Open derv82 opened 7 years ago
derv82
commented
7 years ago Based on the "Wireless Security Database" on Google Docs (linked on various sites around the net), I ordered:
a/5ghz band)Now we wait.
derv82
commented
7 years ago Only got 2 routers, and none are vulnerable to Pixie-Dust (or the PIN attack for that matter).
So I'm getting 3 more. Will rinse-repeat until I get a vulnerable router.
Again, if anyone has suggestions...
MisterBianco
commented
7 years ago Older Arris routers are vulnerable.
I would know I live in a lazy ass little town and every router in this area is vulnerable as long as the firmware isn't updated (never is)
Other then that many old 300N routers are vulnerable
On Sun, Jun 11, 2017, 8:12 PM derv notifications@github.com wrote:
Only got 2 routers, and none are vulnerable to Pixie-Dust (or the PIN attack for that matter).
So I'm getting 3 more. Will rinse-repeat until I get a vulnerable router.
Again, if anyone has suggestions...
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/derv82/wifite2/issues/28#issuecomment-307675020, or mute the thread https://github.com/notifications/unsubscribe-auth/AbIiUaN29n5jLZ61ZnNEA5Nb-W_1dUHKks5sDJ5vgaJpZM4NvQs9 .
MisterBianco
commented
7 years ago Look at the Arris docsis 3 cable modem routers. They are the ones I like ;)
On Sun, Jun 11, 2017, 8:13 PM Jacobsin Dingman jacobsin1996@gmail.com wrote:
Older Arris routers are vulnerable.
I would know I live in a lazy ass little town and every router in this area is vulnerable as long as the firmware isn't updated (never is)
Other then that many old 300N routers are vulnerable
On Sun, Jun 11, 2017, 8:12 PM derv notifications@github.com wrote:
Only got 2 routers, and none are vulnerable to Pixie-Dust (or the PIN attack for that matter).
So I'm getting 3 more. Will rinse-repeat until I get a vulnerable router.
Again, if anyone has suggestions...
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/derv82/wifite2/issues/28#issuecomment-307675020, or mute the thread https://github.com/notifications/unsubscribe-auth/AbIiUaN29n5jLZ61ZnNEA5Nb-W_1dUHKks5sDJ5vgaJpZM4NvQs9 .
vom513
commented
7 years ago I got a Belkin N600 DB v2 that is my dedicated WPS pixie test router. F9K1102V2.
vom513
commented
7 years ago Has anyone had any luck in debugging why WPS pixie (using bully) doesn't work ? It is working - in that bully writes out the .bully/
I'm still playing with Bully.py to see if I can see where it's bailing, but no luck yet.
kimocoder
commented
7 years ago I may confirm that WPS/PixieDust got problems, no further knowledge in python here to fix the issue either :/
kimocoder
commented
6 years ago @binarymaster got some spare time to investigate the pixiewps issue in wifite2 ? :)
alldayi420
commented
6 years ago I know that the old Wifite works when using pixie attack ...have not been able to even get a target to even show up with the new Wifite2 -wps attack even using it in the same spot .. but the first wifite has trouble capturing a handshake while wifite2 captures that shit like a boss... Around here (red Oak ,IOwa) Rual Area centurylink (SSID =Century link xxxx)routers are vun to the pixie attack / Belkin /and a few netgear routers are vun... How do you get wps attack to bring up target n wifite2?... and yeah little ass towns allways have old ass equip /no update...
vom513
commented
6 years ago The current version of wifite2 - uses bully by default for WPS attacks. The current issue seems to revolve around wifite2 not interpreting the output from bully correctly. Even though wifite2 will say that pixie was unsuccessful for example, you can check the actual bully output files and see that it was indeed cracked. So it seems to be launching and driving bully correctly - but the output is getting dropped or confused.
alldayi420
commented
6 years ago yeah ...no when i do ./Wifite.py with no options it does not even try wps attacks at all when i put the argument -wps or --pixie it scans but no clients show .. the old wifite used rever?...wps attacks?..pixie..?
Jason Weston Szymarek Ethical Hacking & IT Services PC Repair & Pentesting Red Oak, IA 51566 402-965-1174
On Tue, Nov 14, 2017 at 9:39 AM, vom513 notifications@github.com wrote:
The current version of wifite2 - uses bully by default for WPS attacks. The current issue seems to revolve around wifite2 not interpreting the output from bully correctly. Even though wifite2 will say that pixie was unsuccessful for example, you can check the actual bully output files and see that it was indeed cracked. So it seems to be launching and driving bully correctly - but the output is getting dropped or confused.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/derv82/wifite2/issues/28#issuecomment-344298317, or mute the thread https://github.com/notifications/unsubscribe-auth/AUGPZfqVCNJ76TTKQYFxabBhWaed8c4iks5s2bQxgaJpZM4NvQs9 .
kimocoder
commented
6 years ago @derv82 do you still need a pixiedust vulnarable router? I May donate you one, no problem. Give me a heads up
kimocoder
commented
6 years ago Contact me private at kimocoder(at)hotmail.com I may provided a router for both this issue and this one. Thanks.
derv82
commented
6 years ago Let me just say: I would very much appreciate a test router that is vulnerable to Pixie-Dust!
I've tried many times to find a router...
I shot you an email
derv82
commented
6 years ago @alldayi420 The issue of WPS detection was fixed in https://github.com/derv82/wifite2/issues/62
However, Wifite 2 should not be trusted with WPS attacks right now. You can run bully/reaver manually in the meantime.
# Running reaver:
reaver -i INTERFACE -vv -K -c CHANNEL -b BSSID
# Example for channel 11 and interface wlan0mon:
reaver -i wlan0mon -vv -K -c 11 -b AA:BB:CC:DD:EE:FF
# Running bully:
bully --pixiewps -c CHANNEL -b BSSID IFACE
# Example for channel 11 and interface wlan0mon:
bully --pixiewps -c 11 -b AA:BB:CC:DD:EE:FF wlan0monI can fix Wifite2's WPS PixieDust/PIN attacks once I get a router that is susceptible to Bully/Reaver.
Pasting what I said in https://github.com/derv82/wifite2/issues/60 :
Can you (or anyone else) provide me the entire output of bully (and reaver too)? With the output, I can try to get Wifite working again. Separating stdout/stderr would help.
kimocoder
commented
6 years ago No problem. I'll check it later today and may send one after this weekend.
derv82
commented
6 years ago Got the output for both reaver and bully from @vom513 in #60
Already I see why Wifite2 doesn't work: The output of Reaver/Pixiewps appears to have changed (again).
Here's the output of reaver, I'm assuming it's a newer version of reaver:
Pixiewps 1.4
[?] Mode: 3 (RTL819x)
[*] Seed N1: -
[*] Seed ES1: -
[*] Seed ES2: -
[*] PSK1: 2c2e33f5e3a870759f0aeebbd2792450
[*] PSK2: 3f4ca4ea81b2e8d233a4b80f9d09805d
[*] ES1: 04d48dc20ec785762ce1a21a50bc46c2
[*] ES2: 04d48dc20ec785762ce1a21a50bc46c2
[+] WPS pin: 11867722
[*] Time taken: 0 s 21 msWifite2 was expecting this format (old reaver output):
First, the regexes do not match the new format:
Second, Wifite fails if the PSK is not found. Apparently Reaver/Pixiewps no longer print this out:
https://github.com/derv82/wifite2/blob/1a063edc42e55b4b185715f1719a92feb9b7da78/py/Reaver.py#L78-L81
derv82
commented
6 years ago Added some "tests" for the output given by vom513, and updated Wifite's regexes so it looks like Pixie-Dust attacks should work now (for both reaver & bully).
Wifite uses reaver by-default. You can run bully using the --bully switch.
Let me know if it works (or crashes 😭).
Even if Wifite2 can crack WPS using Pixie-Dust again (hopefully), I still want to clean up the entire WPS attacking method:
I added a note on the TODO.md about improving the output of WPS attacks (more-verbose but not too verbose, consistent between reaver/bully). And I want to remove WPS PIN cracking entirely from Wifite 😱 because Wifite shouldn't even try to do something that may take multiple days/weeks/months.
derv82
commented
6 years ago Alright, the PixieDust attacks should look a whole lot better now. And behave better.
From the commit above:
--wps-time X: (-wpst) Total time for WPS attack to complete (5min)--wps-timeouts X: (-wpsto) Max number of timeouts before failing (100 -- was 30)--wps-fails X: (-wpsf) Max number of WPSFails before failing (100 -- was 30)All other WPS-related switches were removed. Except for the base switches:
--wps--wps-only--no-wpsbully instead of reaver: --bullyAnd the output is more consistent between reaver & bully:
Looking at the GIF... The attack progress line is getting kind of long. I might remove BSSID from the output (but leave power/db).
ravenphreaker
commented
6 years ago Hey derv82 long time fan and ravenphreaker from tophatsec forum. Just letting you know any ralink chipset router I have come across has been susceptible. I get the pin almost every time the only reason it fails would be signal strength usually. Atheros is hit and miss. Broadcom usually isn't if they have been updated. Hope that helps
chams1012
commented
6 years ago 
Hi @ravenphreaker i dont know how you managed , I have been trying with 3 different router and nothing Dlink 850L , Dlink 803 and another tp link still nothing , however before with pixie 1.2 it used to work in all my routers no exception
twix87
commented
5 years ago Help, i need conclusion.
First Time:
Other Time:
Failed: Reaver says "WPS pin not found"
alldayi420
commented
4 years ago Hey,
I just signed the petition "Clemency for Ross Ulbricht: Condemned to Die in Prison for a Website" and wanted to see if you could help by adding your name.
Our goal is to reach 300,000 signatures and we need more support. You can read more and sign the petition here:
Thanks! Michelle
This means I can't test Wifite against susceptible routers.
I have the cash to buy more test routers, but I don't have the time to find routers that are still susceptible to Pixie-Dust -- and that do not rate limit PIN attacks.
If anyone knows of susceptible Wifi router models, please let me know.