Ad End 1 February 2024
Ad Ends 13 January 2025
Ad End 26 February 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,545
Reaction score
916
Points
212
Awards
2
  • trusted user
  • Rich User
Pixie Dust Attack WPS with Reaver
In this tutorial we are going to do a pixie dust attack using Reaver 1.5.2, Aircrack-NG and Pixiewps. Pixie Dust attack is an offline attack which exploits a WPS vulnerability. The tool, Pixiewps, is written in C and works with a modified version of Reaver. When a wireless router is vulnerable for this attack retrieving the passphrase can be done in seconds. A link to the list of pixie dust vulnerable routers is included at the bottom of this tutorial.
Pixie Dust Attack
Let’s put the wifi interface in monitoring mode using:
airmon-ng start wlan0
If necessary kill the processes Kali is complaining about:
Pixie dust attack Reaver
For anyone getting the following error in Kali Linux 2.0 Sana:
[X] ERROR: Failed to open ‘wlan0mon’ for capturing
Try the following as a solution:
1. Put the device in Monitor mode Airmon-ng start wlan0
2. A monitoring interface will be started on wlan0mon
3. Use iwconfig to check if the interface MODE is in managed mode, if so then change it to monitor instead of managed with the following commands:
ifconfig wlan0mon down
iwconfig wlan0mon mode monitor
ifconfig wlan0mon up
4. iwconfig check if the mode is monitoring mode now
5. airodump-ng wlan0mon
Start airodump-ng to get the BSSID, MAC address and channel of our target.
airodump-ng -i wlan0mon
Now pick the target and use the BSSID and the channel for Reaver:

Reaver -i wlan0mon -b [BSSID] -vv -S -c [AP channel]
We need the PKE, PKR, e-hash 1 & e-hash 2, E-nonce / R-nonce and the authkey from Reaver to use for pixiewps.
Pixie dust attack Reaver
Now start pixiewps with the following arguments:
Pixie dust attack Reaver
Components:
–E-Hash1 is a hash in which we brute force the first half of the WPS PIN.
–E-Hash2 is a hash in which we brute force the second half of the WPS PIN.
–HMAC is a function that hashes all the data in parenthesis. The function is HMAC-SHA-256.
–PSK1 is the first half of the router’s WPS PIN (10,000 possibilities)
–PSK2 is the second half of the router’s WPS PIN (1,000 or 10,000 possibilities depending if we want to compute the checksum. We just do 10,000 because it makes no time difference and it’s just easier.)
–PKE is the Public Key of the Enrollee (used to verify the legitimacy of a WPS exchange and prevent replays.)
–PKR is the Public Key of the Registrar (used to verify the legitimacy of a WPS exchange and prevent replays.)
This router does not seem to be vulnerable to pixie dust attack.

Avoiding Reaver router lock-out with Pixiedust loop

When using the -P (Pixiedust loop) option, Reaver goes into a loop mode that breaks the WPS protocol by not using M4 message to avoid lockouts. This option can only be used for PixieHash collecting to use with pixiewps.
 
Ad End 1 February 2024
Top