aanarchyy / wifite-mod-pixiewps Goto Github PK

The pre-release version of pixiewps 1.1 doesnt play nice with wifite. And pixiewps 1.1 is do out any day.
The script should check versions of programs it uses to at least warn user.
Reaver
pixiewps
etc

Wifite failed because pixie failed a known vulnerable chipset. Emailed output. The router was indeed vulnerable

I have installed Kali linux 2017.1 x86 light. I have ran "apt-get update", "apt-get upgrade" and "apt-get install kali-linux-wireless". Wifite keeps saying the following. How can I fix it?
[+] scanning for wireless devices...
Traceback (most recent call last):
File "/usr/bin/wifite", line 3462, in <module>
engine.Start()
File "/usr/bin/wifite", line 1313, in Start
self.RUN_CONFIG.THIS_MAC = get_mac_address(iface) # Store current MAC address
File "/usr/bin/wifite", line 1864, in get_mac_address
proc = Popen(['ifconfig', iface], stdout=PIPE, stderr=DN)
File "/usr/lib/python2.7/subprocess.py", line 390, in __init__
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory

[0:00:00] initializing PixieWPS attack on DVW320000 (000000:3E:6B)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!
False
[0:08:20] starting wpa handshake capture on "DVW320000"
[0:08:13] listening for handshake...
(^C) WPA handshake capture interrupted

[+] 47 targets remain
[+] what do you want to do?
[c]ontinue attacking targets
[e]xit completely
[+] please make a selection (c, or e): c

[0:00:00] initializing PixieWPS attack on b0c55400000 (000000:A7:86)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!
False
[0:08:20] starting wpa handshake capture on "b0c554000000"
[0:07:35] listening for handshake...
(^C) WPA handshake capture interrupted

[+] 46 targets remain
[+] what do you want to do?
[c]ontinue attacking targets
[e]xit completely
[+] please make a selection (c, or e): c

[0:00:00] initializing PixieWPS attack on Tupp0000 (0000000:07:00)

[!] unable to complete in 70 seconds
[+] skipping pixiewps on Tuppy Glossop

[+] Pixiewps attack failed!
False
[0:08:20] starting wpa handshake capture on "Tuppy Glo00000"
Traceback (most recent call last):...
File "./wifitemod", line 3164, in
main()
File "./wifitemod", line 333, in main
if wpa_get_handshake(iface, t, ts_clients):
File "./wifitemod", line 1931, in wpa_get_handshake
if has_handshake(target, temp + 'wpa-01.cap.temp'):
File "./wifitemod", line 2152, in has_handshake
valid_handshake = has_handshake_tshark(target, capfile)
File "./wifitemod", line 2054, in has_handshake_tshark
msg = fields[9][0] # The message number (1, 2, 3, or 4)
IndexError: list index out of range

Latest Reaver-mod-t6x works fine manually but not with latest wifite-mod script. Parsing problem maybe? It just keeps going and going with no AP parameters being pulled to use with pixiewps.

[0:00:00] initializing PixieWPS attack on DG1670000 (00000000:27:80)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] PIN found: 76796517

[0:00:00] initializing PixieWPS attack on Wiley0000 (00000000:D7:40)

[!] unable to complete in 75 seconds
[+] skipping pixiewps on WileyRiley

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on DVW320000 (00000000:3E:6B)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on atlantis2010000 (00000000:6D:15)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on 407009EA0000 (00000000:20:20)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] PIN found: 35403876

[0:00:00] initializing PixieWPS attack on DVW3200000 (00000000:A9:5E)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on DG1670000 (00000000:1E:90)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
^C
(^C) Pixiewps attack interrupted

[+] 17 targets remain
[+] what do you want to do?
[c]ontinue attacking targets
[e]xit completely
[+] please make a selection (c, or e): e
Traceback (most recent call last):
File "./wifitemod", line 3148, in
main()
File "./wifitemod", line 324, in main
need_handshake = not wps_attack(iface, t)
File "./wifitemod", line 2930, in wps_attack
send_interrupt(proc)
UnboundLocalError: local variable 'proc' referenced before assignment
root@*****:~/wifite-mod-pixiewps-master#

[0:00:00] initializing PixieWPS attack on LUZ DESIG000000 (000000:C8:30)

[!] unable to complete in 70 seconds
[+] skipping pixiewps on LUZ DESI000000

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on NETGEAR17 (0000000:1C:A5)
[+] E-Nonce found
[+] PKE hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on FULTO000000 (0000000:28:50)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on SprintGa000000 (0000000:82:F6)
^C
(^C) Pixiewps attack interrupted

[+] 2 targets remain
[+] what do you want to do?
[c]ontinue attacking targets
[e]xit completely
[+] please make a selection (c, or e): e
Traceback (most recent call last):
File "./wifitemod", line 3164, in
main()
File "./wifitemod", line 325, in main
need_handshake = not wps_attack(iface, t)
File "./wifitemod", line 2939, in wps_attack
send_interrupt(proc)
UnboundLocalError: local variable 'proc' referenced before assignment

NUM ESSID CH ENCR POWER WPS? CLIENT

1  \x00\x00\x00\x0000   6  WPA2  63db   wps 
2  b0c554a10000           1  WPA2  54db   wps   client
3  We hear you wa0000   6  WPA2  53db   wps 
4  DG1670000            11  WPA2  52db   wps 
5  DVW3200000            1  WPA2  51db   wps 
6  Wiley0000            10  WPA2  50db   wps 
7  Tuppy Glo0000          6  WPA2  50db   Locked 
8  133 K0000               6  WPA2  49db   wps 
9  TG1670000             11  WPA2  48db   wps 

10 atlantis2010000 10 WPA2 46db wps
11 ZOOM 6 WPA2 45db wps
12 DVW3200000 1 WPA2 44db wps
13 906EBBB60000 1 WPA2 44db wps
14 \x00\x00\0000 6 WPA2 44db wps
15 TommyAn0000 6 WPA2 44db wps
16 133 K0000 6 WPA2 44db Locked
17 DG1670000 11 WPA2 43db wps
18 DG1670000 1 WPA2 43db Locked
19 Pand0000 11 WPA2 42db wps
20 ShinySp0000 1 WPA2 42db wps
21 Kirin0000 1 WPA2 42db wps
22 Ony0000 1 WPA2 41db wps
23 TG1670000 1 WPA2 40db wps
24 DG1670000 1 WPA2 38db Locked
25 McP0000 6 WPA2 38db wps
26 PS0000 1 WPA2 38db wps
27 DDW360000 3 WPA 37db wps
28 TG1670000 6 WPA2 37db wps
29 NETGE0000 11 WPA2 37db wps
30 linda'0000 11 WPA2 37db wps

[+] select target numbers (1-30) separated by commas, or 'all': all

[+] 30 targets selected.

[0:00:00] initializing PixieWPS attack on \x00\x00\x00\x000000 (0000:79:0F)

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x00000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x00000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x0000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x00000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x00000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x0000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x00000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\0000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x00000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x00000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x00000

[!] unable to complete successful try in 90 seconds
[+] skipping pixiewps on \x00\x00\x00\x00000

[0:30:16] Waiting

On all targets it just says waiting I am I doing something wrong?? I just used

./wifite-ng --wps

when cracked.txt is opened in leafpad its all machine language. its definitely not ascii.

but if read with GVim, I can read it.

[0:00:00] initializing PixieWPS attack on FULTON EXP000000000 (00000000:28:50)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] PIN found: 36799084
[+] Handing pin to reaver

[0:00:00] initializing WPS PIN attack on FULTON EXP000000000 (00000000:28:50)
[0:00:14] WPS attack, 0/2 success/ttl,

[+] PIN found: 36799084
[+] WPA key found: 0000000000

[0:00:00] initializing PixieWPS attack on ai00000 (0000000:24:65)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on NETG00000(0000000:1C:A5)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on TP-LINK_300000 (0000000:68:60)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on METR000000 (00000000:1B:C1)
^C
(^C) Pixiewps attack interrupted

[+] 5 targets remain
[+] what do you want to do?
[c]ontinue attacking targets
[e]xit completely
[+] please make a selection (c, or e): c

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on LUZ DES000000000 (00000000:C8:30)
[+] E-Nonce found
[+] PKE hash found
^C
(^C) Pixiewps attack interrupted

[+] 4 targets remain
[+] what do you want to do?
[c]ontinue attacking targets
[e]xit completely
[+] please make a selection (c, or e): e
Traceback (most recent call last):
File "./wifitemod", line 3164, in
main()
File "./wifitemod", line 325, in main
need_handshake = not wps_attack(iface, t)
File "./wifitemod", line 2939, in wps_attack
send_interrupt(proc)
UnboundLocalError: local variable 'proc' referenced before assignment

Running wifite with "-mac" parameter raise error:

[+] scanning for wireless devices...
phy1
Traceback (most recent call last):
File "/usr/bin/wifite-ng", line 3296, in
main()
File "/usr/bin/wifite-ng", line 265, in main
iface = get_iface()
File "/usr/bin/wifite-ng", line 1041, in get_iface
mac_anonymize(monitor)
File "/usr/bin/wifite-ng", line 1653, in mac_anonymize
ORIGINAL_IFACE_MAC = (iface, old_mac)
UnboundLocalError: local variable 'old_mac' referenced before assignment

All APs show 'No' when listing even if they are WPS enabled, therefore wifite will not use pixiewps or reaver to crack them.

I've got an infinite waiting no matter the box I use. Why ?

ADD keys

1. -STime Costom Scan point time for for key -All, or add time 30sec
2. Add key -OC OnlyHaveClients , For Scan -WPA
   3 Time wait for -Pixiewps Attak

[0:00:00] initializing PixieWPS attack on DG1670000 (00000000:27:80)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] PIN found: 76796517

[0:00:00] initializing PixieWPS attack on Wiley0000 (00000000:D7:40)

[!] unable to complete in 75 seconds
[+] skipping pixiewps on WileyRiley

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on DVW320000 (00000000:3E:6B)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on atlantis2010000 (00000000:6D:15)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on 407009EA0000 (00000000:20:20)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] PIN found: 35403876

[0:00:00] initializing PixieWPS attack on DVW3200000 (00000000:A9:5E)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on DG1670000 (00000000:1E:90)
[+] E-Nonce found
[+] PKE hash found
[+] PKR hash found
[+] Authkey found
^C
(^C) Pixiewps attack interrupted

[+] 17 targets remain
[+] what do you want to do?
[c]ontinue attacking targets
[e]xit completely
[+] please make a selection (c, or e): e
Traceback (most recent call last):
File "./wifitemod", line 3148, in
main()
File "./wifitemod", line 324, in main
need_handshake = not wps_attack(iface, t)
File "./wifitemod", line 2930, in wps_attack
send_interrupt(proc)
UnboundLocalError: local variable 'proc' referenced before assignment
root@*****:~/wifite-mod-pixiewps-master#

todo possible
auditing wireless routers. I'd like it if least signal strength added to cracked.txt

todo, wishlist ***
if wifite make ALSO a detailed .txt of each router cracked, separate file
-bssid
-essid
-channel
-clients seen
-highest signal strength
-model
-manufacturer
-pin
-passphrase

failed to crack.txt
-bssid
-essid
-channel
-clients seen
-model
-manufacturer
-Enrollee Nonce
-Registrar Nonce
-PKR Public Key
-PKE Public Key

• Auth key
• E-Hash1
• E-Hash2
• list attacks wifite tried

Hi,
Great tool . I have used it plenty of times on Kali 1.0

But on Kali 2.0 it just says

enabling monitor mode on phy1
enabling monitor mode on phy1
enabling monitor mode on phy1

any ideas?

Thank you !

First of all. THanks for this amazing tool
It works fantastic but when I am trying to update it.

I get this error

 [+] downloading update...
Archive:  /tmp/wifiteuHvqaP/wifite-mod-pixiewps-master.zip
c152b715cc7478c71ab1d33dfc68d05fbdc9677c
creating: /tmp/wifiteuHvqaP/wifite-mod-pixiewps-master/
inflating: /tmp/wifiteuHvqaP/wifite-mod-pixiewps-master/LICENSE  
inflating: /tmp/wifiteuHvqaP/wifite-mod-pixiewps-master/README.md  
inflating: /tmp/wifiteuHvqaP/wifite-mod-pixiewps-master/wifite-ng  
rm: cannot remove `update_wifite.sh': Text file busy
[+] Updated
 [+] quitting

So I am not sure what is going on here but on Kali Nethunter wifite-ng fails to crack WPS using pixiewps but when the same attack is attempted by the version of wifite kali nethunter ships with the attack succeeds, wifite-ng gets up to the point where it passes the hashes,authkey and nonce to pixiewps then returns the "pixiewps attack failed" error message. The info on the access point I tested this on is bellow:

Manufacturer: Realtek Semiconductor Corp.
Model Number: EV-2010-09-20

[+] scanning for wireless devices...
phy0
[+] enabling monitor mode on phy0... done
phy0
[+] enabling monitor mode on phy0... done
phy0
[+] enabling monitor mode on phy0... done

endless

any fix ???

from https://github.com/brianpow/wifite
[0:00:43] scanning wireless networks. 33 targets and 6 clients found.
[!] [0:00:23] deauthing hidden access point (00:00:00:00:02:30) with no client
[!] [0:00:23] deauthing hidden access point (00:00:00:00:02:30) with no client
[!] [0:00:23] deauthing hidden access point (00:00:00:00:02:33) with no client
[!] [0:00:23] successfully decloaked "ks000000" (00:00:00:00:46:91)
[!] [0:00:23] deauthing hidden access point (00:00:00:00:A8:10) with client (00:00:00:00:95:C5)
[!] [0:00:23] deauthing hidden access point (00:00:00:00:81:49) with client (00:00:00:00:32:9E)

This awesome, havent ran across any scripts that do this...... pick'd up several routers trying to "hide".
Not saying COPY. Just bringing your attention, get your thoughts

r108
./wifite -ponly -pto 45 -paddto 20 -wpsretry 10 -c1
NUM ESSID CH ENCR POWER WPS? CLIENT

1  TG1600000             1  WPA2  60db   wps 
2  10Cle00000             1  WPA2  50db   wps 
3  DG1000000              1  WPA2  49db   wps 
4   thec0000000           9  WPA2  49db   wps 
5  Cro000000                7  WPA2  49db   wps 
6  FAR00000                3  WPA2  49db   wps 
7  TG1600000             11  WPA2  48db   wps 
8  TC8717TF1              6  WPA2  47db   wps 
9  FiO0000000             1  WPA2  46db   wps 

10 R000000000 11 WPA2 46db wps
11 DG00000000 1 WPA2 45db wps

First pass good. Attack all three. then stuck on first target next runs

./wifite -ponly -pto 60 -padto 20 -endless

[+] select target numbers (1-45) separated by commas, or 'all': 6,29,33

[+] 3 targets selected.
[+] Run 1

[0:00:00] initializing PixieWPS attack on HARBOR0000 (40:70:09:E1:D0:30)
[0:01:01] Waiting...
[!] unable to complete in 60 seconds
[+] skipping pixiewps on HARBOR0000

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on TP-L000000000 (00000000:A7:7C)
[+] E-Nonce found
[+] PKE hash found
[+] Manufacturer: TP-LINK
[+] Model: 1.0 g...
[+] PKR hash found
[+] Authkey found
[+] E-Hash1 found
[+] E-Hash2 found
[+] Cracking using pixiewps...

