WPS attack stuck on "retrieving PSK"

[LowSkillDeveloper]

I ran wifite and left for a long time. However, when I returned. I saw that he was already stuck on “retrieving psk” for 6 hours. This is not the first time. This happens with some points. It looks like timeouts do not work when this command is executed. When I manually canceled CTRL + C, wifite continued to work as usual. Please fix it. It seems that this happens when he cannot get the password via wps.

[LowSkillDeveloper]

Other point. It happened again, stuck in the same place for 20 minutes. I manually skip this point.

[Czechball]

You should use Reaver instead of Bully...

[LowSkillDeveloper]

You should use Reaver instead of Bully...

How? It is installed. And as I understand it, it is used. When sending eapol or m2 / running pixiewps. But when receiving a password from wifi via wps, it automatically starts using "bully".

In arguments, it is only possible the other way around to force the use of "bully" in this attack.

[LowSkillDeveloper]

Check on the vulnerable point. I think you also use Reaver to attack, and use Bully to get the password from the point via wps.

In any case, the problem is that the timeouts that exist in wifite (--wps-time [sec]) do not work when the password is receiving, and if you don’t manage to get the password, it goes into an eternal process.

[murphy667]

same problem here...bully will not work for getting psk. when trying bully seperately with -B -p "pin" argument also not working. when trying reaver seperately with -p "pin" argument it is working just fine.

is there a way to force wifite to use reaver for receiving the psk instead of bully?

[creited]

Can anyone help on how to force wfite to use reaver?

[LowSkillDeveloper]

creited, transition to the reaver most likely will not solve the problem, you need to have a timeout when you receive the password, for example, 5 minutes and wifite stops trying to get the password and crossed to the next attack.

[LowSkillDeveloper]

However, it is not clear why bully is used to get a password, because reaver has such a function to.

[creited]

I see... So, what is the suggestion to have this feature fixed?

[zoffixznet]

I see... So, what is the suggestion to have this feature fixed?

Looks like both, have an option to timeout the retrieving PSK stage, to avoid these hangs and an option to use reaver for that stage.

But if choosing between two, timeout would be better, since that way you don't stop wifite indefinitely no matter what tool is used.

EDIT: actually, maybe the option to use reaver is not needed. But rather the current --reaver and --bully options should be respected in this step?

[devilsnare007]

Just wanted to share my workaround for this issue in case someone else is also stuck trying to get the PSK passphrase after Wifite cracks the WPS PIN (tested on kali 2020.4):

1. Create the file wpa_supplicant.conf file ( sudo nano /etc/wpa_supplicant.conf) and enter the following lines:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
update_config=1	

Then run the following commands - run command 3 in separate terminal

2. sudo airmon-ng start wlan0 (if not in monitor mode already, enable monitor mode)
3. sudo wpa_supplicant -Dnl80211 -iwlan0mon -c/etc/wpa_supplicant.conf
4. sudo wpa_cli -iwlan0mon wps_reg XX:XX:XX:XX:XX:XX 12345678  (sudo wpa_cli -iwlan0mon <BSSID> <CRACKED-PIN>)
5. sed -n '/SSID/,/}/p' /etc/wpa_supplicant.conf    (sed -n '/SSID/,/}/p' <fileName>)

Read the PSK key from sed output in terminal -- this process can also be done in python via popen -- technically can be incorporated into WiFite itself. Hope this helps!