Pixie Dust attack with Pineapple?

[raz0r]

with the reboot all working gonna test it now many thanks :)

[DataHead]

All im looking for really in this test version, is if all the output is there . It should also be quite a bit more output than what we are use to seeing.

[crazyclown]

The -P switch doesn't do anything.

root@Pineapple:/sd# reaver -i mon0 -b 9C:97:26:XX:XX:XX -c 1 -vv -P

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright © 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

reaver: invalid option -- P
[+] Switching mon0 to channel 1
Required Arguments:
-i, --interface=<wlan> Name of the monitor-mode interface to use
-b, --bssid=<mac> BSSID of the target AP

Optional Arguments:
-m, --mac=<mac> MAC of the host system
-e, --essid=<ssid> ESSID of the target AP
-c, --channel=<channel> Set the 802.11 channel for the interface (implies -f)
-o, --out-file=<file> Send output to a log file [stdout]
-s, --session=<file> Restore a previous session file
-C, --exec=<command> Execute the supplied command upon successful pin recovery
-D, --daemonize Daemonize reaver
-a, --auto Auto detect the best advanced options for the target AP
-f, --fixed Disable channel hopping
-5, --5ghz Use 5GHz 802.11 channels
-v, --verbose Display non-critical warnings (-vv for more)
-q, --quiet Only display critical messages
-h, --help Show help

Advanced Options:
-p, --pin=<wps pin> Use the specified 4 or 8 digit WPS pin
-d, --delay=<seconds> Set the delay between pin attempts [1]
-l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
-g, --max-attempts=<num> Quit after num pin attempts
-x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0]
-r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts
-t, --timeout=<seconds> Set the receive timeout period [5]
-T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.20]
-A, --no-associate Do not associate with the AP (association must be done by another application)
-N, --no-nacks Do not send NACK messages when out of order packets are received
-S, --dh-small Use small DH keys to improve crack speed
-L, --ignore-locks Ignore locked state reported by the target AP
-E, --eap-terminate Terminate each WPS session with an EAP FAIL packet
-n, --nack Target AP always sends a NACK [Auto]
-w, --win7 Mimic a Windows 7 registrar [False]

Example:
reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv

Edited May 16, 2015 by crazyclown

[crazyclown]

Check your PM, there was a lot to paste so I've just sent you a message.

[raz0r]

i noticed that to ;)

[ZaraByte]

Kinda edgy to use an infusion i think once this is stable would be better i personally think im not much of a fan of having to ssh into the pineapple to run the commands i can do all of that using my nexus 7 tablet running nethunter.

Reason i recommend an infusion over having to ssh into the pineapple is i dunno about alot of people but when your on a deadline or only gonna be in the area a short time time is important any time you can save yourself is good.

Gonna think about people who are bad with remembering commands or just dyslexic i recently was introduced by a friend on Skype to start using aliasing its amazing how much time i can save just by using that to issue the commands for me for example..

i have a aliasing set to auto start monitor mode for me on my nexus 7 tablet and also to auto start autopixiewps with just 3-4 letters.

[DataHead]

Yeah, i must of zipped the wrong ipk my bad, but it should be in a decent releasable state soon. Thank you for testing

[fringes]

...

Reason i recommend an infusion over having to ssh into the pineapple is i dunno about alot of people but when your on a deadline or only gonna be in the area a short time time is important any time you can save yourself is good.

...

I agree, except I believe DataHead is only working on a POC for the pineapple. I'm hoping that once he has completed this, WistleMaster might be encouraged to integrate pixiewps into the WPS infusion.

[DataHead]

Ill leave the infusion end of things to the infusion creators, especially since there is already a wps infusion. All im doing is making the tools that i worked on available on the pineapple, so they can be used in infusions

[DataHead]

if the merge goes nicely, and there arent more bugs with the newer test version, then we will be seeing this rather soon.

[DataHead]

I will however along side put out a python script in conjunction with the modified reaver and pixiewps

[ZaraByte]

The only issue with the pixie dust attack is that it only effects a limited chipsets and that so far appears to be smaller then the amount of networks that are vulnerable to wps attacks i've got a public list its kinda small of chipsets that are effected and not effected by pixie dust.

I've honestly had better luck so far with reaver and reaver pro then i've had with the pixie dust attack on wps.

2 years ago wps was more vulnerable then it is today due to patches and newer hardware the limits failed pin try's half if not all Comcast home routers are no longer vulnerable to wps attacks.

Reminds me of a thing a friend of mine on skype and i were talking about with the fact that most people don't even own a computer now days since they can do everything they wanna do just using their smart phone or tablets.

the need to having a computer in your house has pretty much come and gone people who do own a computer have their own routers and stuff.

Just seems by me doing site surveys in my area that most of the people in town alone all pretty much have internet from Comcast or centurylink its pretty obvious to tell who has comcast and who has centurylink just by their SSID name.

Edited May 16, 2015 by ZaraByte

[DataHead]

i need testers for mine and t6x's reaver 1.5.2

if you would like to test it, and if i accept you to test it ( dont need a ton of testers ) send me a PM here on the forums, and i will provide the link.

has full pixiedust outputs, thanks to the folks whom tested and provided their outputs prior to this, i was able to make this a quick process. BUT, just because i got it cross compiled, does not mean that it will work 100%, and until i release pixiewps, some specific features will not work ( -K ).

i need people to test things such as the default key generater ( -W i believe ). i think that might be broken and have to convert its portion to the big endianness aswel, not sure yet.

and i do repeat, this build and previous test builds i had people test, is not and are not official from the hak5 team, so do not go asking them for help from my test builds, as im sure its not supported.

you test these at your own risk.

but as my pineapple isnt working ( might have to get a replacement when i can afford it ) i am doing this somewhat blindly, and need people to test for me.

Edited May 16, 2015 by DataHead

[raz0r]

add me up

[DataHead]

Im going to be having these pushed to the respective repos, so stay tuned.

[DataHead]

will post reaver and pixiewps very soon. And please, i cant put enough emphasis on this, these are not official packages peovided from the hak5 team, and there for are NOT supported by them. Until if and or when they add them into their official repos, and you download it from their official repos, this is all installed at YOUR OWN RISK. so using these provided ipk's, do not go to the hak5 team for support for which are not officially provided by them.

i also hold no responsibility for any damage or for your usage that may occur, i can provide the sources and installable ipk's, and can give you my word that their is no malicious code added to these ipk's, they are clean and no infection, ive simply made them to work on openwrt ar71xx big endiann devices.

it is your choice if you want to use them or not.

edit:

released here: https://forums.hak5.org/index.php?/topic/35864-release-pixiewps-11-reaver-152/

Edited May 17, 2015 by DataHead