Results 1 to 25 of 25

Thread: Implement new WPS Pixie Dust Attack into Reaver

  1. #1
    Join Date
    2014-Oct
    Posts
    1

    Arrow Implement new WPS Pixie Dust Attack into Reaver

    As some of you may have read, another flaw was found in router chip makers implementation of WPS which allows for offline bruteforcing of the 11,000 possible pins, making WPS attacks against some of the biggest router chip makers even faster. The attack is called the Pixie Dust attack and the security researcher showed this at Defcon. I am not a programmer, but having this implemented into Kali 1.1.0 would make pentesting alot easier. One of the affected vendors is Broadcom, and I believe there are more affected. Atheros is unaffected. Tweet from said security researcher https://twitter.com/Reversity/status/506383041502408704
    Defcon slides http://www.slideshare.net/0xcite/off...rotected-setup
    News articles:http://nakedsecurity.sophos.com/2014...ore-dangerous/
    http://threatpost.com/wps-implementa...-attack/108011
    http://arstechnica.com/security/2014...ll-vulnerable/

  2. #2
    The tool isn't (yet?) public - so it can't be added into Kali.

    If/when it is - and you want it part of Reaver and/or any other tools (e.g. aircrack-ng), you'll need to contact them about it.
    If you want the authors tool to be added into Kali if/when its release, you'll need to submit a bug report -> https://bugs.kali.org
    This is a Kali-Linux support forum - not general IT/infosec help.

    Useful Commands: OS, Networking, Hardware, Wi-Fi
    Troubleshooting: Kali-Linux Installation, Repository, Wi-Fi Cards (Official Docs)
    Hardware: Recommended 802.11 Wireless Cards

    Documentation: http://docs.kali.org/ (Offline PDF version)
    Bugs Reporting & Tool Requests: https://bugs.kali.org/
    Kali Tool List, Versions & Man Pages: https://tools.kali.org/

  3. #3
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Anyone figure out those magical "couple lines" that need to be added to reaver in order to make this attack work?

  4. #4
    Join Date
    2013-Jul
    Posts
    844
    In the meantime you might try ryreaver-reaver. Stands for reverse reaver. It does run in kali-linux regardless of commentary. Unfortunately it doesnot save its work so if you stop the process it starts all over. We downloaded the rar file converted it and ran from root ./ryreaver-reverse. We will do some tests to write the output to text and screen thru tee and Eterm windows and post here when finished.

    We suggest you run this program a bit and see if the WPS pin and WPA code drop out.

    There are old threads in these forums concerning this program search reverse reaver.

    The direct download is:

    http://sethioz.com/forum/download/fi...034b82f22693d5

    Commentary
    http://sethioz.com/forum/viewtopic.php?p=9757

  5. #5
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by mmusket33 View Post
    In the meantime you might try ryreaver-reaver. Stands for reverse reaver. It does run in kali-linux regardless of commentary. Unfortunately it doesnot save its work so if you stop the process it starts all over. We downloaded the rar file converted it and ran from root ./ryreaver-reverse. We will do some tests to write the output to text and screen thru tee and Eterm windows and post here when finished.

    We suggest you run this program a bit and see if the WPS pin and WPA code drop out.

    There are old threads in these forums concerning this program search reverse reaver.

    The direct download is:

    http://sethioz.com/forum/download/fi...034b82f22693d5

    Commentary
    http://sethioz.com/forum/viewtopic.php?p=9757
    It doesn't work for me on kali 109-64bit, I get the following error message:
    error while loading shared libraries: libpcap.so.0.8: cannot open shared object file: No such file or directory

  6. #6
    Join Date
    2013-Jul
    Posts
    844
    To Slim76
    We only have 32 bit. This program works for us. You might try running a kali-linux-1.0.9a-i386 persistent usb install of kali1-09a. We would test it for you if we had a 64 bit computer.

    MTeams

  7. #7
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by mmusket33 View Post
    To Slim76
    We only have 32 bit. This program works for us. You might try running a kali-linux-1.0.9a-i386 persistent usb install of kali1-09a. We would test it for you if we had a 64 bit computer.

    MTeams
    I needed to use my usb device for something so I had to reformat it, I'll setup kali 109-32bit on my usb device again soon and will let you know how it goes.
    Many thanks for replying matey.

  8. #8
    Quote Originally Posted by slim76 View Post
    It doesn't work for me on kali 109-64bit, I get the following error message:
    error while loading shared libraries: libpcap.so.0.8: cannot open shared object file: No such file or directory
    yup same story.
    so what does it do different compared to regular reaver?

  9. #9
    Join Date
    2014-Jul
    Posts
    16
    Guys...take some initiative!!!

    I have been working on this for awhile. No one seems to want to roll up their sleeves and figure out the details of the flaw Bongard/0xcite presented last September. It's not easy, but I have confirmed the flaw. I will write something...but If there is a hashcat guru around here....please talk to me.

  10. #10
    Quote Originally Posted by crypts3c View Post
    Guys...take some initiative!!!

    I have been working on this for awhile. No one seems to want to roll up their sleeves and figure out the details of the flaw Bongard/0xcite presented last September. It's not easy, but I have confirmed the flaw. I will write something...but If there is a hashcat guru around here....please talk to me.
    Look forward to reaping the benefit of your efforts.

    Thanks

    Rab.

  11. #11
    Join Date
    2013-Jul
    Posts
    844
    Musket Teams wish to RETRACT the following statement concerning the inability of ryreaver-reverse to save sessions and provide the solution.