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on yetishouse (000000000:86:48)
[0:01:01] Waiting...
[!] unable to complete in 60 seconds
[+] skipping pixiewps on yetishouse

[+] Pixiewps attack failed!
[+] Run 2

[0:00:00] initializing PixieWPS attack on HARBOR0000 (0000000:D0:30)
[0:01:01] Waiting...
[!] unable to complete in 60 seconds
[+] skipping pixiewps on HARBOR0000

[+] Pixiewps attack failed!
[+] Run 3

[0:00:00] initializing PixieWPS attack on HARBOR0000 (0000000:D0:30)
[0:01:01] Waiting...
[!] unable to complete in 60 seconds
[+] skipping pixiewps on HARBOR0000

[+] Pixiewps attack failed!
[+] Run 4

[0:00:00] initializing PixieWPS attack on HARBOR0000 (0000000:D0:30)
[0:01:01] Waiting...
[!] unable to complete in 60 seconds
[+] skipping pixiewps on HARBOR0000

[+] Pixiewps attack failed!
[+] Run 5

[0:00:00] initializing PixieWPS attack on HARBOR0000 (0000000:D0:30)
[0:01:01] Waiting...
[!] unable to complete in 60 seconds
[+] skipping pixiewps on HARBOR0000

[+] Pixiewps attack failed!
[+] Run 6

[0:00:00] initializing PixieWPS attack on HARBOR0000 (00000000:D0:30)
^C0:00:04] Waiting...
(^C) Pixiewps attack interrupted
[+] previously cracked access points:
* (_:37:56) : "Key is '_***_' and PIN is '*******'"
DG0000000 (00000000000) : "Key is '8888888888' and PIN is '_****'"

[+] quitting

Currently reaver-wps-fork-t6x supports two default WPS pin generator attacks (dlink and Belkin) so why not add to wifite the ability to try those attacks on a BSSID when wifite sees their OUI?

use
"macchanger -A wlan1" instead plz

-A argument uses known random manufacturer.
-r total made up mac address

-pow is a great filter.

but if -pow is used with any PixieWPS function's. misses some targets.

When it starts initial scan for targets its only 13 to 20 secs, then wps compatibility scan. Doesn't give enough time to scan all potential targets.

needs prompt or just longer initial scan time

./wifite -ponly -pto 75 -paddto 60
.;' ;, .;' ,;';, ;, WiFite v2 (r104) .;' ,;' ,;';, ;,;,
:: :: : ( ) : :: :: automated wireless auditor
':. ':. ':. /\ ,:' ,:' ,:'
':. ':. /\ ,:' ,:' designed for Linux
':. /___\ ,:'
/ \

modified by aanarchyy([email protected])
Credits to wiire,DataHead,soxrok2212,nxxxu,nuroo

[+] Pixiewps attack only enabled
[+] pixie attack timeout set to 75 seconds
[+] Seconds to add on hash retrevial 60 seconds
............................................
[0:00:00] initializing PixieWPS attack on air0000 (0000000:24:65)
[+] E-Nonce found for hashes
[+] PKE hash foundfor hashes
[+] PKR hash foundfor hashes
[+] Authkey found for hashes
[0:01:16] Waiting for hashes
[!] unable to complete in 75 seconds
[+] skipping pixiewps on ai0000

[+] Pixiewps attack failed!

[0:00:00] initializing PixieWPS attack on Hi000000 (0000000:70:2E)
[+] E-Nonce found for hashes
[+] PKE hash foundfor hashes
[+] PKR hash foundfor hashes
[+] Authkey found for hashes
[0:01:16] Waiting for hashes
[!] unable to complete in 75 seconds
[+] skipping pixiewps on HiB000000

Script did wait for -pto, but didnt add extra time -paddto 60 secs.

i like the confirmations given thats these options are given.

Not sure if this is where this goes;

filter: -p<20 to exclude network with power below 20dB etc
List number of clients for each wireless AP, instead of just the word "CLIENT(S)"

Hope to see these features added in the future. :)

this is new. b4 this version, the model and manufacturer where always correct. Should only be listed once during attack.

[0:00:00] initializing PixieWPS attack on HA0000000 (000000000:D0:30)
[+] E-Nonce found
[+] PKE hash found
[+] Manufacturer: Celeno Communication, Inc.
[+] Model: CL1800 .
[+] Serial: 12345678
[+] PKR hash found
[+] Authkey found
[+] Manufacturer: Celeno Communication, Inc.
[+] Model: CL1800 .
[+] Serial: 12345678
[+] Manufacturer: Celeno Communication, Inc.
[+] Model: CL1800 .
[+] Serial: 12345678
[+] Manufacturer: Celeno Communication, Inc.
[+] Model: CL1800 .
[+] Serial: 12345678
[+] Manufacturer: Celeno Communication, Inc.
[+] Model: CL1800 .
[+] Serial: 12345678
[+] Manufacturer: Celeno Communication, Inc.
[+] Model: CL1800 .
[+] Serial: 12345678
[+] Manufacturer: Celeno Communication, Inc.
[+] Model: CL1800 .
[+] Serial: 12345678
[+] Manufacturer: Celeno Communication, Inc.
[+] Model: CL1800 .
[+] Serial: 12345678
[0:02:21] Waiting...
[!] unable to complete in 140 seconds
[+] skipping pixiewps on HA0000000

Guys, I'm having this issue.

Each time I press CTRL+C to stop scanning, wifite quits

 [+] scanning (mon0), updates at 5 sec intervals, CTRL+C when ready.

   NUM ESSID                 CH  ENCR  POWER  WPS?  CLIENT
   --- --------------------  --  ----  -----  ----  ------
    1  ARRIS******             1  WPA2  16db    no 
    2  DDia********           1  WPA2  15db    no 
    3  Fami********         1  WPA2  12db   wps   client
    4  famil********          1  WPA2  12db    no 

^C0:00:08] scanning wireless networks. 4 targets and 1 client found   

 (^D) interrupted

 [+] disabling monitor mode on mon0... done
 [+] quitting

I'm using:

• Ubuntu 12.04.3 x86
• Python 2.7.3

Tried from the same machine and via SSH from 2 different computers but still the same.

I would appreciate your help.

Thanks in advance!

In r104 only:
mac address anonymizing enabled

I liked the spoofed mac being displayed like previous versions. Why change? Your choice of course.

While script was running, in another terminal window I ran macchanger to check mon0.
macchanger mon0:
Permanent MAC: 00:00:00:00:11:5g (xxxx, Inc.)
Current MAC: 00:00:00:00:11:5g (xxxx, Inc.)
***** meaning true mac address is actually being used while attacking access point *****

As instructed by the script mon0 was not already active b4 running script

This is procedure I use to insure mon0 is truly spoofed or random, ex wlan1
ifconfig wlan1 down
macchanger -r wlan1
Permanent MAC: 00:00:00:00:11:5g (xxxx, Inc.)
Current MAC: 00:11:00:11:00:11 ( example random)
ifconfig wlan1 up

airmon-ng start wlan1

ifconfig mon0 down
macchanger -m 00:11:00:11:00:11 mon0
Permanent MAC: 00:00:00:00:11:5g (xxxx, Inc.)
Current MAC: 00:11:00:11:00:11 (example random)
ifconfig mon0 up

Then still use --mac=00:11:00:11:00:11 in any reaver commands
Then still use -h 00:11:00:11:00:11 in any aireplay-ng commands

both programs will still use the real mac address of attacking wifi card if only macchanger -r on physical interface.

test for yourself or ask on forums.

Count down ideal for time used in -pixiet

But if not just use the same time coding for wps pin attack, counting up till -pixiet
or
same coding the timer uses while searching for access points but set to -pixiet

Is there anyway to configure wifite to use force -f on pixie wsp attack ?
the issue is that some networks pixie-wps can not crack them if -f option is not active .
an automated script on wifite could be usefull .
Something like this

If pixie-wps unable to get pin on normal cracking mode , then test "Brute force" option .
and then if brute force fails then starts the handshake capture like it usually do .

thanks for the changes in wifite .

Against 2 access points I've come across, the pixie attack succeeds, but reaver is able to get the pass phrase. I've waited 10 mins or more sometimes. end up ctrl C'ing

Script will keep trying pin for timeout 660 sec, But pin is not written to cracked file.

Could be router locks, unsure of the cause.

-2, --two Show scanning result in two columns.
from the brianpow/wifite fork.

use a netbook on the road, has a smaller screen.

Just another possible todo, but at least the code is already written for this one.

I have wofite installed in my /usr/bin folder, and any time I update with "wifite -update" the one in /usr/bin is deleted, and the new one is placed at my home folder. I'm not sure if this is supposed to happen or not.

Keep up the good work!