Jump to content

Pixie Dust attack with Pineapple?

Recommended Posts

The -P switch doesn't do anything.

root@Pineapple:/sd# reaver -i mon0 -b 9C:97:26:XX:XX:XX -c 1 -vv -P

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright © 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

reaver: invalid option -- P
[+] Switching mon0 to channel 1
Required Arguments:
-i, --interface=<wlan> Name of the monitor-mode interface to use
-b, --bssid=<mac> BSSID of the target AP

Optional Arguments:
-m, --mac=<mac> MAC of the host system
-e, --essid=<ssid> ESSID of the target AP
-c, --channel=<channel> Set the 802.11 channel for the interface (implies -f)
-o, --out-file=<file> Send output to a log file [stdout]
-s, --session=<file> Restore a previous session file
-C, --exec=<command> Execute the supplied command upon successful pin recovery
-D, --daemonize Daemonize reaver
-a, --auto Auto detect the best advanced options for the target AP
-f, --fixed Disable channel hopping
-5, --5ghz Use 5GHz 802.11 channels
-v, --verbose Display non-critical warnings (-vv for more)
-q, --quiet Only display critical messages
-h, --help Show help

Advanced Options:
-p, --pin=<wps pin> Use the specified 4 or 8 digit WPS pin
-d, --delay=<seconds> Set the delay between pin attempts [1]
-l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
-g, --max-attempts=<num> Quit after num pin attempts
-x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0]
-r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts
-t, --timeout=<seconds> Set the receive timeout period [5]
-T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.20]
-A, --no-associate Do not associate with the AP (association must be done by another application)
-N, --no-nacks Do not send NACK messages when out of order packets are received
-S, --dh-small Use small DH keys to improve crack speed
-L, --ignore-locks Ignore locked state reported by the target AP
-E, --eap-terminate Terminate each WPS session with an EAP FAIL packet
-n, --nack Target AP always sends a NACK [Auto]
-w, --win7 Mimic a Windows 7 registrar [False]

reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv

Edited by crazyclown
Link to comment
Share on other sites

Kinda edgy to use an infusion i think once this is stable would be better i personally think im not much of a fan of having to ssh into the pineapple to run the commands i can do all of that using my nexus 7 tablet running nethunter.

Reason i recommend an infusion over having to ssh into the pineapple is i dunno about alot of people but when your on a deadline or only gonna be in the area a short time time is important any time you can save yourself is good.

Gonna think about people who are bad with remembering commands or just dyslexic i recently was introduced by a friend on Skype to start using aliasing its amazing how much time i can save just by using that to issue the commands for me for example..

i have a aliasing set to auto start monitor mode for me on my nexus 7 tablet and also to auto start autopixiewps with just 3-4 letters.

Link to comment
Share on other sites


Reason i recommend an infusion over having to ssh into the pineapple is i dunno about alot of people but when your on a deadline or only gonna be in the area a short time time is important any time you can save yourself is good.


I agree, except I believe DataHead is only working on a POC for the pineapple. I'm hoping that once he has completed this, WistleMaster might be encouraged to integrate pixiewps into the WPS infusion.

Link to comment
Share on other sites

Ill leave the infusion end of things to the infusion creators, especially since there is already a wps infusion. All im doing is making the tools that i worked on available on the pineapple, so they can be used in infusions

Link to comment
Share on other sites

The only issue with the pixie dust attack is that it only effects a limited chipsets and that so far appears to be smaller then the amount of networks that are vulnerable to wps attacks i've got a public list its kinda small of chipsets that are effected and not effected by pixie dust.

I've honestly had better luck so far with reaver and reaver pro then i've had with the pixie dust attack on wps.

2 years ago wps was more vulnerable then it is today due to patches and newer hardware the limits failed pin try's half if not all Comcast home routers are no longer vulnerable to wps attacks.

Reminds me of a thing a friend of mine on skype and i were talking about with the fact that most people don't even own a computer now days since they can do everything they wanna do just using their smart phone or tablets.

the need to having a computer in your house has pretty much come and gone people who do own a computer have their own routers and stuff.

Just seems by me doing site surveys in my area that most of the people in town alone all pretty much have internet from Comcast or centurylink its pretty obvious to tell who has comcast and who has centurylink just by their SSID name.

Edited by ZaraByte
Link to comment
Share on other sites

i need testers for mine and t6x's reaver 1.5.2

if you would like to test it, and if i accept you to test it ( dont need a ton of testers ) send me a PM here on the forums, and i will provide the link.

has full pixiedust outputs, thanks to the folks whom tested and provided their outputs prior to this, i was able to make this a quick process. BUT, just because i got it cross compiled, does not mean that it will work 100%, and until i release pixiewps, some specific features will not work ( -K ).

i need people to test things such as the default key generater ( -W i believe ). i think that might be broken and have to convert its portion to the big endianness aswel, not sure yet.

and i do repeat, this build and previous test builds i had people test, is not and are not official from the hak5 team, so do not go asking them for help from my test builds, as im sure its not supported.

you test these at your own risk.

but as my pineapple isnt working ( might have to get a replacement when i can afford it ) i am doing this somewhat blindly, and need people to test for me.

Edited by DataHead
Link to comment
Share on other sites

will post reaver and pixiewps very soon. And please, i cant put enough emphasis on this, these are not official packages peovided from the hak5 team, and there for are NOT supported by them. Until if and or when they add them into their official repos, and you download it from their official repos, this is all installed at YOUR OWN RISK. so using these provided ipk's, do not go to the hak5 team for support for which are not officially provided by them.

i also hold no responsibility for any damage or for your usage that may occur, i can provide the sources and installable ipk's, and can give you my word that their is no malicious code added to these ipk's, they are clean and no infection, ive simply made them to work on openwrt ar71xx big endiann devices.

it is your choice if you want to use them or not.


released here: https://forums.hak5.org/index.php?/topic/35864-release-pixiewps-11-reaver-152/

Edited by DataHead
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...