top of page
  • Writer's pictureotw

Cracking WPS Pin with Bully

Updated: Dec 28, 2022

Welcome back, my nascent hackers!

Like anything in life, there are multiple ways of getting a hack done. In fact, good hackers usually have many tricks up their sleeve to hack into a system. If they didn't, they would not usually be successful. No hack works on every system and no hack works all of the time.

​I have demonstrated many ways to hack Wi-Fi here on Hackers-Arise, including cracking WEP and WPA2 passwords and creating an Evil Twin and Rogue AP. Recently, a new WPS-hacking tool has appeared on the market and is included in our Kali hacking distribution. It's name, appropriately, is Bully.

Why WPS Is So Vulnerable

WPS stands for Wi-Fi Protected Setup and was designed to make setting a secure AP simpler for the average homeowner. First introduced in 2006, by 2011 it was discovered that it had a serious design flaw. The WPS PIN could be brute-forced rather simply.

With only 7 unknown digits in the PIN, there are just 9,999,999 possibilities, and most systems can attempt that many combinations in a few hours. Once the WPS PIN is discovered, the user can use that PIN to find the WPA2 preshared key (password). Since a brute-force attack against a WPA2 protected AP can take hours to days, if this feature is enabled on the AP and not upgraded, it can be a much faster route to getting the PSK.

The Keys to Success

It's important to note, though, that new APs no longer have this vulnerability. This attack will only work on APs sold during that window of 2006 and early 2012. Since many families keep their APs for many years, there are still many of these vulnerable ones around.

If you aren't familiar with wireless hacking, I strongly suggest that you read my introduction on the Aircrack-ng suite of tools. In addition, make certain that you have an Aircrack-ng compatible wireless card, otherwise this will simply be an exercise in frustration.

Let's start by firing our favorite hacking Linux distribution, Kali. Then open a terminal that looks like this:

​​To make certain we have some wireless connections and their designation, we can type:

kali > iwconfig

As we can see, this system has a wireless connection designated wlan0. Yours may be different, so make certain to check.

Step 2 Put Your Wi-Fi Adapter in Monitor Mode

The next step is to put your Wi-Fi adapter in monitor mode. This is similar to promiscuous mode on a wired connection. In other words, it enables us to see all the packets passing through the air past our wireless adapter. We can use one of the tools from the Aircrack-ng suite, Airmon-ng, to accomplish this task.

kali > airmon-ng start wlan0

Next, we need to use Airodump-ng to see the info on the wireless AP around us.

kali > airodump-ng mon0

As you can see, there are several APs visible to us. I'm interested in the first one: "Mandela2." We will need its BSSID (MAC address), its channel, and its SSID to be able to crack its WPS PIN.

Step 3 Use Airodump-Ng to Get the Necessary Info

Finally, all we need to do is to put this info into our Bully command.

kali > bully mon0 -b 00:25:9C:97:4F:48 -e Mandela2 -c 9

Let's break down that command to see what's happening.

mon0 is the name of the wireless adapter in monitor mode.

--b 00:25:9C:97:4F:48 is the BSSID of the vulnerable AP.

-e Mandela2 is the SSID of the AP.

-c 9 is the channel the AP is broadcasting on.


All of this information is available in the screen above with airodump-ng.

Start Bully

When we hit enter, Bully will start to try to crack the WPS PIN.

Now, if this AP is vulnerable to this attack, bully will spit out the WPS PIN and the AP password within 3 to 5 hours.

1,920 views2 comments

Recent Posts

See All

2 תגובות

03 בינו׳ 2023

Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…


21 בדצמ׳ 2022

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, and you can text, call him on whatsapp…

bottom of page