Page 1 of 2 12 LastLast
Results 1 to 50 of 66

Thread: Bully modified to implement pixiewps attack

  1. #1
    Join Date
    2015-Mar
    Posts
    141

    Bully modified to implement pixiewps attack

    Modified bully to use pixiewps.

    https://github.com/aanarchyy/bully

    Let me know if there are any problems :-)

  2. #2
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Thanks for this! Will be testing and will (hopefully if I can add more text) will add to the original pixie thread

  3. #3
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    no way! That's a nice way to begin the year.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  4. #4
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Yes it is, Bully has some speed advantages over Reaver and the code is also much cleaner and easier to work with

  5. #5
    Join Date
    2015-Mar
    Posts
    141
    Quote Originally Posted by Quest View Post
    no way! That's a nice way to begin the year.
    Thanks, if you could test this for me I would appreciate it. Wasn't able to do a whole lot of testing.

  6. #6
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    I'll gladly do that, but I do not have access to a pixie vulnerable AP at this moment, and all test will be under KL1. Let'see, I will report back if any positive(s).

    Cheers aanarchyy!!


    Edit: even if a negative, it seems to work.

    **The text that you have entered is too long (20836 characters). Please shorten it to 10000 characters long.

    See post below.

    Edit 2: can't even post the results here, Anyways it seems to work
    Last edited by Quest; 2016-01-03 at 00:41.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  7. #7
    Join Date
    2015-Mar
    Posts
    141
    @quest please post the results in pastebin or something then, i want to see if this works the same for others as it does for me.

  8. #8
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    will post here. Might take 3 posts even in CODE tags. 2016 The Flintstones. Go figure...

    eDiT:
    Sucuri WebSite Firewall - CloudProxy - Access Denied
    What is going on?
    You are not allowed to access the requested page. If you are the site owner, please open a ticket in our support page if you think it was caused by an error: https://support.sucuri.net. If you are not the owner of the web site, you can contact us at soc@sucuri.net. Also make sure to include the block details (displayed below), so we can better troubleshoot the error.
    Now the server is blocking me??
    Last edited by Quest; 2016-01-03 at 00:59.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  9. #9
    Join Date
    2015-Mar
    Posts
    141
    @Quest looks like you are having proxy issues...

  10. #10
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    will upload the text file in my mediafire account in a minute...
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  11. #11
    Join Date
    2015-Mar
    Posts
    141
    or stick it in pastebin and post the link, far easier...

  12. #12
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    probly but I never used it and have a tendency to stick with what I know. Will have to try it eventually.

    http://www.mediafire.com/download/qp...+Bully+results
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  13. #13
    Join Date
    2015-Mar
    Posts
    141
    @Quest is there a way you can private message me so we don't litter this thread? skype? join the irc chan for kali? anything?

  14. #14
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    they removed the PM on this forum. I will send you an email aanarchyy!-[at]-!gmail.com
    Last edited by Quest; 2016-01-03 at 03:17.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  15. #15
    Join Date
    2015-Mar
    Posts
    141
    Updated to add some default pin generations!

  16. #16
    Join Date
    2015-Mar
    Posts
    141
    Updated!
    Greatly cleaned up printed output and method of printing output(faster code!)
    Removed forking of new bully instance, now runs all as one process.
    Added new level of verbosity -v 4
    Last edited by aanarchyy; 2016-01-09 at 20:22.

  17. #17
    Join Date
    2015-Apr
    Posts
    29
    Nice aanarchyy

    I will test later at home after work.

  18. #18
    Join Date
    2013-Sep
    Posts
    262
    Great job!!! Thank you aanarchy!
    I made some testing with USB Ralink Chipset (now Mediatek) and i got very good results.

    * With reaver :
    - I am not even able to associate with this chipsets.
    A little if i use iwconfig instead of airmon-ng to activate mode monitor
    But eventhough i use iwconfig it is a "very dirty" association and a very dirty WPS flow and I cannot get all strings for a pixiedust atack

    * With bully : one shot (comments on picture are in spanish, sorry for that)

    For thoses that have one of this chipsets
    * Ralink RT3070 (the chipset of the Alfa Network AWUS036NH)
    * Ralink RT3072
    * Ralink RT3570
    * Ralink RT3572 (the chipset of the Alfa Network AWUS052NH )
    ...And experience so many troubles to get something wiht WPS cracking,..

    Bully will change your life!

    By the way, with the new bully It means that we are able to lead an automated pixiewps attack against 5Ghz networks as RT-3072 and RT-3572 are dual-band chispet !

    I made the tests some days ago and didn't check this new level of verbosity... Gonna do it now.... Great!
    Thanks again aanarchy for this nice new year present.

    PS : I posted some more results here (in spanish again, sorry) nothing very deep or interesting, but if you want to have a look : Bully WPS: La alternativa a Reaver renace con soporte Pixiewps
    Attached Images Attached Images

  19. #19
    Join Date
    2015-Mar
    Posts
    141
    Thank you very much for the review kcdtv, i really appreciate it

    To clarify the new level of verbosity, by default (-v 3) it hides the hashes and merely reports they were collected, so as to reduce the screen from getting littered.
    To see all the hashes, you need to specify -v 4

    I've yet to try it on 5Ghz yet, i will try and do that at some point soon though.

    http://pasted.co/a7aaabb7

    Yeah, that's right. PSK collected in under 7 seconds. ;-)

    PS it's aanarchyy, two y's at the end
    Last edited by aanarchyy; 2016-01-11 at 06:56.

  20. #20
    Join Date
    2015-Aug
    Posts
    5
    Can u tell me if kali nethunter can support on other model like google nexus 5 x because nexus 5 is old phone?
    I m planning to buy in 2-3 days .
    Please someone answer.

  21. #21
    Join Date
    2013-Sep
    Posts
    262
    PS it's aanarchyy, two y's at the end
    Upsss... Yes i did that. sorry. I will correct this in the review later,
    Today a friend (dk10v) passed by the thread where i spoke about the "new buly" and he made some testing with a wn722n from tp-link:
    So we are speaking about dongles with
    ar9271 (atheros chipset) USB
    And he said -literally - that he had .... an "orgasm"
    With his default PIN founded in 1 second and some microseconds with bully
    As he said in his post : A single picture is worth than worlds
    (original picture is taken from dk10v in answer 10 (external link))

    Cheers !
    Last edited by kcdtv; 2016-01-11 at 20:41.

  22. #22
    Join Date
    2015-Mar
    Posts
    141
    @kcdtv i have been following that thread for a few days(translated by google) and i see many good things said, and as i have said, i appreciate you spreading this project. I've had a lot of fun making it.

    Although that screen shot you just posted gave merit to the "bug" i found in it earlier today. Which i still need to weed out.
    If in pixie mode, once it gets the hashes and runs pixiewps, if the next trasaction fails(M2D out of sequence, etc...), the program exits, and it only produces the pin, not the psk.

    Be sure of this, more work will be going into this project, :-)

  23. #23
    Join Date
    2013-Jul
    Posts
    818
    To: aanarchyy

    Reference the --help file -v line

    -v, --verbosity N : Verbosity level 1-4, 1 is quietest [3]

    What does -v 4 produce. Is this linked to pixiedust output in some way?

    MTeams

  24. #24
    Join Date
    2015-Mar
    Posts
    141
    @mmusket33:

    Yes, it is directly related to pixie output, default of -v 3 when -d is used will only ouptut:
    Code:
    [P] ENonce received.
    [P] PKE received.
    [P] RNonce received.
    [P] PKR received.
    etc...
    whereas -v 4 will not only show the actual hashes recovered, but also echo the pixiewps command ran.

    I chose to do this to reduce screen clutter unless extra verbosity is desired. Most "users" don't care _how_ it works, only _that_ it works.

    Further work is planned with this: code cleanup, extra options, hash recording, integration with other projects, etc... ;-)

  25. #25
    Join Date
    2016-Jan
    Posts
    99
    couldn't find libpcap-dev and libssl-dev ;( using kali on wmvare

  26. #26
    Join Date
    2015-Aug
    Posts
    3
    Very nice, i need a podcast on WPS exploitation and little demo i will use bully instead of reaver for WPS attack.
    One question : why not making the starting PIN 01234567 as reaver do? atleast in my case most of the router have this pin and with single bruteforce attack, i was able to recover the WPS Pin
    Good job btw

  27. #27
    Join Date
    2013-Jul
    Posts
    818
    To NotieBoie

    The starting pin for reaver is 12345670 NOT 01234567. It is also the default pin setting.

    To Bob79

    Read the README.md file that comes with the download

    MTeams used

    apt-get -y install build-essential libpcap-dev libssl-dev

    However the entire suggested string is found in the read me.

    MTeams
    Last edited by mmusket33; 2016-01-15 at 01:58.

