New 22000 mode is USELESS GARBAGE - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: New 22000 mode is USELESS GARBAGE (/thread-10805.html) Pages:
1
2
|
RE: New 22000 mode is USELESS GARBAGE - Snoopy - 05-31-2022 maybe its just the same old opencl 1.2 problem @listbunny what is the outpt of hashcat -I if it tells you pocl 1.2 or anything else below 2.0 thats your problem RE: New 22000 mode is USELESS GARBAGE - lispustynny - 06-03-2022 My laptop says OpenCL 2.0 pocl 1.8 yet it was able to crack the example when the correct hash was provided, and my desktop got always newest CUDA so I don't think this is the reason. I think I need to just debug this by tiny little steps, something is still off. Feel free to throw at me some docs and references or even books that I may need to know. It may take me some time, but this bugs me like hell and I just have to figure it out. Today I was running hcxdumptool with filtered the same mac as before for an entire day, and it didn't cap anything except the basic wildcard beacons. I've checked it via wireshark and there was just nothing else. Yesterday I have managed to actually crash my router a few times, so there is also some nasty DOS possible because the router software seems kinda bugged too. I will have a lot of stuff to research but maybe at least I will learn something new. RE: New 22000 mode is USELESS GARBAGE - ZerBea - 06-03-2022 BTW: A good wordlist: https://3wifi.stascorp.com/3wifi-dic-2022-03-03.7z updated every three month and announced here: https://3wifi.stascorp.com/ as well as this small ones (updated several times a day): https://wpa-sec.stanev.org/dict/cracked.txt.gz https://wpa-sec.stanev.org/dict/rkg.txt.gz recovered from uploaded dump files here: https://wpa-sec.stanev.org RE: New 22000 mode is USELESS GARBAGE - rk3y - 01-03-2023 Hi! this may sound stupid but how can i get the protect.bpf have a list with multiple SSIDs? Is it (1) Concat with: not wlan addr1 AP1 or not wlan addr2 AP1 > protect.bpfc; not wlan addr1 AP2 or not wlan addr2 AP2 >> protect.bpfc where APx is the format (aa22ddcceedd) When I do a rca scan the bpfc filter only works if i am using only one protected AP - for multiple i am unable to get it working. rca scan with multiples in bpfc still shows all procted APs. thank you very much ! RE: New 22000 mode is USELESS GARBAGE - ZerBea - 01-03-2023 The key word is "and" because you want to protect MAC addr1 and MAC addr2 and MAC addrX. Code: create BPF to protect a MAC example: AP1 = 11:22:33:44:55:66 AP2 = 22:22:33:44:55:66 AP3 = 33:22:33:44:55:66 sudo tcpdump -i wlp3s0f0u1 not wlan addr3 11:22:33:44:55:66 and not wlan addr3 22:22:33:44:55:66 and not wlan addr3 33:22:33:44:55:66 > -ddd > own.bpfc This BPF protect all frames containing BSSID in ADDR 3 field. sudo tcpdump -i wlp3s0f0u1 not wlan addr3 11:22:33:44:55:66 and not wlan addr3 22:22:33:44:55:66 and not wlan addr3 33:22:33:44:55:66 and not wlan addr2 11:22:33:44:55:66 and not wlan addr2 22:22:33:44:55:66 and not wlan addr2 33:22:33:44:55:66 > -ddd > own.bpfc This BPF protect all frames containing BSSID in addr2 and addr3 field. It is important to understand the purpose of the address fields to code a BPF. If an AP transmit you can expect its MAC in addr2 and addr3 but never in addr1. The address fields are explained here: https://www.researchgate.net/figure/80211-MAC-address-content_fig2_220205363 RE: New 22000 mode is USELESS GARBAGE - rk3y - 01-03-2023 thank you so much! After several years trying and testing with hcx tools I am still impressed by your supportness and kindness. Keep up the great work and spirit. Happy new year to you all. RE: New 22000 mode is USELESS GARBAGE - ZerBea - 01-03-2023 You're welcome. BTW: The usage of the address fields in MAC header depend on the type of the frames: https://howiwifi.com/2020/07/13/802-11-frame-types-and-formats/ Some frames only use addr1, some frames only use addr1 and addr2, some frames use addr1, addr2 and addr3 and some frames use addr1 - addr4. If you want to protect a CLIENT you have to use addr2 to protect it. Please notice that the BPF will fail if MAC randomization is in use. Most of the CLIENTs use MAC randomization because it prevent tracking. Unfortunately it also prevent that you can protect this CLIENTs. RE: New 22000 mode is USELESS GARBAGE - evets97 - 01-04-2023 (01-03-2023, 07:57 PM)ZerBea Wrote: You're welcome. Please know that your advanced knowledge and generosity in the sharing of it do not go unrecognized. You truly are some kind of "cyber-hero". Thank You! (Vielen danke!) |