
Great job!!! Thank you aanarchy!
I made some testing with USB Ralink Chipset (now Mediatek) and i got very good results.

* With reaver :
- I am not even able to associate with this chipsets.
A little if i use iwconfig instead of airmon-ng to activate mode monitor
But eventhough i use iwconfig it is a "very dirty" association and a very dirty WPS flow and I cannot get all strings for a pixiedust atack

* With bully : one shot (comments on picture are in spanish, sorry for that)

http://pix.toile-libre.org/upload/original/1452454600.jpg

For thoses that have one of this chipsets
* Ralink RT3070 (the chipset of the Alfa Network AWUS036NH)
* Ralink RT3072
* Ralink RT3570
* Ralink RT3572 (the chipset of the Alfa Network AWUS052NH )
...And experience so many troubles to get something wiht WPS cracking,..

Bully will change your life!

By the way, with the new bully It means that we are able to lead an automated pixiewps attack against 5Ghz networks as RT-3072 and RT-3572 are dual-band chispet ! :cool:

I made the tests some days ago and didn't check this new level of verbosity... Gonna do it now.... Great!
Thanks again aanarchy for this nice new year present.

PS : I posted some more results here (in spanish again, sorry) nothing very deep or interesting, but if you want to have a look : Bully WPS: La alternativa a Reaver renace con soporte Pixiewps (https://www.wifi-libre.com/topic-323-bully-wps-la-alternativa-a-reaver-renace-con-soporte-pixiewps.html)

aanarchyy
2016-01-10, 23:02
Thank you very much for the review kcdtv, i really appreciate it :D

To clarify the new level of verbosity, by default (-v 3) it hides the hashes and merely reports they were collected, so as to reduce the screen from getting littered.
To see all the hashes, you need to specify -v 4

I've yet to try it on 5Ghz yet, i will try and do that at some point soon though.

http://pasted.co/a7aaabb7

Yeah, that's right. PSK collected in under 7 seconds. ;-)

PS it's aanarchyy, two y's at the end :p

Kaushalrocks
2016-01-11, 17:51
Can u tell me if kali nethunter can support on other model like google nexus 5 x because nexus 5 is old phone?
I m planning to buy in 2-3 days .
Please someone answer.

kcdtv
2016-01-11, 20:33
PS it's aanarchyy, two y's at the end
Upsss... Yes i did that. :D sorry. I will correct this in the review later,
Today a friend (dk10v) passed by the thread where i spoke about the "new buly" and he made some testing with a wn722n from tp-link:
So we are speaking about dongles with
ar9271 (atheros chipset) USB
And he said -literally - that he had .... an "orgasm" :p
With his default PIN founded in 1 second and some microseconds with bully
As he said in his post : A single picture is worth than worlds

http://pix.toile-libre.org/upload/original/1452543742.jpg
(original picture is taken from dk10v in answer 10 (external link) (https://www.wifi-libre.com/topic-323-bully-wps-la-alternativa-a-reaver-renace-con-soporte-pixiewps.html#p1676))

Cheers !

aanarchyy
2016-01-12, 02:32
@kcdtv i have been following that thread for a few days(translated by google) and i see many good things said, and as i have said, i appreciate you spreading this project. :D I've had a lot of fun making it.

Although that screen shot you just posted gave merit to the "bug" i found in it earlier today. Which i still need to weed out.
If in pixie mode, once it gets the hashes and runs pixiewps, if the next trasaction fails(M2D out of sequence, etc...), the program exits, and it only produces the pin, not the psk.

Be sure of this, more work will be going into this project, :-)

mmusket33
2016-01-12, 05:30
To: aanarchyy

Reference the --help file -v line

-v, --verbosity N : Verbosity level 1-4, 1 is quietest [3]

What does -v 4 produce. Is this linked to pixiedust output in some way?

