Well, it doesn't make sense to attack dynamically derived PMKs, but it's really funny.
I did a small update on hcxtools.
Download example cap from here:
https://wiki.wireshark.org/SampleCaptures
File: wpa-eap-tls.pcap.gz
Description: 802.11 capture with WPA-EAP. PSK's to decode:
a5001e18e0b3f792278825bc3abff72d7021d7c157b600470ef730e2490835d4 79258f6ceeecedd3482b92deaabdb675f09bcb4003ef5074f5ddb10a94ebe00a 23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162
or direct:
https://wiki.wireshark.org/SampleCapture...ls.pcap.gz
Add the PMKs to a pmklist
run latest hcxpcaptool:
$ hcxpcaptool -Z pmkid wpa-eap-tls.pcap.gz
decompressing wpa-eap-tls.pcap.gz to /tmp/wpa-eap-tls.pcap.gz.tmp
start reading from /tmp/wpa-eap-tls.pcap.gz.tmp
summary:
file name....................: wpa-eap-tls.pcap.gz.tmp
file type....................: pcap 2.4
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 86
skipped packets..............: 0
packets with FCS.............: 0
EAPOL packets................: 4
EAPOL PMKIDs.................: 1
EAP packets..................: 20
found........................: EAP type ID
found........................: EAP-TLS Authentication
run hashcat WPA-PMKID-PMK hashmode:
$ hashcat -m 16801 pmkid pmklist
Session..........: hashcat
Status...........: Cracked
Hash.Type........: WPA-PMKID-PMK
Hash.Target......: d2cd0ca09bf5e9288fa2d529607acc4a*106f3f0e333c*247703d25ea8
Time.Started.....: Mon Aug 13 23:07:20 2018 (0 secs)
Time.Estimated...: Mon Aug 13 23:07:20 2018 (0 secs)
Guess.Base.......: File (pw)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 4270 H/s (0.01ms) @ Accel:512 Loops:512 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 3/3 (100.00%)
Rejected.........: 0/3 (0.00%)
Restore.Point....: 0/3 (0.00%)
I did a small update on hcxtools.
Download example cap from here:
https://wiki.wireshark.org/SampleCaptures
File: wpa-eap-tls.pcap.gz
Description: 802.11 capture with WPA-EAP. PSK's to decode:
a5001e18e0b3f792278825bc3abff72d7021d7c157b600470ef730e2490835d4 79258f6ceeecedd3482b92deaabdb675f09bcb4003ef5074f5ddb10a94ebe00a 23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162
or direct:
https://wiki.wireshark.org/SampleCapture...ls.pcap.gz
Add the PMKs to a pmklist
run latest hcxpcaptool:
$ hcxpcaptool -Z pmkid wpa-eap-tls.pcap.gz
decompressing wpa-eap-tls.pcap.gz to /tmp/wpa-eap-tls.pcap.gz.tmp
start reading from /tmp/wpa-eap-tls.pcap.gz.tmp
summary:
file name....................: wpa-eap-tls.pcap.gz.tmp
file type....................: pcap 2.4
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 86
skipped packets..............: 0
packets with FCS.............: 0
EAPOL packets................: 4
EAPOL PMKIDs.................: 1
EAP packets..................: 20
found........................: EAP type ID
found........................: EAP-TLS Authentication
run hashcat WPA-PMKID-PMK hashmode:
$ hashcat -m 16801 pmkid pmklist
Session..........: hashcat
Status...........: Cracked
Hash.Type........: WPA-PMKID-PMK
Hash.Target......: d2cd0ca09bf5e9288fa2d529607acc4a*106f3f0e333c*247703d25ea8
Time.Started.....: Mon Aug 13 23:07:20 2018 (0 secs)
Time.Estimated...: Mon Aug 13 23:07:20 2018 (0 secs)
Guess.Base.......: File (pw)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 4270 H/s (0.01ms) @ Accel:512 Loops:512 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 3/3 (100.00%)
Rejected.........: 0/3 (0.00%)
Restore.Point....: 0/3 (0.00%)