hashcat Forum
Couple of questions - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Couple of questions (/thread-9884.html)



Couple of questions - keithwaelchi - 02-17-2021

Mmm, I was not here some time, and I see some things changed so I can't follow this up. I read a little bit but I'm not sure so I need some help here.

As far as I can see now is popular some kind of PMKID attack, which I understand is working with new WPA3 protocol ?

Ok, I don't need that for now, is old hccapx format still supported ? Working well on Windows 7 with both AMD and Nvidia cards ?

Whether it was planned a rescission of hccapx format in near future ?

Thanks.


RE: Couple of questions - ZerBea - 02-17-2021

hashcat is able to recover the PSK only from WPA2 and WPA2 key version 3 (that is not WPA3)
hccapx is still used and will be in use in the near future
Advantage of hash mode 22000:
- not longer binary format
- all bash tools are working on this format (to sort hashes, show hashes, remove hashes, ...)
- PMKID and EAPOL message pairs stored in the same hash file
- reuse of PBKDF2 over PMKID and EAPOL message pairs on the same ESSID

The main advantages of PMKID attack are as follow:
Code:
No more regular users required - because the attacker directly communicates with the AP (aka "client-less" attack)
No more waiting for a complete 4-way handshake between the regular user and the AP
No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
No more eventual invalid passwords sent by the regular user
No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string



RE: Couple of questions - pr0ph3t - 02-28-2021

(02-17-2021, 09:36 AM)ZerBea Wrote: hashcat is able to recover the PSK only from WPA2 and WPA2 key version 3 (that is not WPA3)
hccapx is still used and will be in use in the near future
Advantage of hash mode 22000:
- not longer binary format
- all bash tools are working on this format (to sort hashes, show hashes, remove hashes, ...)
- PMKID and EAPOL message pairs stored in the same hash file
- reuse of PBKDF2 over PMKID and EAPOL message pairs on the same ESSID

The main advantages of PMKID attack are as follow:
Code:
No more regular users required - because the attacker directly communicates with the AP (aka "client-less" attack)
No more waiting for a complete 4-way handshake between the regular user and the AP
No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
No more eventual invalid passwords sent by the regular user
No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string

Just saw this didn't know:

No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string
No more eventual invalid passwords sent by the regular user
No more lost EAPOL frames when the regular user or the AP is too far away from the attacker

Very interesting. This is really important. Because waiting for handshakes and stuff who cares you're letting your dump run all day either way. These 3 factors though are major to me. I'm starting to see why you're spitting blood continuously to get us on 22k. Thanks


RE: Couple of questions - ZerBea - 02-28-2021

Not me alone. Just copied Atom's comment from here:
https://hashcat.net/forum/thread-7717.html