MTeams

aanarchyy
2016-01-12, 05:51
@mmusket33:

Yes, it is directly related to pixie output, default of -v 3 when -d is used will only ouptut:


[P] ENonce received.
[P] PKE received.
[P] RNonce received.
[P] PKR received.
etc...

whereas -v 4 will not only show the actual hashes recovered, but also echo the pixiewps command ran.

I chose to do this to reduce screen clutter unless extra verbosity is desired. Most "users" don't care _how_ it works, only _that_ it works.

Further work is planned with this: code cleanup, extra options, hash recording, integration with other projects, etc... ;-)

bob79
2016-01-14, 09:45
couldn't find libpcap-dev and libssl-dev ;( using kali on wmvare

NotieBoie
2016-01-14, 11:08
Very nice, i need a podcast on WPS exploitation and little demo ;) i will use bully instead of reaver for WPS attack.
One question : why not making the starting PIN 01234567 as reaver do? atleast in my case most of the router have this pin and with single bruteforce attack, i was able to recover the WPS Pin
Good job btw

mmusket33
2016-01-15, 01:51
To NotieBoie

The starting pin for reaver is 12345670 NOT 01234567. It is also the default pin setting.

To Bob79

Read the README.md file that comes with the download

MTeams used

apt-get -y install build-essential libpcap-dev libssl-dev

However the entire suggested string is found in the read me.

MTeams

aanarchyy
2016-01-15, 04:29
@NotieBoie : i am not the one that wrote the original code to bully, the only part i have worked on was integrating pixiewps.
The part of the bully code i worked on never makes it past M3, and was solely for the purpose of adding
support for pixiepws so the PIN tried is essentially inconsequential.

bob79
2016-01-15, 09:03
root@kali:~# apt-get -y install build-essential libpcap-dev libssl-dev
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze
Lettura informazioni sullo stato... Fatto
E: Impossibile trovare il pacchetto libpcap-dev (impossible to find the package)

kcdtv
2016-01-15, 13:04
@ bob79
You have to edit your repositories list.
Check on the forum and in the documentation, you will easily find explanations about how to do it. ;)

bob79
2016-01-15, 18:05
removed and c/p new ones from a forum. now seems i'm allright. thank you :)

aanarchyy
2016-01-20, 00:24
Much code cleanup and a few bug-fixes :-)

kcdtv
2016-01-20, 00:38
Thanks again aanarchyy for all your efforts.
It is a bit late for me now but good to go to bed knowing that tomorrow is gonna be exiting with some new version.
Take care :)

aanarchyy
2016-01-23, 04:44
Some memory management added and it really seems to have sped up the code significantly!
Now it seems to be able to get the PIN and PSK in under 4 seconds :-D

chick0n
2016-01-25, 16:06
wow...this is much faster now :cool:

kalifornia
2016-03-09, 21:07
Possible to implement bully into wifite-ng? :) I know your a busy man. :cool:

aanarchyy
2016-03-10, 03:04
As much as I would like to say that i would love to, i honestly don't see that happening... And here are a couple of reasons:

My version of wifite had been out for MONTHS before derv82 made his release of wifite to include pixiewps(and my version still has more options pixie related, and some his still doesn't include). That version was almost immediately included in the KALI project, and my version discarded( even after g0tmi1k asked me to change the project name,which i did, suggesting it was to be included. Large factor of why mine is now basically unmaintained... cuz... why...)

As I am now the upstream maintainer of bully(which ALSO isn't included), If i were to add bully support to this, i would completely axe all of reaver/wash from the script and likely rewrite LARGE portions of it so as it would be almost it's own project. Probably an unpopular solution as it seems the Kali community has a HUGE chubby for reaver...

Kinda feels like the Kali project is growing a bit stagnant(Not even just things I've done, but many others that have been updated\improved but still aren't part of the project)

Seems with each update of Kali, it becomes less and less stable(Should I count how many recent threads that are akin to "Blank screen/Icons missing/Blinking cursor).

