Page 57 of 58 FirstFirst ... 74755565758 LastLast
Results 561 to 570 of 580

Thread: WPS Pixie Dust Attack (Offline WPS Attack)

  1. #561
    Junior Member
    Join Date
    Sep 2016
    Posts
    8
    true, but I know that trying to create an accurate wordlist with crunch for bigpond/teltra modems (Australian provider) requires 10 digits, and upper and numerical, the output for that in crunch is 25 petabytes. Not sure I can get that kind of storage, or wait the time for it to be created

  2. #562
    Member
    Join Date
    Aug 2015
    Location
    The Pits
    Posts
    86
    Great thread, THANK YOU KALI FORUMS!
    wifiphisher looks neat but since I have to provide the target's internet connection for a period of time I don't think I'll ever use it. Or do I not understand how it works?
    RE: Technicolor modems: The ones I've seen use 15 or 16 characters and apparently no "trick" exists to help guess the pass.

    And now I have my main question: Is the old pixiewps PRNG brute force ever successful? as in:
    [+] Pin not found, trying -f (full PRNG brute force), this may take around 30 minutes
    It never succeeded for me, but my new installation of Kali never runs the PRNG brute force, as the -f option now denotes "force disable channel hopping" instead of "brute force PRNG". If it's a hopeful attack, I'd like to get it back, but how?

  3. #563
    Junior Member
    Join Date
    Jul 2013
    Posts
    8
    my router is not listed, so how do i know if it's vulnerable or not? Obviously reaver with -K option finds nothing, because it's not programmed into pixiedust.
    it's a Broadcom
    WPS Model Name: Broadcom
    WPS Model Number: 123456
    AP Serial Number: 1234

    It shows the r-nonce, PKR, authkey, hash1, hash2 ..etc, but it finds nothing, obviously because router is never been tested, so how can i find out if my router is vulnerable to pixiedust attack?
    does someone ever like update the list?
    I also noticed lot of other routers that are not listed. Routers used in Sweden are not listed, some routers used in UK are not listed and most routers used in Finland are not listed either, is this some USA based thing or something?

  4. #564
    Junior Member
    Join Date
    May 2015
    Posts
    18
    Quote Originally Posted by mordax View Post
    my router is not listed, so how do i know if it's vulnerable or not? Obviously reaver with -K option finds nothing, because it's not programmed into pixiedust.
    it's a Broadcom
    WPS Model Name: Broadcom
    WPS Model Number: 123456
    AP Serial Number: 1234

    It shows the r-nonce, PKR, authkey, hash1, hash2 ..etc, but it finds nothing, obviously because router is never been tested, so how can i find out if my router is vulnerable to pixiedust attack?
    does someone ever like update the list?
    I also noticed lot of other routers that are not listed. Routers used in Sweden are not listed, some routers used in UK are not listed and most routers used in Finland are not listed either, is this some USA based thing or something?
    I think its most USA router listed cuz most users in this forum lives there.
    But i know pixie works on a lot of routers even in Sweden where i live.

  5. #565
    Junior Member
    Join Date
    Jul 2013
    Posts
    8
    Quote Originally Posted by squash View Post
    I think its most USA router listed cuz most users in this forum lives there.
    But i know pixie works on a lot of routers even in Sweden where i live.
    I dont fully understand pixie dust yet. is there any type of "calculator" which can be used to test new routers against pixie dust?

  6. #566
    Member
    Join Date
    Aug 2015
    Location
    The Pits
    Posts
    86
    lol mordax, pixiewps is a calculator. If it succeeds, then the router is vulnerable.
    Type this:
    reaver --help
    and read through the options. I seem to recall that there is a -W switch that MIGHT calculate the default PIN for you, if it's a D-Link or Belkin.

  7. #567
    Junior Member
    Join Date
    Sep 2016
    Posts
    2
    I have tested a couple of d-link routers and never succeeded.
    I used -K option but failed and -W to generate the default pin but supplying that pin to reaver never seems to work.
    I guessed those routers were not vulnerable but then I tested them with an android app "WPA WPS Tester"and i was able to authenticate successfully..!
    I tried to disassemble the app but coudn't get anything as I dont know andriod or java much.
    If anyone can look at the app, which is available in google play store, may be it will help in wps attacks in future.

    Note: The app generated the same pin as -W switch but reaver or bully couldn't get the passphrase whereas the app succeeded.

    Any help will be appreciated.

    Thanks

  8. #568
    Junior Member
    Join Date
    Jul 2013
    Posts
    8
    Quote Originally Posted by John_Doe View Post
    lol mordax, pixiewps is a calculator. If it succeeds, then the router is vulnerable.
    Type this:
    reaver --help
    and read through the options. I seem to recall that there is a -W switch that MIGHT calculate the default PIN for you, if it's a D-Link or Belkin.
    nah you didn't get my question. Pixie dust can only calculate the WPS pin if the algorithm is programmed into the pixie dust (algorithm used by router), but what if the router I tested uses a different algorithm? so what i'm saying, is that how can pixie dust know about the router, if it hasn't been programmed into pixie dust?
    I know for a fact, that there are different algorithms out there that are being used by different routers. That's what i meant under a calculator, something that constantly gets updated with the latest algorithms being used.


    @dek0der if reaver can't get the passphrase from WPS pin, have you tried connecting into the router using WPS pin? For example Windows 10 allows you to connect by using WPS Pin, so do some Android phones. NOTE that connecting to router using WPS pin as passphrase will not work, you have to first select the special option to use WPS Pin, otherwise your OS simply tries the pin as passphrase and fails.
    If router accepts the WPS, but reaver won't find the pass, then you have weak signal. If router doesn't accept WPS, then it means that your router does have default WPS, but it's disabled by default. I have ran across some routers that have it disabled by default, i've checked the settings and WPS is set to "push to activate" mode, so you have to push the button physically on your router and only then it becomes active for about 1 minute.

  9. #569
    Junior Member
    Join Date
    Sep 2016
    Posts
    2
    @mordax i m fully aware of all the facts that you u stated...what i m saying is that android app 'WPS WPA Tester' is able to authenticate with AP but reaver fails. I tried it with a rooted phone and saw the password in wpa_supplicant.conf file was NULL...what does that mean..? And how is app able to authenticate with AP while reaver does not produce any results. AP signal is also strong.

  10. #570
    Junior Member
    Join Date
    Oct 2016
    Posts
    3
    Hi everybody, Why i get the mesaje Rx(Beacon) = 'Timeout' Next pin xxxxxxxx

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •