How to Get WPA-WPS Passwords with Pyxiewps.
Hello dear friends! I'm jgilhutton and I want to show you guys a Python wrapper I made a few months ago.
It's name is Pyxiewps and uses pixiewps, reaver and airodump to retrieve the WPA password in at least 9 secods! (Best case scenario) It takes advantage of the pixie-dust vulnerability found by Dominique Bongard, that affects some WPS-active access points.
SO... for this attack to work, the AP has to be WPS active.
It's meant yo work on Linux only, specially in Kali Linux. If you run the script in any other distro, it will ask you to install the 'dependencies' first (DEB package system).
I wrote this script because I wanted something automatic and designed for wardriving! I think it's easy to use and here is the How To (It's not flawless... that means that you may or may not encounter some problems):
Two ways to do this:
1-Go to https://github.com/jgilhutton/pyxiewps and download the Zip file. You'll have a compressed file into your Downloads folder. Decompress it and you are all set.
2-If you have Git installed into your box, from a terminal run:
git clone https://github.com/jgilhutton/pyxiewps
You'll have a new directory into the path where you ran the command.
From a terminal run:
python pyxiewps-LANGUAGE.py -h
This will show you the help menu.
There are a hole bunch of options there but don't worry if you are lazy! There are optional modes that will make your life a lot easier. WALK and DRIVE mode are designed for wardriving.
Most common combination of arguments are -m MODE -o outputfile.txt. The -o flag is pretty much self-explanatory.
From a terminal run:
python pyxiewps-LANGUAGE.py -m STATIC -o output.txt
This command will make the script run only once, but with plenty of time to get the job done.
Here is a demonstration video:
Pretty fast right? The video shows that it doesn't matter how secure the password is, if the router is vulnerable, IT WILL GET THE KEY.
REMEMBER: This will work only if the router is vulnerable to this attack AND has WPS activated.
NOTE: In the Github repository, there is also a "swearing version". It feels kinda Samuel L. Jackson hacking WiFi. Try it if you want some lulz. Code has to be funny!
ROOTPANIC: You must run the script like root. Don't worry about it, but if you don't trust me, you can always read the source code :)
Maybe you are wondering: There are plenty of tools that exploit this vulnerability... why did I wrote another one? Well, you'll see, this is MINE! I WROTE THAT! AND IT FEELS GOOOOOD. So you should try it!
Maybe you are now wondering again: Do I need to be a programming guru tu to this? And the answer is NO! The longest script that I wrote before this one was about 40 lines long, and it was a disaster! So I jumped right into thisone without knowing much Python. Think about it.
Ok that's all folks!
This was my first entry here in this awesome community that got me started into this awesome world.
Go crack some things!