If i will ever make a "script" such as wifite with bully support, it will be its own project, not a rewrite...

kalifornia
2016-03-10, 05:24
Well im not much of a fan of reaver now neways. The updated bully makes my awus036nh crack routers now. lolz With reaver it did nothing. Ive tested the 036nh and 036nha so many times on the 24dbi grid 14dbi panel 7dbi panel etc with command line reaver and wifite-ng and the 036nh was always ****. 036nha has always worked good in reaver though but both units work GREAT with bully. :) Im a big fan of wifite-ng. its my go to script for 99% of things i do. Having a chub on for reaver is like getting a chub watching ducks mate. Like i say id love to see a rewrite with reaver flushed out but i know that it wont happen now. :(

p.s. i thought you hung out n idled in #offsec? i been on all day and dont see you there.

peace bro.


As much as I would like to say that i would love to, i honestly don't see that happening... And here are a couple of reasons:

My version of wifite had been out for MONTHS before derv82 made his release of wifite to include pixiewps(and my version still has more options pixie related, and some his still doesn't include). That version was almost immediately included in the KALI project, and my version discarded( even after g0tmi1k asked me to change the project name,which i did, suggesting it was to be included. Large factor of why mine is now basically unmaintained... cuz... why...)

As I am now the upstream maintainer of bully(which ALSO isn't included), If i were to add bully support to this, i would completely axe all of reaver/wash from the script and likely rewrite LARGE portions of it so as it would be almost it's own project. Probably an unpopular solution as it seems the Kali community has a HUGE chubby for reaver...

Kinda feels like the Kali project is growing a bit stagnant(Not even just things I've done, but many others that have been updated\improved but still aren't part of the project)

Seems with each update of Kali, it becomes less and less stable(Should I count how many recent threads that are akin to "Blank screen/Icons missing/Blinking cursor).

If i will ever make a "script" such as wifite with bully support, it will be its own project, not a rewrite...

Quest
2016-03-10, 18:29
...

If i will ever make a "script" such as wifite with bully support, it will be its own project, not a rewrite

oh **** yes, something like FrankenScript :D

vlan
2016-03-27, 13:45
hi aanarchyy , thanks for your work
I got this on RTL AP

0012002e48000000026c09a000c901000008023a0100eebd90 5e4a64517e23695764517e236957c037aaaa03000000888e01 0001d1012701d1fe00372a000000010400104a000110102200 0104104700106304125310192006122864517e236957102000 0664517e236957101a0010499fd1b51b80e7d62bf4a0b54962 e19e103200c0d0141b15656e96b85fcead2e8e76330d2b1ac1 576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b051 9c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6 fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf 69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d5 6e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca9 45fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d8 9217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b1004 0002002710100002000f100d00010110080002008610440001 021021001b5265616c74656b2053656d69636f6e647563746f 7220436f72702e1023000752544c383637311024000d45562d 323030362d30372d32371042000f3132333435363738393031 323334371054000800060050f2040001101100203342422041 44534c20726f757465722031204c414e202b20576972656c65 7373103c000101100200020000101200020000100900020000 102d000410000000[+] Rx( ID ) = 'EAPFail' Next pin '21907593'
[!] Unexpected packet received when waiting for EAP Req Id
[!] >000012002e48000000026c09a000cb01000008023a0100eebd 905e4a64517e23695764517e2369572038aaaa03000000888e 0100005001280050fe00372a000000010300104a0001101022 00010e101a0010499fd1b51b80e7d62bf4a0b54962e19e1039 00100000000000000000000000000000000010090002000110 49000600372a000120<
[+] Rx( ID ) = 'EAPFail' Next pin '21907593'
[+] Rx( M1 ) = 'Timeout' Next pin '21907593'
[+] Rx( M1 ) = 'Timeout' Next pin '21907593'
[!] Unexpected packet received when waiting for EAP Req Id

