hashcat Forum
WPA/WPA2 PMK mode (2501) - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: WPA/WPA2 PMK mode (2501) (/thread-7337.html)

Pages: 1 2 3

WPA/WPA2 PMK mode (2501) - Kangaroot - 03-02-2018

WPA/WPA2 PMK mode (2501) - is this mode no longer supported by Hashcat? I thought this mode was designed to speed up cracking hashes by pre-calculating PMK for given SSID and a list of pass phrases, so then can be used along with dictionary that will run quicker.

Here is some information I have found:

"We can speed this up by pre-calculating the Pre-Shared Key, also called the Pairwise Master Key (PMK) in the 802.11 standard parlance. It is important to note that, as the SSID is also used to calculate the PMK, with the same passphrase but a different SSID, we would end up with a different PMK. Thus, the PMK depends on both the passphrase and the SSID."

RE: WPA/WPA2 PMK mode (2501) - Kangaroot - 03-02-2018

genpmk (PMK generator) is still can be found in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux and can be used along with cowpatty to wpa/wpa2, but I doubt cowpatty support GPU usage as Hashcat does.

RE: WPA/WPA2 PMK mode (2501) - philsmd - 03-02-2018

If you run hashcat --help (with the latest version of hashcat) you will see that 2501 is supported and within the output.

you can use hcxtools from https://github.com/ZerBea/hcxtools (wlancap2hcx -f pmks.txt caputure.cap)

RE: WPA/WPA2 PMK mode (2501) - Kangaroot - 03-02-2018

philsmd, apparently I don't have latest version then Sad

RE: WPA/WPA2 PMK mode (2501) - Kangaroot - 03-02-2018

hashcat --version returns pull/1273/head

2501 is definitely missing, so I assume I have older version.

How do I update it, please?

RE: WPA/WPA2 PMK mode (2501) - ZerBea - 03-02-2018

wlangenpmkocl is the choice to precalculate PMKs for hashcat:

$ wlangenpmkocl -h
wlangenpmkocl 4.0.1 (C) 2018 ZeroBeat
usage: wlangenpmkocl <options>

-e <essid> : input single essid (networkname: 1 .. 32 characters) requires -p
-p <password> : input single password (8 .. 63 characters) requires -e
-i <file> : input passwordlist
-I <file> : input combilist (essid:password)
-a <file> : output plainmasterkeys as ASCII file (hashcat -m 2501)
-A <file> : output plainmasterkeys:password as ASCII file
-c <file> : output cowpatty hashfile (existing file will be replaced)
-P <platform> : input platform, default 0 (first platform)
-D <device> : input device, default 0 (first device)
-l : list device info
-h : this help

RE: WPA/WPA2 PMK mode (2501) - Kangaroot - 03-02-2018

Where can I find wlangenpmkocl?

RE: WPA/WPA2 PMK mode (2501) - ZerBea - 03-02-2018


RE: WPA/WPA2 PMK mode (2501) - Kangaroot - 03-03-2018

Can anyone help to find more info about this? I have tried to generate genpmk file in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and it took me hours to generate rockyou list with specific SSID, when in it takes 35 seconds to run on 2500 on hashcat. So what is the point of 2501? As far as I understoond it should save time on cracking passes, but it doesn't because takes ages to generate pmk file.

RE: WPA/WPA2 PMK mode (2501) - ZerBea - 03-03-2018

Maybe you're doing something wrong:

$ time wlangenpmkocl -e networkname -i rockyou -A pmklist
using: GeForce GTX 1080 Ti
9612471 plainmasterkeys generated, 4734589 password(s) skipped

real 0m45,772s
user 0m38,581s
sys 0m7,137s

skipped passwords are < 8 or > 63 chars

Main purpose for me is to verify allready retrieved PSKs on new incomming caps.
(in an extreme fast way, using nonce-error-corrections=128 in combination with hashcat's --remove to cleanup my database).
For that purpose I calculated a PMK list from hashcat's -m 2500 potfile.