Thank you, aanarchyy, for the awesome script. very fast wifi testing.
Junior Member
Thank you, aanarchyy, for the awesome script. very fast wifi testing.
Junior Member
hello.
Im getting attack failed on almost every AP, Is it normal ?
of 17 APs, pixie works in only one. Ironically the weakest.
Senior Member
Are u able to tell why attacks are failing?Originally Posted by fastlane
What happens when u attack individual AP's through command line?
What versions of reaver, wifite, pixiewps?
have u updated any of them recently?
Junior Member
everything goes normal. it shows "pkr found" "E-Hash1 found" etc...
and when it going to show the pin, it shows the message "Pixiewps attack failed!"
didnt try indivitual reaver attack yet
got it yesterday from github so i thinks it is the newest
-
Member
I got the same issue with fastlane now, it found all the keys but pixiewps attack failed.
Where is the darn "any key" key?
Senior Member
@g0tmi1k Renamed the binary to wifite-ng
Member
I got errors when run ./wifite -update
[+] downloading update...
Archive: /tmp/wifite05IK1h/wifite-mod-pixiewps-master.zip
32da7b0d69d5cae24e5a2736b77aec56e5a64b7c
creating: /tmp/wifite05IK1h/wifite-mod-pixiewps-master/
inflating: /tmp/wifite05IK1h/wifite-mod-pixiewps-master/LICENSE
inflating: /tmp/wifite05IK1h/wifite-mod-pixiewps-master/README.md
inflating: /tmp/wifite05IK1h/wifite-mod-pixiewps-master/wifite-ng
cp: cannot stat `/tmp/wifite05IK1h/wifite-mod-pixiewps-master/wifite': No such file or directory
chmod: cannot access `wifite': No such file or directory
chmod: cannot access `wifite-ng': No such file or directory
[!] upgrade script returned unexpected code: 1
[+] quitting
Where is the darn "any key" key?
Senior Member
oops changed the binary name because of clashes with the original wifite, should be fixed now :-)
Senior Member
TNX for super-fast-fix!!!&& thanks for your work!!
http://postimg.org/image/9c1btalqh/
Senior Member
nice job aanarchy! It would have been a shame to don't have pxie dust in wifite, isn't it?
By the way it works perfectly in xubuntu 15.04 too (not a surprise but nice)
I see in the "Mightdo list" that you might consider including defaults known PIN and algorithm
I can give you a hand for that when it is time
cheers
Member
You're a rock star, aanarchyy...
Where is the darn "any key" key?
Member
Hey aanarchy, now that the new pixiewps prints out a warning saying that the router might be vulnerable to mode 4 (PRNG bruteforce), what do you think abut having wifite print this info and then re-run the attack using -f ?
Junior Member
Hello aanarchyy !
I have the same problem with last wifite-ng.
wifite v2(r108)
pixiewps v1.1
reaver v1.5.2
But reaver with pixie shows all info:
http://imageshack.com/a/img910/4162/f3CIbc.jpg
Member
It might be the same problem we had on Reaver due to me adding some extra 3 more spaces on the pixiewps pin print line.
I think on line 3111 you have to change:
to:WPSpin=WPSpin[WPSpin.find("WPS pin")+9:WPSpin.find("\n")]
WPSpin=WPSpin[WPSpin.find("WPS pin")+12:WPSpin.find("\n")]
Junior Member
wiire, unfortunately did not help.
Member
changed
toENonce=ENonce[ENonce.find("E-Nonce:")+5:ENonce.find("\n")]
working fine now.ENonce=ENonce[ENonce.find("E-Nonce:")+9:ENonce.find("\n")]
Member
what number line of code? I looked through the entire code but did not find ENonce=ENonce[ENonce.find("E-Nonce:")+9:ENonce.find("\n")]
Where is the darn "any key" key?
Member
sorry about that I was actually using the previous version which also had the same problem or not finding the PIN and was due to extra characters in the Enonce. I am using the new version new and seems to have the same issue, I just changed the following (there might be a better way to fix it)
"line 3065"
toENonce= ENonce.split(':',1)[1].rstrip()
PKE=PKE.split(':',1)[1].rstrip()
PKR=PKR.split(':',1)[1].rstrip()
EHash1=EHash1.split(':',1)[1].rstrip()
EHash2=EHash2.split(':',1)[1].rstrip()
AuthKey=AuthKey.split(':',1)[1].rstrip()
ENonce=ENonce[ENonce.find("E-Nonce:")+9:ENonce.find("\n")]
PKE=PKE[PKE.find("PKE:")+5:PKE.find("\n")]
PKR=PKR[PKR.find("PKR:")+5:PKR.find("\n")]
EHash1=EHash1[EHash1.find("EHash1:")+14:EHash1.find("\n")]
EHash2=EHash2[EHash2.find("EHash2:")+14:EHash2.find("\n")]
AuthKey=AuthKey[AuthKey.find("AuthKey:")+9:AuthKey.find("\n")]
Junior Member
Still the same. Wifite says attack failed, but Reaver+pixie finds all.
Member
I think it does not work on the router you're try to test. I tested on my it worked in less than 1 minute. very fast, and it some that all the keys are found but pixiewps failed to crack.
Where is the darn "any key" key?
Senior Member
Extra whitespaces were added that borked out wifite, should be fixed now. :-)
Junior Member
Cool ! Thank's for fixing. Now i got all info from my target router.
Senior Member
1.
Confirmed fixed r109....... I mentioned this too, on github.
2. I also like the idea of wifite-ng printing out additional pixiewps info.
3. Until reaver implements all the new attacks in pixiewps 1.1 automatically can wifite-ng carry them out?
Senior Member
Once i can find a router that actually tells me the "might be vulnerable" part i can do that, but for now, i can dig through the pixiewps code to see what the output looks like and try to put it in untested.
Senior Member
Yes finding a router vulnerable to this is my issue too. Also, attack is new for me. Until I find one, I can't refine my technique.
Senior Member
Thought I'd share my current wifite-ng command line usage and thoughts, user asked on github.
./wifite-ng -ponly -pto 50 -paddto 20 -wpst 60 -wpsretry 5 -c<x> -pow 50
1st know which routers are at this point broken - check soxrok2212's database (1st set of hashes will let u know)Code:-ponly ---------> quick and dirty, low hanging fruit.......key cracked offline even. -pto 50 --------> if router doesn't respond in 50 secs, I'm too far away or need to spoof mac -paddto 20 -----> if hashes start flowing add more time -wspt 60 -------> if pin found, and I'm close enough - reaver will find passphrase quickly.....if not, need advanced options from command line, don't hang script. Move on to next target. script default is 660 secs -wpsretry 5 ----> try pin 5 times only. If I'm close enough, thats enough retry times. Else spoof or move closer. possibly -t20, -T20 in reaver. -c -------------> try routers on specific channels, optional. just less clutter in crowded locations -pow 50 --------> only try routers 50dB and above, if below your chasing other problems but distance is the main problem
After router scans and wps compatibility check use wifite-ng signal strength colors as indicator of possible success - green targets in range, yellow maybe, red don't even try
Let wifite-ng do its thing...........
If wifite-ng isn't able to crack any targets, consider your distance mostly and if any of the targets routers are vulnerable.
Then use command line to verify with reaver output:
Failed association:
- Use airodump-ng to find clients of router ***
- Use reaver -m (mac of client) and -A (aireplay-ng does associations)
- Move closer **
Rate Limiting Detected:
- send less pin request and use lock out timer
- use mdk3, try reset router **
Use airodump to see connected clients and or if router resets with mdk3.
Last edited by nuroo; 2015-05-05 at 00:35.
Senior Member
@aanarchy
By chance my friend had a realtek router. I was able to get a several hashes for pixiewps.
It didnt work for me, but at least pixiewps gives the "may be vulnerable to -f ......." response.
You could at least use it to show wifite what to look for?
Senior Member
As i said before, it's really hard for me to code that when i don't have anything in range that will give me the the "may be vulnerable" output so it's kinda hard to write something reliable. If i had a shell on something that had access to such a router, then chances are much better it can happen. But right now, i have no way to try/test it.
Sucks, but i had a version of wifite that actively spoofed connected clients while trying any of the wps/wpa stuff, but comp crashed and i lost it :-/
Gotta remember how i did it, all my best coding is done after three blue moons( scientic proof lol. look up the ballmer peak)
Last edited by aanarchyy; 2015-05-06 at 01:09.
Member
Nuroo, why don't you send aanarchyy your router so he can test it? Then he can write a liable codes for the realtek router. just an idea.
Where is the darn "any key" key?
Junior Member
how to install wifite-ng and where to place it?
./wifite.py givs error to
Member
you can put anywhere, Desktop, Home folder,etc...
you would cd to the folder then ./wifite-ng to run it.
./wifite-ng -update to update
Last edited by thepoor; 2015-05-13 at 11:21.
Where is the darn "any key" key?
Senior Member
Fixed issue with new version of wash wasn't working.
It was caused by the changing of the -C flag in wash.
Senior Member
Best news of the day, thanks !!
Junior Member
Question and say thanks!
Hello!
Thank you, aanarchyy!
what do you think about this error?
I try to active mon mode before run wifite-ng, but same error!Code:root@o:~# wifite-ng .;' `;, .;' ,;' `;, `;, WiFite v2 (r110) .;' ,;' ,;' `;, `;, `;, :: :: : ( ) : :: :: automated wireless auditor ':. ':. ':. /_\ ,:' ,:' ,:' ':. ':. /___\ ,:' ,:' designed for Linux ':. /_____\ ,:' / \ modified by aanarchyy(aanarchyy@gmail.com) Credits to wiire,DataHead,soxrok2212,nxxxu,nuroo [+] scanning for wireless devices... [+] initializing scan (wlan1mon), updates at 5 sec intervals, CTRL+C when ready. Traceback (most recent call last):rks. 0 targets and 0 clients found File "/usr/bin/wifite-ng", line 3281, in <module> main() File "/usr/bin/wifite-ng", line 269, in main (targets, clients) = scan(iface=iface, channel=TARGET_CHANNEL) File "/usr/bin/wifite-ng", line 1189, in scan wps_check_targets(targets, temp + 'wifite-01.cap', verbose=False) File "/usr/bin/wifite-ng", line 1445, in wps_check_targets locked = line.split(' ')[42] IndexError: list index out of range root@o:~#
Good luck
Member
Is your wireless device supported? Does it work good in other environments?
Junior Member
Yes, for example with wifite complete work!
Junior Member
Ihave the same error on my laptop and on my nexus 5.
Wifite works fine and the patched reaver works fine too
Senior Member
Sorry, didn't even notice this until yesterday, it's all fixed in newest version :-)
Junior Member
Thank you for update, Now is working!
Junior Member
Please check, looks like PixieWPS attack commands in wifite are no more working.
Senior Member
Should be fixed now, they added an extra v in reaver -vvv
Sorry just gotta keep up with all the changes they keep making with the helper apps :-)
Junior Member
First off, I've enjoyed following this thread and watching this project grow! I've been testing out your mod but pixie seems to auto fail with every attempt.
This occurs every time.Code:[+] E-Nonce found [+] PKE hash found [+] Manufacturer: Belkin International [+] Model Name: N150 Wireless Router [+] Model Number: F9K1001 [+] Serial: 201224GB110012 [+] PKR hash found [+] Authkey found [+] E-Hash1 found [+] E-Hash2 found [+] Cracking using pixiewps... [+] Pixiewps attack failed!
Junior Member
ditto with NETGEAR AP i tested it on
Junior Member
@aanarchyy ,can you add a option to show ip of the acces point ,ex:
NUM ESSID CH ENCR POWER WPS? CLIENT IP
--- ------------------ -- ---- ----- ---- ------ --
1 A***** 1 WPA2 46db Locked 79.xx.xx.xx
2 B***** 1 WPA2 43db wps 71.xx.xx.xx
3 C**** 1 WPA2 31db wps 49.xx.xx.xx
Senior Member
You need to be connected in order to see the IP.
Junior Member
heres a few tests ive ran
[+] E-Nonce found
[+] PKE hash found
[+] Manufacturer: Belkin Corporation
[+] Model Name: F9K1002v5
[+] Model Number: 5.03.19
[+] Serial: 12334GC2542065
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...
[+] Pixiewps attack failed!
[+] E-Nonce found
[+] PKE hash found
[+] Manufacturer: Belkin International
[+] Model Name: Belkin N600DB Wireless Router
[+] Model Number: F9K1102 v2
[+] Serial: 20422GF2204541
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...
[+] PIN found: 14987236
good work guys ! i really appreciate everyones work
Junior Member
Hi aanarchy,
sorry to bother you with this but I am just hoping you could help me out
I am trying to compile https://github.com/t6x/reaver-wps-fork-t6x on Kali 2.0 and get an error, I didn't have this problem on Kali 1.09
Here is what I did:
1. Clean hd-install of Kali 2.0 light 64bit
2. Installed metapackage kali-all
3. cloned and compiled https://github.com/wiire/pixiewps - no problems
4. cloned and tried to compile https://github.com/t6x/reaver-wps-fork-t6x - and I get the following error:
error.txt attached
Although this error error doesn't concern you directly, would you please be so kind to have a look at it?
Thank you in advance for your time.
Sorry aanarchy, sorry to everyone else too.
Seems I was a bit tired from long hours.
Googled it and found this: https://code.google.com/p/reaver-wps.../detail?id=190
It seems: "You can just ignore the error and do,
"sudo reaver" or "sudo -i reaver"
And the program is runnnig and working well.
Enjoy! "
I hadn't even noticed the compiled files.
Thank you all anyway.
Last edited by DinoS; 2015-08-17 at 11:20.
Junior Member
Hey,
did you build a config before compiling?
and by the way, this fork of reaver is already part of KALI 2.0 (Full Image) If you just install a minimal OS then its a good idea to try this metapackage./configure
make && make install
apt-get update && apt-get install kali-linux-wireless
http://tools.kali.org/kali-metapackages
Last edited by fruchttiger00x0; 2015-08-18 at 06:40. Reason: typo
Senior Member
Keep in mind, reaver and pixiewps are included by default in Kali 2.0. There is a version of wifite included as well that I believe supports the pixie dust attack, but it is not aanarchyy's version.Hi aanarchy,
sorry to bother you with this but I am just hoping you could help me out
I am trying to compile https://github.com/t6x/reaver-wps-fork-t6x on Kali 2.0 and get an error, I didn't have this problem on Kali 1.09
Here is what I did:
1. Clean hd-install of Kali 2.0 light 64bit
2. Installed metapackage kali-all
3. cloned and compiled https://github.com/wiire/pixiewps - no problems
4. cloned and tried to compile https://github.com/t6x/reaver-wps-fork-t6x - and I get the following error:
error.txt attached
Although this error error doesn't concern you directly, would you please be so kind to have a look at it?
Thank you in advance for your time.
Sorry aanarchy, sorry to everyone else too.
Seems I was a bit tired from long hours.
Googled it and found this: https://code.google.com/p/reaver-wps.../detail?id=190
It seems: "You can just ignore the error and do,
"sudo reaver" or "sudo -i reaver"
And the program is runnnig and working well.
Enjoy! "
I hadn't even noticed the compiled files.
Thank you all anyway.
Junior Member
Hi fruchttiger00x0,
thank you for your reply.
As I already mentioned in my edit, I was just too tired to search and find out that it was just an error to ignore.
Yes, of course I did a ./configure.
I not only did an apt-get install kali-linux-wireless, I did an apt-get install kali-linux-all.
Posting Permissions
