iot device transmits plaintext wifi password & essid - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: General Talk (https://hashcat.net/forum/forum-33.html) +--- Thread: iot device transmits plaintext wifi password & essid (/thread-10916.html) |
iot device transmits plaintext wifi password & essid - Kwiss - 07-30-2022 So I found out that my "smart" lights actually transmit the set wifi password & essid, when the said access point is out of range(off). Looking at the hcxpcapngtool outputs, I immediately spotted the old access point details. How common is that? Do you guys stumble on this a lot? I believe these lights have Esspresif 8266 Wi-Fi chips. Are they all vulnerable? Did Hcxdumptool did something impressive? And how do I find out? I'm quite new to this, does it make sense to have a look in the capture file and look if it's there in plaintext? (that would be with Wireshark I think?) Sorry for all the questions, google seems especially not helpful when it is about wifi security. When I type in anything in combination with Iot devices, I only get the standard run-of-the-mill news articles RE: iot device transmits plaintext wifi password & essid - Snoopy - 08-01-2022 well you could do some research yourself by trying to change your password and essid, try hiding your ssid/essid and see what happens when you sniff again what kind of "smart" lights we are talking about? RE: iot device transmits plaintext wifi password & essid - ZerBea - 08-02-2022 Detect a weak point - precisely for this purpose the tools (hcxdumptool, hcxlabtool series and hcxtools) were developed. Regardless of whether the target is an ACCESS POINT or a CLIENT (regardless of whether they are connected to each other or not), hcxdumptool /hcxlabtool series) retrieves all available information from it and hcxpcapngtool convert this information to a format accepted by hashcat or JtR. More information is here: https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 Information about the PMKID attack vector is here: https://hashcat.net/forum/thread-7717.html a nice example is here: https://github.com/evilsocket/pwnagotchi/issues/835#issuecomment-598597214 In addition to that RKG (https://github.com/routerkeygen) and hcxpsktool calculate some more (default) weak passwords which are based directly on the target. Both tools are based on deep analysis of wpa-sec (https://wpa-sec.stanev.org) submissions. The entire development history (start from the point when Atom persuaded me to go open source, like hashcat) is here: https://hashcat.net/forum/thread-6661.html BTW: I fully agree, tshark and Wireshark should be the first choice to analyze dumped unfiltered(!) traffic. |