  28. #28
    Join Date
    2015-Mar
    Posts
    141
    @NotieBoie : i am not the one that wrote the original code to bully, the only part i have worked on was integrating pixiewps.
    The part of the bully code i worked on never makes it past M3, and was solely for the purpose of adding
    support for pixiepws so the PIN tried is essentially inconsequential.

  29. #29
    Join Date
    2016-Jan
    Posts
    99
    root@kali:~# apt-get -y install build-essential libpcap-dev libssl-dev
    Lettura elenco dei pacchetti... Fatto
    Generazione albero delle dipendenze
    Lettura informazioni sullo stato... Fatto
    E: Impossibile trovare il pacchetto libpcap-dev (impossible to find the package)

  30. #30
    Join Date
    2013-Sep
    Posts
    262
    @ bob79
    You have to edit your repositories list.
    Check on the forum and in the documentation, you will easily find explanations about how to do it.
    Last edited by kcdtv; 2016-01-15 at 13:52.

  31. #31
    Join Date
    2016-Jan
    Posts
    99
    removed and c/p new ones from a forum. now seems i'm allright. thank you

  32. #32
    Join Date
    2015-Mar
    Posts
    141
    Much code cleanup and a few bug-fixes :-)

  33. #33
    Join Date
    2013-Sep
    Posts
    262
    Thanks again aanarchyy for all your efforts.
    It is a bit late for me now but good to go to bed knowing that tomorrow is gonna be exiting with some new version.
    Take care

  34. #34
    Join Date
    2015-Mar
    Posts
    141
    Some memory management added and it really seems to have sped up the code significantly!
    Now it seems to be able to get the PIN and PSK in under 4 seconds :-D

  35. #35
    Join Date
    2014-Sep
    Posts
    4
    wow...this is much faster now

  36. #36
    Join Date
    2016-Jan
    Posts
    14
    Possible to implement bully into wifite-ng? I know your a busy man.

  37. #37
    Join Date
    2015-Mar
    Posts
    141
    As much as I would like to say that i would love to, i honestly don't see that happening... And here are a couple of reasons:

    My version of wifite had been out for MONTHS before derv82 made his release of wifite to include pixiewps(and my version still has more options pixie related, and some his still doesn't include). That version was almost immediately included in the KALI project, and my version discarded( even after g0tmi1k asked me to change the project name,which i did, suggesting it was to be included. Large factor of why mine is now basically unmaintained... cuz... why...)

    As I am now the upstream maintainer of bully(which ALSO isn't included), If i were to add bully support to this, i would completely axe all of reaver/wash from the script and likely rewrite LARGE portions of it so as it would be almost it's own project. Probably an unpopular solution as it seems the Kali community has a HUGE chubby for reaver...

    Kinda feels like the Kali project is growing a bit stagnant(Not even just things I've done, but many others that have been updated\improved but still aren't part of the project)

    Seems with each update of Kali, it becomes less and less stable(Should I count how many recent threads that are akin to "Blank screen/Icons missing/Blinking cursor).

    If i will ever make a "script" such as wifite with bully support, it will be its own project, not a rewrite...

  38. #38
    Join Date
    2016-Jan
    Posts
    14
    Well im not much of a fan of reaver now neways. The updated bully makes my awus036nh crack routers now. lolz With reaver it did nothing. Ive tested the 036nh and 036nha so many times on the 24dbi grid 14dbi panel 7dbi panel etc with command line reaver and wifite-ng and the 036nh was always ****. 036nha has always worked good in reaver though but both units work GREAT with bully. Im a big fan of wifite-ng. its my go to script for 99% of things i do. Having a chub on for reaver is like getting a chub watching ducks mate. Like i say id love to see a rewrite with reaver flushed out but i know that it wont happen now.

    p.s. i thought you hung out n idled in #offsec? i been on all day and dont see you there.

    peace bro.

    Quote Originally Posted by aanarchyy View Post
    As much as I would like to say that i would love to, i honestly don't see that happening... And here are a couple of reasons:

    My version of wifite had been out for MONTHS before derv82 made his release of wifite to include pixiewps(and my version still has more options pixie related, and some his still doesn't include). That version was almost immediately included in the KALI project, and my version discarded( even after g0tmi1k asked me to change the project name,which i did, suggesting it was to be included. Large factor of why mine is now basically unmaintained... cuz... why...)

