Automated Pixie Dust Attack: receiving WPS PINs and Wi-Fi passwords without input any commands
I have already said about WiFi-autopwner script. Lately it was enhanced much in the Pixie Dust attack, now it is much more intelligent.
Pixie Dust Attack allows revealing WPS PIN quickly for some WPS enabled access points.
Currently, the WiFi-autopwner script allows you to perform an automated and intelligent Pixie Dust attack against all access points within range. Thanks to automation, the attacker does not need any action: just start the program and wait for the results.
Intelligence WiFi-autopwner is that:
- from all access points in the accessibility range are selected only WPS enabled;
- if WPS is enabled, but locked, such an access point is also skipped;
- support for a black list and a list of hacked access points so that you do not waste time on them again;
- in case of disclosing the PIN, an attempt is made to obtain a password from the Wi-Fi network, and a rather unusual but reliable technique is used;
- all the described operations are performed completely automatically.
In my conditions - up to 15 available APs with WPS, in one run of the program in a fairly short time it is possible to get 2-4 WPA passwords!
Let's start with the installation of the script:
git clone https://github.com/Mi-Al/WiFi-autopwner.git cd WiFi-autopwner/
Run the script:
sudo bash wifi-autopwner.sh
We are greeted by the menu:
If you have more than one wireless interface, then press the number "1" and select the one you want to use. If you have only one Wi-Fi adapter, it will be automatically selected. I have the following records about this:
There is one wireless interface on your system. Automatically Selected Information: Selected wireless interface wlan0. Mode: managed
Now we need to set the wireless interface to monitor mode, for this select the third menu item.
Now the interface is in monitor mode, so we are completely ready to launch attacks.
Choose the seventh menu item and … just wait.
Next, completely on autopilot the program will find access points with WPS, and will Pixie Dust them all.
If the attack fails (no PIN found), the script simply proceeds to the next access point.
If a PIN is found,
the program writes it to the main window and immediately tries to get the WPA password:
At the first start the program creates empty text files cracked.txt and blacklist.txt, in which you can write down the names of access points that you need to skip when auditing wireless networks.
An example of a launch when 4 PINs and 4 Wi-Fi passwords were received for out of 31 WPS networks:
By the way, if you know the PIN, then you should to keep in you mind, the program has a mode (the eighth item in the menu) of getting the Wi-Fi password from the known WPS PIN - try it, there is a great chance that the password will be opened too.
Last Updated on
- WiFi-autopwner: script to automate searching and auditing Wi-Fi networks with weak security (100%)
- WiFi-autopwner 2: user manual and overview of new features (75.8%)
- How to hack Wi-Fi in 2020 (74.4%)
- How to hack Wi-Fi with a normal adapter without monitor mode (70.8%)
- Reaver cracked WPS PIN but does not reveal WPA-PSK password (SOLVED) (68.3%)
- Ettercap user manual: man-in-the-middle attack (MitM), password interception, HSTS bypass, data modification on the fly, custom filters and plug-ins usage, BeEF hooks, infection with backdoors (RANDOM - 0.9%)