10-03-2017, 04:02 PM
advanced wpa cracking: Entering the "royal class"
needed tools:
combinator3 (hashcat-utils)
wlancap2hcx (hcxtools)
wlangenpmk or wlangenpmkocl (hcxkeys)
hashcat (hashcat)
1) download demo caps from here:
https://github.com/magnumripper/JohnTheR...n.pcap.zip
https://github.com/magnumripper/JohnTheR...c.pcap.zip
and unzip them.
2) create 3 txt files:
file1, file2 and file3
and:
write this 4 essids to file1:
default
hello
home
networkname
and:
write this delimiter to file2:
:
and:
write this 4 demo passwords to file3:
password
12345678
mypassword
test1234
3) use combinator3 to create the psklist
combinator3 file1 file2 file3 > psklist
4) use wlangenpmkocl or wlangenpmk to create the pmklist
$ wlangenpmk -I psklist -a pmklist
16 plainmasterkeys generated, 0 password(s) skipped
5) use wlancap2hcx to convert the pcaps
$ wlancap2hcx -O test.hccapx *.pcap
start reading from normal-wpa-traffic.pcap
5 packets processed (0 wlan, 5 lan, 0 loopback)
total 2 usefull wpa handshakes
found 2 handshakes without ESSIDs (use hashcat -m 2501)
found 2 WPA2 AES Cipher, HMAC-SHA1
start reading from WPA-PSK-SHA256-session.pcap
28 packets processed (0 wlan, 28 lan, 0 loopback)
total 12 usefull wpa handshakes
found 12 handshakes without ESSIDs (use hashcat -m 2501)
found 12 WPA2 AES Cipher, AES-128-CMAC
6) use hashcat to crack them
$ hashcat -m 2501 --logfile-disable --potfile-path=hashcat.2501.pot --outfile-format=2 -o foundhashcat.2501 test.hccapx pmklist
hashcat (4.0.0-rc2) starting...
Session..........: hashcat
Status...........: Cracked
Hash.Type........: WPA/WPA2 PMK
Hash.Target......: test.hccapx
Time.Started.....: Tue Oct 3 15:34:39 2017 (0 secs)
Time.Estimated...: Tue Oct 3 15:34:39 2017 (0 secs)
Guess.Base.......: File (pmklist)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 0 H/s (0.00ms)
Recovered........: 11/11 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 16/16 (100.00%)
Rejected.........: 0/16 (0.00%)
Restore.Point....: 0/16 (0.00%)
Candidates.#1....: b9d4.... -> 83c0....
Don't wonder about the different values (wlancap2hcx = 2+12 handshakes, hashcat only 11 handshakes).
wlancap2hcx doesn't make a dupe check on hashcat -m 2501 mode.
needed tools:
combinator3 (hashcat-utils)
wlancap2hcx (hcxtools)
wlangenpmk or wlangenpmkocl (hcxkeys)
hashcat (hashcat)
1) download demo caps from here:
https://github.com/magnumripper/JohnTheR...n.pcap.zip
https://github.com/magnumripper/JohnTheR...c.pcap.zip
and unzip them.
2) create 3 txt files:
file1, file2 and file3
and:
write this 4 essids to file1:
default
hello
home
networkname
and:
write this delimiter to file2:
:
and:
write this 4 demo passwords to file3:
password
12345678
mypassword
test1234
3) use combinator3 to create the psklist
combinator3 file1 file2 file3 > psklist
4) use wlangenpmkocl or wlangenpmk to create the pmklist
$ wlangenpmk -I psklist -a pmklist
16 plainmasterkeys generated, 0 password(s) skipped
5) use wlancap2hcx to convert the pcaps
$ wlancap2hcx -O test.hccapx *.pcap
start reading from normal-wpa-traffic.pcap
5 packets processed (0 wlan, 5 lan, 0 loopback)
total 2 usefull wpa handshakes
found 2 handshakes without ESSIDs (use hashcat -m 2501)
found 2 WPA2 AES Cipher, HMAC-SHA1
start reading from WPA-PSK-SHA256-session.pcap
28 packets processed (0 wlan, 28 lan, 0 loopback)
total 12 usefull wpa handshakes
found 12 handshakes without ESSIDs (use hashcat -m 2501)
found 12 WPA2 AES Cipher, AES-128-CMAC
6) use hashcat to crack them
$ hashcat -m 2501 --logfile-disable --potfile-path=hashcat.2501.pot --outfile-format=2 -o foundhashcat.2501 test.hccapx pmklist
hashcat (4.0.0-rc2) starting...
Session..........: hashcat
Status...........: Cracked
Hash.Type........: WPA/WPA2 PMK
Hash.Target......: test.hccapx
Time.Started.....: Tue Oct 3 15:34:39 2017 (0 secs)
Time.Estimated...: Tue Oct 3 15:34:39 2017 (0 secs)
Guess.Base.......: File (pmklist)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 0 H/s (0.00ms)
Recovered........: 11/11 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 16/16 (100.00%)
Rejected.........: 0/16 (0.00%)
Restore.Point....: 0/16 (0.00%)
Candidates.#1....: b9d4.... -> 83c0....
Don't wonder about the different values (wlancap2hcx = 2+12 handshakes, hashcat only 11 handshakes).
wlancap2hcx doesn't make a dupe check on hashcat -m 2501 mode.