    As I am now the upstream maintainer of bully(which ALSO isn't included), If i were to add bully support to this, i would completely axe all of reaver/wash from the script and likely rewrite LARGE portions of it so as it would be almost it's own project. Probably an unpopular solution as it seems the Kali community has a HUGE chubby for reaver...

    Kinda feels like the Kali project is growing a bit stagnant(Not even just things I've done, but many others that have been updated\improved but still aren't part of the project)

    Seems with each update of Kali, it becomes less and less stable(Should I count how many recent threads that are akin to "Blank screen/Icons missing/Blinking cursor).

    If i will ever make a "script" such as wifite with bully support, it will be its own project, not a rewrite...

  39. #39
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Quote Originally Posted by aanarchyy View Post
    ...

    If i will ever make a "script" such as wifite with bully support, it will be its own project, not a rewrite
    oh **** yes, something like FrankenScript
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  40. #40
    Join Date
    2016-Mar
    Posts
    2
    hi aanarchyy , thanks for your work
    I got this on RTL AP

    0012002e48000000026c09a000c901000008023a0100eebd90 5e4a64517e23695764517e236957c037aaaa03000000888e01 0001d1012701d1fe00372a000000010400104a000110102200 0104104700106304125310192006122864517e236957102000 0664517e236957101a0010499fd1b51b80e7d62bf4a0b54962 e19e103200c0d0141b15656e96b85fcead2e8e76330d2b1ac1 576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b051 9c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6 fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf 69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d5 6e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca9 45fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d8 9217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b1004 0002002710100002000f100d00010110080002008610440001 021021001b5265616c74656b2053656d69636f6e647563746f 7220436f72702e1023000752544c383637311024000d45562d 323030362d30372d32371042000f3132333435363738393031 323334371054000800060050f2040001101100203342422041 44534c20726f757465722031204c414e202b20576972656c65 7373103c000101100200020000101200020000100900020000 102d000410000000[+] Rx( ID ) = 'EAPFail' Next pin '21907593'
    [!] Unexpected packet received when waiting for EAP Req Id
    [!] >000012002e48000000026c09a000cb01000008023a0100eeb d905e4a64517e23695764517e2369572038aaaa03000000888 e0100005001280050fe00372a000000010300104a000110102 200010e101a0010499fd1b51b80e7d62bf4a0b54962e19e103 90010000000000000000000000000000000001009000200011 049000600372a000120<
    [+] Rx( ID ) = 'EAPFail' Next pin '21907593'
    [+] Rx( M1 ) = 'Timeout' Next pin '21907593'
    [+] Rx( M1 ) = 'Timeout' Next pin '21907593'
    [!] Unexpected packet received when waiting for EAP Req Id

    WPS Manufacturer: TP-LINK
    [P] WPS Model Name: TL-WA801N
    [P] WPS Model Number: 2.0
    [P] Access Point Serial Number: 1.0
    [+] Received M1 message
    any idea why, and what is it, and how to crack this thing ?, i have handshake if needed

  41. #41
    Join Date
    2013-Sep
    Posts
    262
    For those who didn't check the last update there is a now a very nice "silly GUI"
    Very easy to use, just go to the src folder and you wile see that there is now a file called "bully.py"

    Once located in the folder you can launch it with
    Code:
    sudo python bully.py
    It is very intuitive and easy to use and will recover and display the WPA key after a successful pixiedust attack (or PIN brute-force)

    Thanks Aanarchyy !

  42. #42
    Join Date
    2015-Mar
    Posts
    141
    LOL you are quick kcdtv, i will give you that ;-)
    I took that back down after i noticed a few bugs in it though, so you are one of the lucky few to have gotten it :-)

    I will be re-commiting that after i fix a few things on it though, and i also have plans to add a "Scan" button to auto-populate the ESSID, BSSID, and Channel boxes.

    It was just a quick little thing i threw together over a few days here and there. But i do have a few more plans for it :-)

    Hopefully you and i can talk more privately sometime soon, perhaps you could help me test this stuff before i jump the gun again, and I'm SURE you have plenty of other good ideas as well (:

    EDIT: Just saw you made a thread on your forum, so I'll recommit, Just cuz it's you (: But I do plan on fixing it soon.
    Last edited by aanarchyy; 2016-03-28 at 01:09.
    Skype: aanarchyy01