    Using Kali-linux 9a -386 Hardrive install

    Placing ryreaver-reverse in root

    Run

    ./ryreaver-reverse -i mon0 -c 11 -b 55:44:33:22:11:00 -vv -x 60 --mac=00:11:22:33:44:55 --session=55:44:33:22:11:00

    In this case the --session= command will look for the existance of a file named 55:44:33:22:11:00 in root. If no file name seen it will write a file of same name.

    On restart if file seen in root it will state:

    Restored previous session and start the attack from the last pin.

    MTeams

  12. #12
    Join Date
    2013-Nov
    Location
    the state of oppression
    Posts
    16
    If I had the money I'd ship you guys a 64 bit computer.

    Cheers!

  13. #13
    Join Date
    2014-Oct
    Posts
    28
    is there a major different between ryreaver and just plain old reaver or bully, I am unable to execute it in terminal same libpcap error

  14. #14
    Join Date
    2013-Jul
    Posts
    844
    All we can say is that we are testing ryreaver-reverse on four different computers all running kali-linux 1-09a -i386. The program is running fine, saving its work and collecting pins. We are using AWUSO36H wifi devices and all kali installs have been fully updated and upgraded. If you are not running this version of kali-linux the easiest solution is to make a persistent usb install. We can punch one out in less then 45 minutes not counting the update.

    MTeams

  15. #15
    Quote Originally Posted by Cyb3rg0d View Post
    I am unable to execute it in terminal same libpcap error
    because libpcap is 64bit compiled. http://seclists.org/tcpdump/2010/q1/7

    this attack vector seems "neat" or even "botique" imho. I do not see the amount of required effort resulting in a good return on time invested. wps attacks will follow their course similar to WEP; just much faster to that conclusion.

  16. #16
    Join Date
    2014-Oct
    Posts
    28
    Is pixie dust just dead in the water. I have been reading everywhere and it seems no progress has been made anywhere. And the founder clearly is not releasing the source.

  17. #17
    Quote Originally Posted by Cyb3rg0d View Post
    Is pixie dust just dead in the water. I have been reading everywhere and it seems no progress has been made anywhere. And the founder clearly is not releasing the source.
    found this https://code.google.com/p/reaver-wps.../detail?id=675 but can some one pleas give me updated download links!

  18. #18
    Join Date
    2014-Oct
    Posts
    28
    There is a link http://www.datafilehost.com/d/88864143 just need to look a little harder. I hope some implementation occurs with pixie dust. For Varmacreaver is there a guide anywhere on it?

  19. #19
    Join Date
    2013-Jul
    Posts
    844
    The following VMR-MDK009x2.sh has been written to take advantage of a flaw in SOME WPS locked routers allowing the collection of pins even though reaver and wash show the router is locked.

    The downloaded includes extensive helpfiles and has been tested against numerous routers showing this flaw. All were cracked.

    Also included in the help files is how to handle the 99.99% problem which occurs in almost half of the successful attacks against routers providing small numbers of pins when the WPS system is locked. Details are also included in these help files.

    We have found an error in one(1) configuration file named:

    configfiledetailed1x2

    You can REM/COMMENT out with a # the following two(2) variables

    USE_PIN1= should read #USE_PIN1=
    WPS_PIN1= should read #WPS_PIN1=


    OR you can download the corrected version

    New Download Package VMRMDK150108

    http://www.datafilehost.com/d/18156813


    Musket Teams
    Last edited by mmusket33; 2015-01-08 at 00:09. Reason: correct errors

  20. #20
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Thanks m33!

    I've read the included help file. Could you confirm that VMR-MDK009x does not reboot APs?
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  21. #21
    Join Date
    2013-Mar
    Posts
    10
    thanks mmusket33

  22. #22
    Join Date
    2013-Oct
    Posts
    15
    Nice work MT.

    I'll be sure to test this out later on my router which I didn't have much luck with due to it locking!

  23. #23
    Join Date
    2013-Jul
    Posts
    844
    Reference the download VMR-MDK009x2.sh

    We have found an error in one configuration file named:

    configfiledetailed1x2

    You can REM/COMMENT out with a # the following two(2) variables

    USE_PIN1= should read #USE_PIN1=
    WPS_PIN1= should read #WPS_PIN1=


    or you can download the corrected version


    New Download

    http://www.datafilehost.com/d/18156813

    Musket Teams

  24. #24
    Quote Originally Posted by mmusket33 View Post
    Reference the download VMR-MDK009x2.sh

    We have found an error in one configuration file named:

    configfiledetailed1x2

    You can REM/COMMENT out with a # the following two(2) variables

    USE_PIN1= should read #USE_PIN1=
    WPS_PIN1= should read #WPS_PIN1=


    or you can download the corrected version


    New Download

    http://www.datafilehost.com/d/18156813

    Musket Teams

    Thanks for the update ill be sure to test this out.

  25. #25
    No and this thread is starting to turn into something that isn't Kali support.

    Closing.
    This is a Kali-Linux support forum - not general IT/infosec help.

    Useful Commands: OS, Networking, Hardware, Wi-Fi
    Troubleshooting: Kali-Linux Installation, Repository, Wi-Fi Cards (Official Docs)
    Hardware: Recommended 802.11 Wireless Cards

    Documentation: http://docs.kali.org/ (Offline PDF version)
    Bugs Reporting & Tool Requests: https://bugs.kali.org/
    Kali Tool List, Versions & Man Pages: https://tools.kali.org/

Similar Threads

  1. Reaver modfication for Pixie Dust Attack
    By t6_x in forum Project Archive
    Replies: 106
    Last Post: 2017-02-10, 18:51
  2. Reaver modfication for Pixie Dust Attack
    By t6_x in forum General Archive
    Replies: 81
    Last Post: 2015-05-05, 00:55

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •