-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wifite WPS transactions issues #60
Comments
Reaver's Pixie-Dust and PIN attacks are pretty fragile. I have yet to successfully crack an access point using WPS using reaver, except when I feed it the WPS PIN directly. I'd like to improve this in the future, but it's difficult when I cannot reproduce a working Pixie-Dust attack on my own routers (and I have tested with lots and lots of routers). |
Hello, I posted this comment in issue #28 I have the Belkin F9K1102V2 as my dedicated Pixie test router. I can generally get Reaver and Bully to succeed with pixie on it. Sometimes I have to run them multiple times, but it does always work (eventually). Seems like currently (or at least the last time I tried wifite2) - that bully will run under the hood and succeed, but wifite doesn't get the output correctly and believes it's failed. The Bully logs/results files show success though. |
@vom513 Yes, this is ny issue too.. It get stuck on pixieattack, but seem to be running "under the hood". Have gone away to work for some weeks atm, so cannot run more tests at this point but would be happy to check when I'm back again. |
@derv82 thanks for replying , such a great effort you put into the script ! Good luck on your work! |
@vom513 You said:
Can you (or anyone else) provide me the entire output of |
Sure thing. Attached are successful pixie runs of both reaver and bully. stdout/stderr in separate files. Also are the command line and arguments I used in both cases (these were constructed to mirror what current wifite2 uses when running). Hopefully this is what you need. Thanks. |
Thanks @vom513 ! Regarding the
|
I didn't remove it - but I think I know why it's not there. Looks like pixiewps itself needs some extra arguments (i.e. -7) to compute and output the PSK. From: https://github.com/wiire-a/pixiewps
So if you look at the second screenshot there, you will see -5 and -7 values being passed. However when reaver runs pixiewps, the arguments don't include these:
In other good news though, looks like your recent changes are parsing reaver output correctly, here's a run against my test AP:
|
I could be way off base here - but it seems like bully goes an extra step and does a WPS transaction with the AP with the correct PIN - i.e. after pixie has recovered the pin:
Isn't that what the "Next pin" means ? It might be a bit heavy handed and inelegant - but I suppose reaver could be ran a second time with the -p argument and correctly recovered PIN to get the key ? |
BTW - bully attack looks like it's also working again:
|
Tried PixieDust today, seems like reaver for stuck, but bully actually runs. |
Reported in #60 Also removed PIN attack.
Yikes, based on vom513's output, Wifite isn't actually detecting that the PIN was cracked (!)
Should be fixed in 0bfc82c but I can't verify on my end.
Let me know if reaver (default) is still not working and I'll take a closer look. |
Yeah - I don't think reaver outputs the PSK anymore (but bully does). Here's what I get from current (i.e. default reaver):
Bully seems to still work well. On my test router at least - bully seems to be more frequently successful. In other words, I typically have to run reaver several times to get a success. Bully frequently (but not always) gets a hit on the first try:
P.S. - Thanks for all your work on this. It really is appreciated. As you said - wifite is intended to be the "big red button". It really is - and that's super cool :) |
Thanks for the report (really glad I turned on Stack Traces). That crash when Reaver succeeds should be fixed in 88bb2c0 |
I just got a router should be vulnerable to Pixie-Dust (thanks to @kimocoder) so hopefully I can:
Hoping to fix this in #76 |
You have to test the PixieDust on it, it's only tested om WEP vulns. Anyway, got my hands on a D-Link GO-RT-N150 too now, will check it for PixieDust and og it's vulnarable I'll send you that one too. It's listed inn that Google Documents lage, so lets hope so |
@kimocoder Thanks I already fixed a bug in WEP thanks to the new router (#27)
Edit: It works! Thank you!!! |
So it looks like WPS attacks are working now for both I have plans to improve the output & options for WPS attacks in #28. But AFAIK the Pixie-Dust attacks should work now. Try out the latest version and let me know if this can be resolved. |
Hey there, Anyone has a clue , what i think is that i have to add some arguments when i start wifite but not sure which ones. I doubt there is an issue with the script since @derv82 updated it. Or should i change some lines in the script ? Thanks in advance. |
@softaddict Are you able to use If not, understand that only a subset of routers are vulnerable to the Pixie-Dust attack. If so, what commands ( |
hey, |
AFAIK, this is the current state of wireless attacks:
|
@derv82 Thanks for the breakdown, such a great info. ./wifite.py --wps --mac --kill and ran the script i used to use wpsratio and wpsretry in the built in script in kali but not anymore the errors: WpsFail. Eapfail. Timeouts. Pins dont increment i think its trying the same pin over and over , not sure tho. |
If you can't crack an access point using Running If reaver works for you but Wifite does not, then I can look into what switches you're setting in Reaver and apply those to Wifite if applicable. But until I get confirmation that you can run |
I downloaded the latest version and it detects SSID with WPS encryption, but when I chose a WPS enabled SSID , the following error is returned while wifite2 tries to run reaver attack Error : - [!] your version of 'reaver' does not support the WPS pixie-dust attack |
Wifite checks that reaver's help page includes the term " wifite2/wifite/tools/reaver.py Lines 45 to 48 in 28b2d83
I cloned the latest newest version of https://github.com/t6x/reaver-wps-fork-t6x/blob/master/src/wpscrack.c#L181 @rentandleave What is printed when you run |
Hello everyone !
Hope you're doing well
I'm using the latest Kali version on USB live
And I was learning and working around with wifi pentesting to test my home network for vulnerabilities and flaws the tool at that time was wifite , I'm fimiliar with wifite but not experience in it's detailed usage and tweaks I'm trying to add --wpst and --wpsretry and started playing around with the options there is some issues that appeared to me while I was targeting my network locked with wps of course and almost vulnerable to the attack. The first issue was EAPfail and WPSFail whilst it's under progress , and also pixie dust is cracking the same pin over and over again and there is alot of timeouts and ttl in my success/ttl attempts , I'm aware I should change some lines inside of the script but I can't recall how did I do it before , I used to get the password with no time , now there is something wrong holding me back.
Thanks for reading until here
If someone can spare time to discuss and help I'd be pleased to listen , and I'm a good listener.
Until then
Best regards
The text was updated successfully, but these errors were encountered: