Wifite including new pixiewps attack

[DinoS]

Hi soxrok2212,
thank you for you reply.

Keep in mind, reaver and pixiewps are included by default in Kali 2.0. There is a version of wifite included as well that I believe supports the pixie dust attack, but it is not aanarchyy's version.

Yes, I know, but I think these versions are different.
They not only accept different command parameters but they also run differently. At least as far as I can say, after testing them on the same system with the same hardware, on two separate installs.
One with original Kali 2.0 files exclusively and one with Kali 2.0 after installing and applying modifications like aanarchyy's version and so on.

[fruchttiger00x0]

Forget what i said about that "./configure" thing, was also a bit tired i guess^^ after a little research i would point to problems within the newer version of libpcap but i guess you already figure that out

Hmm, yes

there are 2 versions if we talk about usable packages. The original which is still build in kali and the fork from aanarchyy (better known as wifite-ng)


wifite https://github.com/derv82/wifite
wifite-ng https://github.com/aanarchyy/wifite-mod-pixiewps

Is that the point?

[DinoS]

Hi fruchttiger00x0,
I suppose you oversaw my edit in my original post:

Sorry aanarchy, sorry to everyone else too.
Seems I was a bit tired from long hours.
Googled it and found this: https://code.google.com/p/reaver-wps.../detail?id=190

It seems: "You can just ignore the error and do,
"sudo reaver" or "sudo -i reaver"
And the program is runnnig and working well.
Enjoy! "

I hadn't even noticed the compiled files.
Thank you all anyway.

After half an hour of coffee brake, I found the above mentioned posting and realized I was blind enough to oversee the compiled files.
So, problem solved, my question answered.
Thank you anyway for your interest and time.

[aanarchyy]

Sorry I have been slacking on this, was busy porting pixiewps to android and soon t6x-reaver :-) I will look into this shortly. Too many projects...

[fruchttiger00x0]

take your time boy, coming when its done. the mod is my first choice, especially to run some checks after doing wifi modifications. really sweet dude!
but btw, can you tell me if there is some verbose mode or that i at least can see what reaver is gonna do. For many APs i just wait forever because it is still trying to get Hash 1 & 2. I could run reaver or other scripts but this is surely inconvenient and wont show me options, parameters you might trigger.so anyway.. would be nice to know o

[yhi]

i am having some problem while using wifite
i am trying to attack on my AP

my router is dlink DSL-2730U
i am getting 0x02 error

i am also getting error while i am trying pixie attack on some other AP
i am not sure about this error
its show something with PSK ...
& then stop attack & switch to another AP


i am using wifite with kali 2.0 (live using usb)
my wifi adapters TP link WN722N

[soxrok2212]

i am having some problem while using wifite
i am trying to attack on my AP

my router is dlink DSL-2730U
i am getting 0x02 error

i am also getting error while i am trying pixie attack on some other AP
i am not sure about this error
its show something with PSK ...
& then stop attack & switch to another AP


i am using wifite with kali 2.0 (live using usb)
my wifi adapters TP link WN722N

The networks probably aren't vulnerable. From the looks of it, that D-Link uses a Broadcom chipset which is not vulnerable to the pixie dust attack, though it may be vulnerable to devttys0's d-link pingen.

[kalifornia]

Nice mod with only 1 thing wrong. It does not capture handshakes at all. if it captured handshakes it would be perfect. Thx again for this aanarchyy.

[kcdtv]

though it may be vulnerable to devttys0's d-link pingen.

Not this one: A common default PIN ( 20172527 ) has been found on several DSL-2730U
The algorithm from craig heffner (devttys0's) affects devices with model name like this "DIR-(....)" or DAP-(....).
If you see "DIR" or "DAP" you would have approximately 50% of probability to be in front of a vulnerable device.

[Quest]

Nice mod with only 1 thing wrong. It does not capture handshakes at all. if it captured handshakes it would be perfect. Thx again for this aanarchyy.

and why not start a new project? I like Wifite, but I can see the use for an 'assistant'. A program that will assist the User spoof, scan, launch attacks, with a spectrum of options. Less automation and more options.

[aanarchyy]

Haven't looked at this in months, but last i remember it does capture handshakes just fine, it creates a directory named "hs" and saves the caps of the handshakes in it.
And if you do not supply a word list, all it does is capture the handshake and move on.

[kalifornia]

I have a modified wifite the sends 5 deauths then waits 10 secs and send 5 more again. Anything with 26db or greater with a client connected gets a handshake within a minute. Wifite-ng i dont know whats wrong bro but it wont capture any. I cant be the only one.

Not complaining at all bro just pointing it out to you. The wifite-ng script rocks. If it captured hs it would be perfect. The wps wash locked or open and connected clients works great and pixiewps attack n printing.

I have a awus036nh whichs hasnt cracked anything yet although my bros routers is 100% vulnerable the pix attack always says failed and i get failed to associate messages lots. Ive ordered a awus036nha as ive read the rt3070 on the 036nh dont work good with reaver.

Thx again aanarchyy!

Voluntarist for life.

[aanarchyy]

I have a modified wifite the sends 5 deauths then waits 10 secs and send 5 more again. Anything with 26db or greater with a client connected gets a handshake within a minute. Wifite-ng i dont know whats wrong bro but it wont capture any. I cant be the only one.

Not complaining at all bro just pointing it out to you. The wifite-ng script rocks. If it captured hs it would be perfect. The wps wash locked or open and connected clients works great and pixiewps attack n printing.

I have a awus036nh whichs hasnt cracked anything yet although my bros routers is 100% vulnerable the pix attack always says failed and i get failed to associate messages lots. Ive ordered a awus036nha as ive read the rt3070 on the 036nh dont work good with reaver.

Thx again aanarchyy!

Voluntarist for life.

I have issue with how some of reaver(and therefore also wifite as reaver is a "helper" program) is written and poor cross-compilation , and i have since backed away from reaver.

I have a modified version of bully that seems to work much better for me though, give it a shot.
https://github.com/aanarchyy

[kalifornia]

My 036nha came in tmail today. Its a very fast card and blows the 036nh away. Im in the process of popping my bros asus router 2 blocks away in an hour with wps pin attack 41/146 suucess/ttl 20db is the signal level in wifite-ng lol this card is awesome with low signal. Im using nethunter on my note 3 on touchwiz. I think i will put the 036nh up on kijiji.

Aanarchyy i tried your modded bully with the 036nha and got a lockout within 10 secs which tells me its working. With the 036nh i could not do anything except capture handshakes. the 036nh seems more responsive with bully though. in reaver it sucks imho.

I love the automation with wifite because i use a galaxy note 3 to pentest. It would be great to see bully implimented into wifite. Wink wink

Cheers from BC canada.

[kalifornia]

This awus036nha is a great card. I Never seen this model dlink router in the pixiedust database and i can confirm it works.

[Chazzy1656]

Hi guys i dong know if the crack works or not im using the new kali 2016.1 iso live on usb chipset 5100agn with everything configured wlan0mon and injecting packet as well im trying to connect to a AP close to me -41dB but reaver doesnt work wont get pass M2 send nack error time out occured then i tryed wifite the pixie dust doest work wont receive the eHashes eHash1 and eHashes2 so my guess its that the wps doesnt work but wash -i wlan0mon shows me that is not protected and wifite told me that its supporting wps also i tried capturing handshake aireplay lets me so it and also injecting and also deauth and fakeauth but everything else just wont receive the M3 m4 and so the only thing that seems to maybe work..its the wifite WPS pin attack im able to go 0/8900 success/ttl but no percentage and its been like 15h now i really dont know what to do by now

[bob79]

try with airodump-ng wlan0mon -c 1 --wps and if the output is PBC, forget about it

[akromos]

Just so I can run original and your wifite, I renamed yours wifitemod:

Heres output with new version with pixiewps timeout:

Code:

~/wifite-mod-pixiewps-master# ./wifitemod -wps

  .;'                     `;,    
 .;'  ,;'             `;,  `;,   WiFite v2 (r85)
.;'  ,;'  ,;'     `;,  `;,  `;,  
::   ::   :   ( )   :   ::   ::  automated wireless auditor
':.  ':.  ':. /_\ ,:'  ,:'  ,:'  
 ':.  ':.    /___\    ,:'  ,:'   designed for Linux
  ':.       /_____\      ,:'     
           /       \             

modified by aanarchyy(aanarchyy@gmail.com)
Credits to wiire,DataHead,soxrok2212,nxxxu

 [+] targeting WPS-enabled networks

 [+] scanning for wireless devices...
 [+] initializing scan (mon0), updates at 5 sec intervals, CTRL+C when ready.
 [0:00:04] scanning wireless networks. 0 targets and 0 clients found   

 [+] scanning (mon0), updates at 5 sec intervals, CTRL+C when ready.

   NUM ESSID                 CH  ENCR  POWER  WPS?  CLIENT
   --- --------------------  --  ----  -----  ----  ------
    1  DG167****              1  WPA2  36db   Locked 
    2  FiOS-S****             1  WPA2  23db   wps 
    3  SprintGatew****      1  WPA2  21db   wps 

 [0:00:32] scanning wireless networks. 3 targets and 2 clients found   
 [+] checking for WPS compatibility... done
 [+] removed 47 non-WPS-enabled targets

   NUM ESSID                 CH  ENCR  POWER  WPS?  CLIENT
   --- --------------------  --  ----  -----  ----  ------
    1  DG167****              1  WPA2  36db   Locked 
    2  TG167****             11  WPA2  25db   wps 
    3  FiOS-S****             1  WPA2  24db   wps 
    4  TDS                    6  WPA2  22db   wps 
    5  TG167****              1  WPA2  21db   wps 
    6  MiamiHEAT             11  WPA2  20db   wps 
    7  U10C0****             1  WPA   18db   wps 
    8  SprintGate****      1  WPA2  18db   wps 
    9  DIRECT-pm-BR****       1  WPA2  18db   wps 
   10  DG167****              1  WPA2  15db   wps 

 [+] select target numbers (1-10) separated by commas, or 'all': all

 [+] 10 targets selected.

 [0:00:00] initializing PixieWPS attack on DG167**** (...........:73:90)
 [+] E-Nonce found
 [+] PKE hash found
 [+] PKR hash found

 [!] unable to complete successful try in 60 seconds
 [+] skipping pixiewps on DG167****

 [+] Pixiewps attack failed!

 [0:00:00] initializing WPS PIN attack on DG167**** (...........:73:90)
^C0:00:18] WPS attack, 0/0 success/ttl, 
 (^C) WPS brute-force attack interrupted

 [+] 9 targets remain
 [+] what do you want to do?
     [c]ontinue attacking targets
     [e]xit completely
 [+] please make a selection (c, or e): c

 [0:00:00] initializing PixieWPS attack on TG167**** (...........:EC:10)

 [!] unable to complete successful try in 60 seconds
 [+] skipping pixiewps on TG167****

 [+] Pixiewps attack failed!

 [0:00:00] initializing WPS PIN attack on TG167**** (...........:EC:10)
^C0:00:22] WPS attack, 0/0 success/ttl, 
 (^C) WPS brute-force attack interrupted

 [+] 8 targets remain
 [+] what do you want to do?
     [c]ontinue attacking targets
     [e]xit completely
 [+] please make a selection (c, or e): c

 [0:00:00] initializing PixieWPS attack on FiOS-S**** (...........:EC:C2)
 [+] E-Nonce found
 [+] PKE hash found
 [+] PKR hash found
 [+] E-Hash1 found
 [+] E-Hash2 found
Traceback (most recent call last):
  File "./wifitemod", line 3124, in <module>
    main()
  File "./wifitemod", line 321, in main
    need_handshake = not wps_attack(iface, t)
  File "./wifitemod", line 2912, in wps_attack
    line = f.readline()
UnboundLocalError: local variable 'f' referenced before assignment

Timeout for pixie worked. but another error above.
Please make pixie timeout configureable.
also option if pixewps fail, no brutefructe, move to next target.
Please consider because failed attempt locked router

Code:

For those wondering what reavers -P option is intended for:

Option (-P) in reaver puts reaver into a loop mode that does not do the  WPS protocol to or past the M4 message to hopefully avoid lockouts. This  is to ONLY be used for PixieHash collecting to use with pixiewps, NOT  to 'online' bruteforce pins.
This option was made with intent of:

----Collecting repetitive hashes for further comparison and or analysis / discovery of new vulnerable chipsets , routers etc..