WPS Manufacturer: TP-LINK
[P] WPS Model Name: TL-WA801N
[P] WPS Model Number: 2.0
[P] Access Point Serial Number: 1.0
[+] Received M1 message
any idea why, and what is it, and how to crack this thing ?, i have handshake if needed

kcdtv
2016-03-27, 23:06
For those who didn't check the last update there is a now a very nice "silly GUI" :D
Very easy to use, just go to the src folder and you wile see that there is now a file called "bully.py"
https://www.wifi-libre.com/img/members/3/bully_tiene_una_GUI_3.jpg
Once located in the folder you can launch it with

sudo python bully.py
It is very intuitive and easy to use and will recover and display the WPA key after a successful pixiedust attack (or PIN brute-force)

https://www.wifi-libre.com/img/members/3/bully_tiene_una_GUI_7.jpg

Thanks Aanarchyy ! :)

aanarchyy
2016-03-27, 23:27
LOL you are quick kcdtv, i will give you that ;-)
I took that back down after i noticed a few bugs in it though, so you are one of the lucky few to have gotten it :-)

I will be re-commiting that after i fix a few things on it though, and i also have plans to add a "Scan" button to auto-populate the ESSID, BSSID, and Channel boxes.

It was just a quick little thing i threw together over a few days here and there. But i do have a few more plans for it :-)

Hopefully you and i can talk more privately sometime soon, perhaps you could help me test this stuff before i jump the gun again, and I'm SURE you have plenty of other good ideas as well (:

EDIT: Just saw you made a thread on your forum, so I'll recommit, Just cuz it's you (: But I do plan on fixing it soon.

kcdtv
2016-03-28, 15:06
Ups... I maybe should have shouted my big mouth, i spoiled the whole stuff :p
Damned it...

EDIT: Just saw you made a thread on your forum, so I'll recommit, Just cuz it's you (: But I do plan on fixing it soon.
Thanks... But please, don't worry about the thread and first do the stuffs your way, as you want to.


and i also have plans to add a "Scan" button to auto-populate the ESSID, BSSID, and Channel boxes.
(...)
Hopefully you and i can talk more privately sometime soon, perhaps you could help me test this stuff before i jump the gun again, and I'm SURE you have plenty of other good ideas as well (:

1) Very good idea
2) It would be a pleasure
I send you a PM or mail :)

can't find how to send you a private menage here or in github :p ... and i don't have skype (or a skype account)
Write me at kcdtv@wifi-libre.com and i will answer you at the adress i get (@moderation : sorry if that's against the rules of the forum, i would delete immediately)

soxrok2212
2016-03-28, 18:03
Ohh I like this... more collaboration :) Btw kcdtv, how's the new gear? Any pixie vulns in the newer hardware?

kcdtv
2016-03-29, 16:27
HI :)

Any pixie vulns in the newer hardware?
huh.... let me think.... yes maybe one used by "Movistar" (telefonica).
i'll check that and update the list if so. ;)

I added two models
D_Link DAP1520, a dual band repeater with a mediatek chipset
Totolink N301RT from "realtekX project" family

I have to check more, there is maybe a couple of them more to add

X999
2016-04-27, 13:28
possible bully can use pin list we created with crunch..?

bully wlan0mon -b 11:22:33:44:55:66 -c 11 -B -p /path/to/pins.lst/txt

:confused: i'm not programmer just script kiddies :p and this just idea

aanarchyy
2016-04-28, 15:43
possible bully can use pin list we created with crunch..?

bully wlan0mon -b 11:22:33:44:55:66 -c 11 -B -p /path/to/pins.lst/txt

:confused: i'm not programmer just script kiddies :p and this just idea

I can't really see a point to making or using a WPS pin list.

r1si
2016-04-29, 22:33
Hi aanarchyy, thanks a lot for your software.
But for me don't work...
bully still use the same pin.. and pixie didn't start..
Can you help me?

Elia

soxrok2212
2016-04-30, 16:49
My car has the same engine and won't start, what's wrong?!

We need more information! What is happening? What is your setup? What is your target? What hardware do you have? Did you install everything correctly?

And perhaps try asking in a forum of your native language as it will probably be easier for both you and us to understand correctly.

v1s1t0r
2016-11-06, 21:21
Sorry for posting on old threads... but I'm wondering why an amazing update like this (I mean aanarchyy, your 1.1 bully version) is not on the Kali repositories?... I have the latest Kali with all last updates and bully version is v1.0-22 ... and your v1.1 is amazing integrating pixiewps attack.

I'm new at the forum and maybe I'm asking silly things... but, who decide what tools are included on repos? I know the original bully is included... but your update is an evolution of it. how can this be done? I mean, to include your version in Kali Linux repos? Because in my opinnion, it could be a great contribution to the community. I know to install dependencies and compile is an easy task and is very well explained on your README on github... but it could be great to get it only with apt-get.

Thank you for your effort and the effort of your collaborators. Bully is a good tool which save the ralink chipset users like me.

wapp
2016-11-13, 04:50
thanks bro

kcdtv
2016-11-22, 00:14
but your update is an evolution of it. how can this be done? I mean, to include your version in Kali Linux repos?
Hi there! ;)
As far as I know everything works through the kali bugtracker: https://bugs.kali.org/main_page.php
You have to create an account and than you can open an issue to ask for the implementation of bully mod' by aanarchyy
good luck!

Pippin
2016-11-24, 07:00
Anybody have any idea what's wrong here?


@kali:~/bully/src# make
cc -I`pwd` -I`pwd`/utils/ -I`pwd`/tls/ -I`pwd`/wps/ -I`pwd`/crypto/ -I`pwd`/common/ -o bully bully.c -lpcap -lssl -lcrypto
bully.c:26:18: fatal error: pcap.h: No such file or directory
compilation terminated.

v1s1t0r
2016-11-24, 08:08
apt-get install libpcap-dev

Pippin
2016-11-24, 15:15
apt-get install libpcap-dev

Thanks but I'm now getting this error.

WARNING: The following packages cannot be authenticated!
libpcap0.8-dev libpcap-dev
Install these packages without verification? [y/N] Y
Err http://http.kali.org/kali/ sana/main libpcap0.8-dev i386 1.6.2-2
404 Not Found
Err http://http.kali.org/kali/ sana/main libpcap-dev all 1.6.2-2
404 Not Found
E: Failed to fetch http://http.kali.org/kali/pool/main/libp/libpcap/libpcap0.8-dev_1.6.2-2_i386.deb 404 Not Found

E: Failed to fetch http://http.kali.org/kali/pool/main/libp/libpcap/libpcap-dev_1.6.2-2_all.deb 404 Not Found

E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

soxrok2212
2016-11-24, 16:58
It looks like you may have a problem with your sources.list, try this:



gedit /etc/apt/sources.list


Replace everything with the sources for your distribution: http://docs.kali.org/general-use/kali-linux-sources-list-repositories

Save and exit, then:



apt-get update
apt-get upgrade
apt-get install libpcap-dev libssl-dev libsqlite3-dev

Pippin
2016-11-24, 18:06
Thanks sox, I've managed to get a bit further but it now has this.

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
libssl-dev : Depends: libssl1.0.0 (= 1.0.1k-3) but 1.0.1k-3+deb8u1 is to be installed
Recommends: libssl-doc but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

soxrok2212
2016-11-24, 18:55
Thanks sox, I've managed to get a bit further but it now has this.

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
libssl-dev : Depends: libssl1.0.0 (= 1.0.1k-3) but 1.0.1k-3+deb8u1 is to be installed
Recommends: libssl-doc but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

I hate when this happens. Try


apt-get remove libssl1.0.0
apt-get install libssl-dev

v1s1t0r
2016-11-24, 20:08
As far as I know everything works through the kali bugtracker: https://bugs.kali.org/main_page.php
You have to create an account and than you can open an issue to ask for the implementation of bully mod' by aanarchyy
good luck!

Kcdtv, I followed your advice and opened the suggestion: https://bugs.kali.org/view.php?id=3745 . Maybe somebody may pay attention to this. I think is very interesting for bully users... as you know, ralink chipset + reaver = disaster , and I have an Alfa with Ralink chipset. Bully saved my life for all testing of WPS part of the script I'm developing, you know that because you are a collaborator... I don't want to put a link to my project to avoid spamming you on this forum. :)

Pippin
2016-11-24, 23:49
I hate when this happens. Try


apt-get remove libssl1.0.0
apt-get install libssl-dev


That cured it.

Thanks sox.

D3ADSHOT
2016-12-05, 12:34
Hi all,

I just installed bully on my system and I was curious if I was able to crack my own wifi router. My question: is it normal that the pin set from bully never change to random but always the same? What is causing this?


[+] Rx(Beacon) = 'Timeout' Next pin '11533917'
[+] Rx(Beacon) = 'Timeout' Next pin '11533917'
[+] Rx( Auth ) = 'Timeout' Next pin '11533917'
[+] Rx(Beacon) = 'Timeout' Next pin '11533917'
[+] Sent packet not acknowledged after 3 attempts
[+] Tx( Assn ) = 'Timeout' Next pin '11533917'
[+] Rx(Beacon) = 'Timeout' Next pin '11533917'
[+] Rx(Beacon) = 'Timeout' Next pin '11533917'
[+] Rx(Beacon) = 'Timeout' Next pin '11533917'
[+] Rx( ID ) = 'Timeout' Next pin '11533917'
[+] Sent packet not acknowledged after 3 attempts
[+] Tx(DeAuth) = 'Timeout' Next pin '11533917'
[+] Rx(Beacon) = 'Timeout' Next pin '11533917'
[!] Received M2D or out of sequence WPS Message
[+] Rx(M2D/M3) = 'WPSFail' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( Assn ) = 'Timeout' Next pin '11533917'
[+] Rx(Beacon) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( Auth ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( ID ) = 'Timeout' Next pin '11533917'
[+] Rx(Beacon) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'WPSFail' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( M1 ) = 'Timeout' Next pin '11533917'
[+] Rx( Assn ) = 'Timeout' Next pin '11533917'

v1s1t0r
2016-12-06, 12:13
It stuck if is not able to perform the attempt. Maybe your home's router has PBC activated (push button connect) and needs to push the button physically in order to accept wps connections. You can check it using airodump-ng with --wps parameter (available from aircrack 1.2 rc2 I think, not sure). Start scanning and let it long time. After a few minutes, on WPS column start to appear interesting data like this (PBC) on some routers.

soxrok2212
2016-12-07, 05:59
Or your connection is crappy, unsupported wireless card, WPS is enabled but not configure, AP is low on entropy, there are literally 1,000 reasons as to why there may be a problem.

It helps if you give more information about the target. Since it is yours, you should be able to do that.

joel
2016-12-11, 07:02
hello annarchyy ? i got some problem at bully install pixiewps. (make: *** [bully] Error 1)

v1s1t0r
2017-03-04, 15:37
Sorry for answer maybe too late. To build correctly bully with latest Kali releases you must "downgrade" libssl-dev package. I mean, if you do
apt-get remove libssl-dev and then
apt-get install libssl1.0-dev. After this you can compile successfully bully following the github instructions, you know:


git clone https://github.com/aanarchyy/bully
cd bully*/
cd src/
make
make install

Hope it helps.

v1s1t0r
2017-04-17, 21:21
Fresh news. Yesterday wiire (the author of pixiewps) updated the aanarchyy bully project. The version is still the 1.1 and it hasn't any new feature but he solved the problems on compilation. He removed the dependency of libssl-dev. Now the compilation is very fast and flawless.

https://github.com/aanarchyy/bully