It's name is Pyxiewps and uses pixiewps, reaver and airodump to retrieve the WPA password in at least 9 secods! (Best case scenario) It takes advantage of the pixie-dust vulnerability found by Dominique Bongard, that affects some WPS-active access points.
SO... for this attack to work, the AP has to be WPS active.
It's meant yo work on Linux only, specially in Kali Linux. If you run the script in any other distro, it will ask you to install the 'dependencies' first (DEB package system).
Step 1: Download the Program!
Two ways to do this:
1-Go to https://github.com/jgilhutton/pyxiewps and download the Zip file. You'll have a compressed file into your Downloads folder. Decompress it and you are all set.
2-If you have Git installed into your box, from a terminal run:
git clone https://github.com/jgilhutton/pyxiewps
You'll have a new directory into the path where you ran the command.
git clone https://github.com/jgilhutton/pyxiewps
You'll have a new directory into the path where you ran the command.
Step 2: Read the Manual!
From a terminal run:
python pyxiewps-LANGUAGE.py -h
This will show you the help menu.
python pyxiewps-LANGUAGE.py -h
This will show you the help menu.
There are a hole bunch of options there but don't worry if you are lazy! There are optional modes that will make your life a lot easier. WALK and DRIVE mode are designed for wardriving.
Most common combination of arguments are -m MODE -o outputfile.txt. The -o flag is pretty much self-explanatory.
Step 3: Get Those Passwords!
From a terminal run:
python pyxiewps-LANGUAGE.py -m STATIC -o output.txt
This command will make the script run only once, but with plenty of time to get the job done.
Here is a demonstration video:
python pyxiewps-LANGUAGE.py -m STATIC -o output.txt
This command will make the script run only once, but with plenty of time to get the job done.
Here is a demonstration video:
.jpg)
0 commentaires:
Enregistrer un commentaire