[SOLVED] PixieWPS - WPS pin not found!

Started by Shana, March 27, 2016, 10:46:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Shana

March 27, 2016, 10:46:16 AM Last Edit: August 01, 2016, 08:44:34 PM by ZEROF
Hey guys, I tried searching for this problem on these forums and could not find anything, however if a thread exists please direct me to it.

I am on the ath9k driver with a AR9565 chipset card using Reaver 1.5.2 community fork version with PixieWPS 1.2 and libpcap downgraded from 1.5.x to 0.8-1.4.0 (in order for association to work properly and for wash to display scan results). My problem begins when using reaver in combination with pixieWPS I receive this error "WPS Pin not found!", after reaver retrieves PKE, E-Nonce, Authkey, and E-Hashes and passes them to PixieWPS. I am using aireplay to associate in a seperate terminal. I've checked wash and WPS is version 1.0 and not locked.

The commands I am using are:
airmon-zc start wlan0
airodump-ng wlan0mon
wash -i wlan0mon
aireplay-ng -1 30 wlan0mon -a xx:xx:xx:xx:xx:xx
reaver -i wlan0mon -b xx:xx:xx:xx:xx:xx -c 1 -K 1 -H -A -vvv

after reaver command completes and pixie error is shown, data file is generated on my desktop containing all relevant auth info.

If you guys have any information to help me it'd be very appreciate, I've had many a sleepless night working on this.

ZEROF

#1
March 27, 2016, 11:00:25 AM
Hi,

It's normal that so old tool don't work. First because attack don't have some use, 2nd tool dev don't give support for his work anymore. Best place to ask question is author site or if they have some kind of place where you can push bug pull request. We don't work on this tool and I don't know how we can be help you right now.

Hope that some other user can give you hand on this one, but that is one big "maybe".

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

Shana

#2
March 27, 2016, 11:27:14 AM
Quote from: ZEROF on March 27, 2016, 11:00:25 AM
Best place to ask question is author site or if they have some kind of place where you can push bug pull request. We don't work on this tool and I don't know how we can be help you right now.

Hope that some other user can give you hand on this one, but that is one big "maybe".

I see, thanks for your quick reply, I'll see if the community fork version has an area as well. Is Reaver itself generally unsupported by the community even though its packaged with the distro? If so what other tools would you yourself recommend for testing against WPS vulns?

ZEROF

#3
March 27, 2016, 03:53:04 PM Last Edit: March 27, 2016, 04:09:00 PM by ZEROF
Reaver can be used, but I'm not sure that we can say same about modules, forks etc. they have short time life support. WPS is not best attack to use and it will not work on 99% of modern routers. We don't have reaver in our repository anymore, people can install version from trusty repository and because of that you think that we support reaver updates, but it's done but Ubuntu community, no profit and fun.

As you can see from: https://docs.google.com/spreadsheets/d/1tSlbqVQ59kGn8hgmwcPTHUECQ3o9YhXR91A_p7Nnj5Y/edit?pref=2&pli=1#gid=2048815923

We can see only 100 models were tested and that is not much if you ask me, can work but you are not sure if it will because router manufacter push updates, and most providers have own firmwares this days, that can explain, why even if you have found some of this devices they don't have this vulnerability anymore.

Anyway from day one WPS was only PoC, and today you need to be very lucky to find one to play with.

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

Shana

#4
March 28, 2016, 07:55:26 AM
Thanks for the info
Print
Go Up Pages1
User actions