Long time reader, first time 'How To' poster. This tutorial has been highly requested. Here are the steps to perform a Pixie Dust attack to crack a WiFi password that has WPS enabled. Please note, this attack is very specific in nature. I've had a lot of success running this attack against Ralink and RealTek chipsets. And very spotty success against Broadcom chipsets. This might not work against all routers, but is definitely worth trying before using a brute force attack against WPS Let's Begin!!!

Step 1: Download All Dependencies It's important to download all dependencies from the repository before proceeding with the attack. Kali Linux includes some of these, but if you're using another flavor of Linux, it may not. So let's go through all of them. First, type into the terminal: apt-get update Then: apt-get install build-essential apt-get install libpcap-dev apt-get install sqlite3 apt-get install libsqlite3-dev apt-get install pixiewps I like to do each download individually as I've had issues in the past trying to download all at once.

Step 2: Clone the GitHub This attack works by using a fork of Reaver. We'll need to download, compile, and install the fork. Let's begin: git clone https://github.com/t6x/reaver-wps-fork-t6x

Step 3: Installation From your pwd, type... cd reaver-wps-fork-t6x/ cd src/ ./configure make make install or 'sudo make install' if you're not logged in as 'root'

Step 4: Monitor Mode Put your interface into monitor mode using 'airmon-ng start {wireless interface} Check out our list of Kali compatible wireless networks. Image by SADMIN/Null Byte Need a wireless network adapter? Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2017 For this to work, we'll need to use a compatible wireless network adapter. Check out our 2017 list of Kali Linux and Backtrack compatible wireless network adapters in the link above, or you can grab our most popular adapter for beginners here.

Step 5: Find a Target The easiest way to find a target with WPS enabled is 'wash -i {monitor-interface}' Gather the BSSID and channel # for the router you want to attack. Make sure you have a strong signal before attempting this attack.

Step 6: Launch the Attack Once you have all the information, simply type in the following command: reaver -i {monitor interface} -b {BSSID of router} -c {router channel} -vvv -K 1 -f

Step 7: Ta-Da! There's the password! Again, this attack won't work against all routers, but it is definitely more effective than a brute force attack (Pixie Dust: maximum 30 minutes vs Brute Force: minutes to DAYS!) If you're looking for a cheap, handy platform to get started working with the pixie dust attack, check out our Kali Linux Raspberry Pi build using the $35 Raspberry Pi. Get started on the Kali Pi. Image by SADMIN/Null Byte Get Started Hacking Today: Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux That's all for now!