----Time sensistive attacks where the hash collecting continues repetitively until your time frame is met.

----For scripting purposes of whom want to use a possible lockout preventable way of PixieHash gathering for your Use case.                         
by datahead

try : ./wifite-ng ......on the directory that you have the files.... ( sorry for the bad english) ...:

if it doesnt let you use it... use

chmod +x ./wifite-ng
and after that ./wifite-ng
^^

[psicomantis]

Hey guys I am having an issue with PixieDust not working on confirmed routers like the " D-Link DIR-501 A1" I get a message that it might be vulnerable to try --force but the force command doesnt seem to work. also, while WPS is enabled, and I can see the AP, if I run wifite --pixie, the AP does not show in the list, if I just run wifite, then I am able to see it, but it defaults to all attacks but WPS. Any suggestions?

[0camxuc]

Also in previous version -ponly had no acknolegdement of being set to active, this version says its active.
Sorry just gotta keep up with all the changes they keep making with the helper apps

[hedbert]

(i have a awful english, sorry) i have a problem, the wifite create subinterfaces one after another without me asking if I want to create another. i downloaded the last version of "aanarchyy" but i can't use script

root@BigFalcon:~/Descargas/wifite-mod-pixiewps-master# ./wifite-ng -wps

.;' `;,
.;' ,;' `;, `;, WiFite v2 (r112)
.;' ,;' ,;' `;, `;, `;,
:: :: : ( ) : :: :: automated wireless auditor
':. ':. ':. /_\ ,:' ,:' ,:'
':. ':. /___\ ,:' ,:' designed for Linux
':. /_____\ ,:'
/ \

modified by aanarchyy(aanarchyy@gmail.com)
Credits to wiire,DataHead,soxrok2212,nxxxu,nuroo

[+] targeting WPS-enabled networks

[+] scanning for wireless devices...
[+] available wireless devices:
1. phy0 wlan2 rtl8187 Ovislink Corp. AirLive WL-1600USB 802.11g Adapter [Realtek RTL8187L]
2. phy1 wlan7 rt2800pci Ralink corp. RT3290 Wireless 802.11n 1T/1R PCIe
[+] select number of device to put into monitor mode (1-2): 2
[+] enabling monitor mode on wlan7... done
[+] available wireless devices:
1. phy0 wlan2 rtl8187 Ovislink Corp. AirLive WL-1600USB 802.11g Adapter [Realtek RTL8187L]
2. phy1 wlan7mon rt2800pci Ralink corp. RT3290 Wireless 802.11n 1T/1R PCIe
[+] select number of device to put into monitor mode (1-2): 2
[+] enabling monitor mode on wlan7mon... done
[+] available wireless devices:
1. phy0 wlan2 rtl8187 Ovislink Corp. AirLive WL-1600USB 802.11g Adapter [Realtek RTL8187L]
2. phy1 wlan7monmon rt2800pci Ralink corp. RT3290 Wireless 802.11n 1T/1R PCIe
[+] select number of device to put into monitor mode (1-2): 2
[+] enabling monitor mode on wlan7monmon... done
[+] available wireless devices:
1. phy0 wlan2 rtl8187 Ovislink Corp. AirLive WL-1600USB 802.11g Adapter [Realtek RTL8187L]
2. phy1 wlan7monmonmon rt2800pci Ralink corp. RT3290 Wireless 802.11n 1T/1R PCIe
[+] select number of device to put into monitor mode (1-2):

[Laurentiu]

(i have a awful english, sorry) i have a problem, ...

airmon-ng check kill worked for me

[Roatandave]

Same issue as hedbert, I added this to the latest nethunter and I am unable to find a solution anywhere.
Anyone have the same problem or find a solution, check kill did not work.