Author Topic: New Pixie Dust Attack/Exploit (WPS Enabled Routers)  (Read 4732 times)

0 Members and 1 Guest are viewing this topic.

Offline FurqanHanif

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -6
    • View Profile
New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« on: March 19, 2015, 02:03:09 pm »
Any one hears about this Pixie Dust attack/exploit?? is their any tool available yet to do this attack ?? if not then any one knows how to do it, i think it has Something to do with M3 , Es1 , ES 2 , hash Decrypt and then Brute force the WPS pin. So how to Decrypt and Brute Force Pin Exactly ..??  :o (Please Post if Someone Knows anyThing (Tool etc) Regarding this Attack.. :)

http://www.slideshare.net/0xcite/offline-bruteforce-attack-on-wifi-protected-setup
« Last Edit: March 19, 2015, 03:07:54 pm by FurqanHanif »

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #1 on: March 19, 2015, 02:15:04 pm »
Intertesting, keep us posted. ty
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline FurqanHanif

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -6
    • View Profile
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #2 on: March 19, 2015, 08:48:36 pm »
Well it Looks Like Pixie Dust attack Really exists...
An person posted POC(proof of concept) on kali forum in Which he Successfully Recovered the correct WPS PIN via Offline Brute Forcing PIN .........
(For more info Visit)
https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)/page4&highlight=pixie+dust+attack
« Last Edit: March 19, 2015, 08:49:19 pm by FurqanHanif »

Offline nrael

  • Peasant
  • *
  • Posts: 66
  • Cookies: -7
    • View Profile
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #3 on: March 19, 2015, 09:51:29 pm »
as far as I know there's the cool called "reaver"

I did try but it never worked.

or is this pixie attack something else / new?

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #4 on: March 20, 2015, 08:11:40 am »
as far as I know there's the cool called "reaver"

I did try but it never worked.

or is this pixie attack something else / new?
Yes that was back in the days before most of the devices got patched.
And yes it did work, must have been over 4 years ago now.

We have a NOWPS policy for any device that even remotely thinks about wireless.
« Last Edit: March 20, 2015, 08:13:24 am by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Relapse

  • /dev/null
  • *
  • Posts: 17
  • Cookies: 2
  • So much money, I didn't know what to do with it.
    • View Profile
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #5 on: March 25, 2015, 09:47:09 am »
reaver is a very active attack, not an offline BF attack. Do some research before asking dumb questions, you didn't really think these other guys have never heard of reaver did you?


https://passwordscon.org/wp-content/uploads/2014/08/Dominique_Bongard.pdf


This is very interesting actually. Reading through the .PDF, never thought of triggering the breakers but it's almost 80% always accessible physically.

Offline v32itas

  • Peasant
  • *
  • Posts: 123
  • Cookies: -4
  • coup de grâce
    • View Profile
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #6 on: March 28, 2015, 03:57:12 am »
This could be nice. To advanced for me, but  i miss those days when reaver was effective. Dictionary attacks sux.
"There is nothing more deceptive then an obvious fact." - SH

“There was no such thing as a fair fight. All vulnerabilities must be exploited.”
― Cary Caffrey





Offline techb

  • Soy Sauce Feeler
  • Global Moderator
  • King
  • *
  • Posts: 2350
  • Cookies: 345
  • Aliens do in fact wear hats.
    • View Profile
    • github
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #7 on: March 28, 2015, 04:07:42 am »
Most routers I have come across requires you to physically hit a button or an option in the firmware before activating WPS, and even then its temporary. The only devices I can think of that might have WPS active by default would be like printers or something.
>>>import this
-----------------------------

Offline FurqanHanif

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -6
    • View Profile

Offline v32itas

  • Peasant
  • *
  • Posts: 123
  • Cookies: -4
  • coup de grâce
    • View Profile
"There is nothing more deceptive then an obvious fact." - SH

“There was no such thing as a fair fight. All vulnerabilities must be exploited.”
― Cary Caffrey





Offline deviant_sheep

  • /dev/null
  • *
  • Posts: 5
  • Cookies: 1
    • View Profile
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #10 on: April 04, 2015, 06:45:13 pm »
Oh shit.. this is good stuff.. I read about this a few months ago but this tool wasnt available afaik.. Im giving this a try like.. now.  Will post back with results.
Quote
Your mind is programmable. If you’re not programming your mind, someone else will program it for you.
--Jeremy Hammond

Offline nrael

  • Peasant
  • *
  • Posts: 66
  • Cookies: -7
    • View Profile
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #11 on: April 04, 2015, 08:27:35 pm »
I tried hours to get it work. I've run the updated reaver version and got the PKE and the auth key but reaver sucks up after the sending M2 message, so I don't get the E-HASH1 and 2.

Made someone the same experience or did it work?

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: New Pixie Dust Attack/Exploit (WPS Enabled Routers)
« Reply #12 on: April 07, 2015, 04:54:46 am »
I tried hours to get it work. I've run the updated reaver version and got the PKE and the auth key but reaver sucks up after the sending M2 message, so I don't get the E-HASH1 and 2.

Made someone the same experience or did it work?

I was having the same issues in a live hack, you need to be closer to the AP

My dumbass tried it on a realtek thinking it was a ralink lmfao wondering wtf, why didn't it work hahaha

On vulnerable routers, this really works a treat! You're talking WPS Pins in a matter of minutes. Beats the hell out of WEP attacks!
« Last Edit: April 07, 2015, 05:17:53 am by DeepCopy »
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry