How To: Get WPA-WPS Passwords with Pyxiewps.

Get WPA-WPS Passwords with Pyxiewps.

Hello dear friends! I'm jgilhutton and I want to show you guys a Python wrapper I made a few months ago.

It's name is Pyxiewps and uses pixiewps, reaver and airodump to retrieve the WPA password in at least 9 secods! (Best case scenario) It takes advantage of the pixie-dust vulnerability found by Dominique Bongard, that affects some WPS-active access points.

SO... for this attack to work, the AP has to be WPS active.

It's meant yo work on Linux only, specially in Kali Linux. If you run the script in any other distro, it will ask you to install the 'dependencies' first (DEB package system).

I wrote this script because I wanted something automatic and designed for wardriving! I think it's easy to use and here is the How To (It's not flawless... that means that you may or may not encounter some problems):

Step 1: Download the Program!

Two ways to do this:

1-Go to https://github.com/jgilhutton/pyxiewps and download the Zip file. You'll have a compressed file into your Downloads folder. Decompress it and you are all set.

2-If you have Git installed into your box, from a terminal run:
git clone https://github.com/jgilhutton/pyxiewps
You'll have a new directory into the path where you ran the command.

Step 2: Read the Manual!

From a terminal run:
python pyxiewps-LANGUAGE.py -h
This will show you the help menu.

There are a hole bunch of options there but don't worry if you are lazy! There are optional modes that will make your life a lot easier. WALK and DRIVE mode are designed for wardriving.

Most common combination of arguments are -m MODE -o outputfile.txt. The -o flag is pretty much self-explanatory.

Step 3: Get Those Passwords!

From a terminal run:
python pyxiewps-LANGUAGE.py -m STATIC -o output.txt
This command will make the script run only once, but with plenty of time to get the job done.
Here is a demonstration video:

Pretty fast right? The video shows that it doesn't matter how secure the password is, if the router is vulnerable, IT WILL GET THE KEY.

REMEMBER: This will work only if the router is vulnerable to this attack AND has WPS activated.

NOTE: In the Github repository, there is also a "swearing version". It feels kinda Samuel L. Jackson hacking WiFi. Try it if you want some lulz. Code has to be funny!

ROOTPANIC: You must run the script like root. Don't worry about it, but if you don't trust me, you can always read the source code :)

Maybe you are wondering: There are plenty of tools that exploit this vulnerability... why did I wrote another one? Well, you'll see, this is MINE! I WROTE THAT! AND IT FEELS GOOOOOD. So you should try it!

Maybe you are now wondering again: Do I need to be a programming guru tu to this? And the answer is NO! The longest script that I wrote before this one was about 40 lines long, and it was a disaster! So I jumped right into thisone without knowing much Python. Think about it.

Ok that's all folks!
This was my first entry here in this awesome community that got me started into this awesome world.
Go crack some things!

jgilhutton.

4 Comments

Fantastic contribution! I'm looking forward to even more tutorials.

Perhaps in your next post you could explain the science behind your program?

Thanks anyway! :D
Cameron

wifite shows that the target AP is wps enabled, However attacking with
pyxiewps gives the following error.

! WPS pin was not found.
Probably, the AP is not vulnerable to this attack
and never will. Move on.

Thats perfectly normal! :)
wifite is right, so is pyxiewps.

pixiewps won't attack those APs with WPS deactivated. This error appears only if the attack is unsuccessful, like that one. The point is that the access point IS attacked but, probably, the router is not vulnerable.

Perhaps, you are using some of the available modes of pyxiewps. When those modes are used (except STATIC) not all of the WPS-WPA routers are listed. To list all of the APs use STATIC mode.

Please! Read de README from the repository AND the help menu from the script.

Good luck!

jgilhutton

awesome script - works well, may i suggest you post it forums.kali.org . your script is better than many more popular scripts. Question: any links to read up on how to use wps pin to get wpa pass? Ive gotten the result 'Can't get password......WPS pin to access wireless network' a number of times now. Again thank you for sharing this script - and look forward to your next projects.

Share Your Thoughts

  • Hot
  • Latest