New attack on WPA/WPA2 using PMKID
(08-04-2018, 06:50 PM)atom Wrote: In this writeup, I'll describe a new technique to crack WPA PSK (Pre-Shared Key) passwords.

In order to make use of this new attack you need the following tools:
......

I played around with hcxdumptool this weekend and absolutely love it. Such a great tool, that I decided to use it in a project I had started about a week ago to automate capturing 4way handshakes as well as PMKID hashes.  Thank you atom for posting this! 60d 5p33d!

https://github.com/eliddell1/FistBump/bl.../README.md
When i start hcxdumptool on a specific mac addrress in filter.txt it starts to try all networks around me.
How can i lock it to only one target?
(10-30-2018, 02:04 PM)SoulScavenger Wrote: When i start hcxdumptool on a specific mac addrress in filter.txt it starts to try all networks around me.
How can i lock it to only one target?

I can't seem to utilize the filter list black or white correctly either. Thank you for any information.
This questions are allready answered:
https://hashcat.net/forum/thread-7717-po...l#pid41863
https://hashcat.net/forum/thread-7717-po...l#pid41864

To understand hcxtools and hcxdumptool read this complete thread:
https://hashcat.net/forum/thread-7717.html
and that complete thread:
https://hashcat.net/forum/thread-6661.html
(08-06-2018, 06:09 PM)lint Wrote: From what it seems, this is going to be huge!

The question I think a lot people will ask: Is this attack viable (future) on non-PSK networks?

I tried at my own (radius/wpa-enterprise) network, just to check, and as expected it failed miserably.

Why does it fail?
For sure this attack must fail on a RADIUS server. The authentication is done by the RADIUS authentication server (not by the router). This provides additional security. Various kinds of the Extensible Authentication Protocol (EAP) are used for the authentication, some older versions of them are attackable by the combination of hcxdumptool, hcxpcaptool and hashcat:
--netntlm-out=<file>              : output netNTLMv1 file (hashcat -m 5500, john netntlm)
--md5-out=<file>                  : output MD5 challenge file (hashcat -m 4800)

hcxdumptool is able to capture them and hcxpcaptool is able to detect most of them.

For example:


file name....................: hashmodes.cap
file type....................: pcap 2.4
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_IEEE802_11 (105)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 54198
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 52
WDS packets..................: 4
beacons (with ESSID inside)..: 29813
probe requests...............: 1191
probe responses..............: 3034
association requests.........: 85
EAPOL packets................: 189
EAPOL PMKIDs.................: 3
EAP packets..................: 15204
EAP START packets............: 2164
IPv4 packets.................: 16
GRE packets..................: 16
found........................: EAP type ID
found........................: MD5-Challenge
found........................: EAP-TLS Authentication
found........................: EAP-Cisco Wireless Authentication
found........................: EAP-SIM (GSM Subscriber Modules) Authentication
found........................: PEAP Authentication
found........................: WPS Authentication
found........................: PPP-CHAP Authentication
best handshakes..............: 7 (ap-less: 0)

Get more informations about the EAP types here:
https://www.vocal.com/secure-communication/eap-types/
https://www.intel.com/content/www/us/en/...rking.html


BTW:
I haven't seen any feature requests for hashcat to add more EAP versions, yet.
(11-07-2018, 06:10 PM)codeme Wrote: Why does it fail?
From what I understand, for you to get past the authentication stage you have to beat the EAP negotiation, that's were we stop at. In WPA-PSK you just have to break PBKDF2, Enterprise is a different story.

While WPA-PSK rely only on simmetric/hash initiatives, WPA-Enterprise/802.1x rely on PKI credentials (well, it relies on radius, which does that in turn), therefore you have to go somewhere akin to breaking a x509 certificate to be able to beat it. No go.

I suspect that when you enable fast transitions on an Enterprise network AP it just turns out moot, at least that's what happened here.
(11-07-2018, 06:42 PM)ZerBea Wrote: BTW:
I haven't seen any feature requests for hashcat to add more EAP versions, yet.
Dang, just saw your reply now.

Is there any utility at capturing non-PBKDF2 negotiations?

I use 802.1x+EAP PWD, but I don't see much of a point for hcxdumptool to recognize it if we can't do anything with.. I'd like to see, but on the other hand it would just clutter the capture file.
I don't see any chances to crack PKI credentials or GSM/UMTS subsciber modules or certificates (TLS).
That's one of the reasons, why I don't parse them.
TACACS+ was the last authentication algorithm I've been asked for, to parse to hashcat:
--tacacsplus-out=<file> : output TACACS+ authentication file (hashcat -m 16100, john tacacs-plus)
But TACACS+ is very old, too.

Is there any utility to capture non-PBKDF2 negotiations?
802.11 related: yes - hcxdumptool
detection: yes - hcxpcaptool

Get examples from here:
https://wiki.wireshark.org/SampleCapture...FC_2865.29

$ hcxpcaptool -V radius_localhost.pcapng
summary:
file name....................: radius_localhost.pcapng
file type....................: pcapng 1.0
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_NULL (0)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 19
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 0
IPv4 packets.................: 19
UDP packets..................: 19
found........................: RADIUS Authentication
(11-07-2018, 07:05 PM)lint Wrote:
(11-07-2018, 06:10 PM)codeme Wrote: Why does it fail?
From what I understand, for you to get past the authentication stage you have to beat the EAP negotiation, that's were we stop at. In WPA-PSK you just have to break PBKDF2, Enterprise is a different story.

While WPA-PSK rely only on simmetric/hash initiatives, WPA-Enterprise/802.1x rely on PKI credentials (well, it relies on radius, which does that in turn), therefore you have to go somewhere akin to breaking a x509 certificate to be able to beat it. No go.

I suspect that when you enable fast transitions on an Enterprise network AP it just turns out moot, at least that's what happened here.

Thank you !!

But during your test, did you recover the RSN PMKID? I did, i.e. hcxdumptool correctly captured EAPOL frame 1 of 4. Does that mean that the PKMID is just encrypted garbage in this case?