  43. #43
    Join Date
    2013-Sep
    Posts
    262
    Ups... I maybe should have shouted my big mouth, i spoiled the whole stuff
    ****ed it...
    Quote Originally Posted by aanarchy View Post
    EDIT: Just saw you made a thread on your forum, so I'll recommit, Just cuz it's you (: But I do plan on fixing it soon.
    Thanks... But please, don't worry about the thread and first do the stuffs your way, as you want to.
    Quote Originally Posted by aanarchyy View Post
    and i also have plans to add a "Scan" button to auto-populate the ESSID, BSSID, and Channel boxes.
    (...)
    Hopefully you and i can talk more privately sometime soon, perhaps you could help me test this stuff before i jump the gun again, and I'm SURE you have plenty of other good ideas as well (:
    1) Very good idea
    2) It would be a pleasure
    I send you a PM or mail

    can't find how to send you a private menage here or in github ... and i don't have skype (or a skype account)
    Write me at kcdtv@wifi-libre.com and i will answer you at the adress i get (@moderation : sorry if that's against the rules of the forum, i would delete immediately)
    Last edited by kcdtv; 2016-03-28 at 15:59.

  44. #44
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Ohh I like this... more collaboration Btw kcdtv, how's the new gear? Any pixie vulns in the newer hardware?

  45. #45
    Join Date
    2013-Sep
    Posts
    262
    HI
    Any pixie vulns in the newer hardware?
    huh.... let me think.... yes maybe one used by "Movistar" (telefonica).
    i'll check that and update the list if so.

    I added two models
    D_Link DAP1520, a dual band repeater with a mediatek chipset
    Totolink N301RT from "realtekX project" family

    I have to check more, there is maybe a couple of them more to add
    Last edited by kcdtv; 2016-04-02 at 15:50.

  46. #46
    Join Date
    2016-Apr
    Posts
    3
    possible bully can use pin list we created with crunch..?

    bully wlan0mon -b 11:22:33:44:55:66 -c 11 -B -p /path/to/pins.lst/txt

    i'm not programmer just script kiddies and this just idea

  47. #47
    Join Date
    2015-Mar
    Posts
    141
    Quote Originally Posted by X999 View Post
    possible bully can use pin list we created with crunch..?

    bully wlan0mon -b 11:22:33:44:55:66 -c 11 -B -p /path/to/pins.lst/txt

    i'm not programmer just script kiddies and this just idea
    I can't really see a point to making or using a WPS pin list.
    Skype: aanarchyy01

  48. #48
    Join Date
    2016-Apr
    Posts
    1
    Hi aanarchyy, thanks a lot for your software.
    But for me don't work...
    bully still use the same pin.. and pixie didn't start..
    Can you help me?

    Elia

  49. #49
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    My car has the same engine and won't start, what's wrong?!

    We need more information! What is happening? What is your setup? What is your target? What hardware do you have? Did you install everything correctly?

    And perhaps try asking in a forum of your native language as it will probably be easier for both you and us to understand correctly.

  50. #50
    Join Date
    2016-Nov
    Location
    Outer space
    Posts
    36
    Sorry for posting on old threads... but I'm wondering why an amazing update like this (I mean aanarchyy, your 1.1 bully version) is not on the Kali repositories?... I have the latest Kali with all last updates and bully version is v1.0-22 ... and your v1.1 is amazing integrating pixiewps attack.

    I'm new at the forum and maybe I'm asking silly things... but, who decide what tools are included on repos? I know the original bully is included... but your update is an evolution of it. how can this be done? I mean, to include your version in Kali Linux repos? Because in my opinnion, it could be a great contribution to the community. I know to install dependencies and compile is an easy task and is very well explained on your README on github... but it could be great to get it only with apt-get.

    Thank you for your effort and the effort of your collaborators. Bully is a good tool which save the ralink chipset users like me.

Similar Threads

  1. Pixiewps: wps pixie dust attack tool
    By wiire in forum Community Projects
    Replies: 243
    Last Post: 2017-11-09, 19:31
  2. Wifite including new pixiewps attack
    By aanarchyy in forum Project Archive
    Replies: 122
    Last Post: 2016-12-19, 22:41
  3. Wifite including new pixiewps attack
    By aanarchyy in forum General Archive
    Replies: 75
    Last Post: 2015-05-04, 23:16
  4. Pixiewps: wps pixie dust attack tool
    By wiire in forum General Archive
    Replies: 89
    Last Post: 2015-05-04, 19:32
  5. Implement new WPS Pixie Dust Attack into Reaver
    By six in forum General Archive
    Replies: 24
    Last Post: 2015-01-28, 20:31

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •