hashcat Forum
New attack on WPA/WPA2 using PMKID - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: New attack on WPA/WPA2 using PMKID (/thread-7717.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19


RE: New attack on WPA/WPA2 using PMKID - Superninja - 10-01-2018

Hello ZerBea,

thanks, i will change that.

But what is with hashcat, i am using it on windows, where can use it with gpu.

"hashcat64 -m 16800 test.16800 -a 3 -w 3 '?h?h?h?h?h?h?h?h!"

But i am looking for the way do use it for big and small letters and numbers all in one.
in the hashcat -h found only one of that, not all in once




(09-30-2018, 05:09 PM)ZerBea Wrote: @Superninja
It is not a good idea to copy hcxtools source and hcxdumptool source into the same directory.
Also it is not a good idea to use this directory as your working directory.
If you are a beginner, you should use file extensions (pcapng for a captured file, hash.16800 for a PMKID hashfile, hash.hccapx for an EAPOL hashfile). That will make life a little easier for you.



RE: New attack on WPA/WPA2 using PMKID - ZerBea - 10-01-2018

The Wiki is a good place to get some answers:
https://hashcat.net/wiki/doku.php?id=mask_attack

But keep in mind that this (PBKDF2) is a slow process. A mask only make sense if you know a part of the password or you expect a simple password (for example 8 digits) or you expect a password with a limited key space.


RE: New attack on WPA/WPA2 using PMKID - Superninja - 10-01-2018

Oh thanks….

so that means only wordlist attack?

so then most passes look safety. Special my one, is to long for bruteforce.
Will try rockyou, but think will not found my one.



(10-01-2018, 08:09 AM)ZerBea Wrote: The Wiki is a good place to get some answers:
https://hashcat.net/wiki/doku.php?id=mask_attack

But keep in mind that this (PBKDF2) is a slow process. A mask only make sense if you know a part of the password or you expect a simple password (for example 8 digits) or you expect a password with a limited key space.



RE: New attack on WPA/WPA2 using PMKID - ZerBea - 10-01-2018

No need to run rockyou against your hash. This list is included in the dictionaries of: https://wpa-sec.stanev.org/?dicts
You can upload your cap (using wlancap2wpasec or web interface). If the password is found, you will find it in cracked.txt. In this case you doesn't waste time testing common wordlists, because wpa-sec will do this for you. Now you can try other wordlists:
https://github.com/zecopro/wpa-passwords
https://hashes.org/left.php
http://wordbook.xyz/download/wifi/3wifi-wordlist.rar
read more about this wordlist here:
https://forum.antichat.ru/threads/281655/page-104

You can try wlanhcx2psk and/or hcxpsktool (will give you some weak password candidates).
You can get VENDOR information from mac_ap (using whoismac) and/or ISP (from default ESSID) and search for default key space.


RE: New attack on WPA/WPA2 using PMKID - Superninja - 10-02-2018

Okay,

wanted try, but wpasec aceept only cap format.

can hcxcaptool convert the pcapng to cap?






(10-01-2018, 01:12 PM)ZerBea Wrote: No need to run rockyou against your hash. This list is included in the dictionaries of: https://wpa-sec.stanev.org/?dicts
You can upload your cap (using wlancap2wpasec or web interface). If the password is found, you will find it in cracked.txt. In this case you doesn't waste time testing common wordlists, because wpa-sec will do this for you. Now you can try other wordlists:
https://github.com/zecopro/wpa-passwords
https://hashes.org/left.php
http://wordbook.xyz/download/wifi/3wifi-wordlist.rar
read more about this wordlist here:
https://forum.antichat.ru/threads/281655/page-104

You can try wlanhcx2psk and/or hcxpsktool (will give you some weak password candidates).
You can get VENDOR information from mac_ap (using whoismac) and/or ISP (from default ESSID) and search for default key space.



RE: New attack on WPA/WPA2 using PMKID - ZerBea - 10-02-2018

> wanted try, but wpasec accept only cap format.
No! wpa-sec running hcxtools in background.
Accepted formats are: cap, pcap, pcapng and gzip compressed cap, pcap and pcapng.
Just upload your captured file via web interface or
$ wlancap2wpasec yourcapfile.pcapng


RE: New attack on WPA/WPA2 using PMKID - Superninja - 10-02-2018

i uploaded the file, and wanted try crack.txt
but hashcat said, wordslist is to small.

is there something like an "--force" command?



(10-02-2018, 11:59 AM)ZerBea Wrote: > wanted try, but wpasec accept only cap format.
No! wpa-sec running hcxtools in background.
Accepted formats are: cap, pcap, pcapng and gzip compressed cap, pcap and pcapng.
Just upload your captured file via web interface or
$ wlancap2wpasec yourcapfile.pcapng



RE: New attack on WPA/WPA2 using PMKID - ZerBea - 10-02-2018

That's ok. It's just a warning, that you will not get full advantage of your GPU.


RE: New attack on WPA/WPA2 using PMKID - pineapplepride - 10-13-2018

testtest


RE: New attack on WPA/WPA2 using PMKID - pineapplepride - 10-13-2018

Hi everyone,

I've tried doing this and when I enter

hcxdumptool -o test.pcapng -i wlan0 --enable_status=3

I get

interface is not up
failed to init socket

Can anyone help me with this error please?
I'm using a ALFAAWUS036ACH, up and in monitor mode and I'm on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).
I used:
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
to get it into monitor mode.
Any help is greatly appreciated.
If more information is needed I'll post again
Thanks in advance!