02-28-2021, 04:24 PM
(02-17-2021, 09:36 AM)ZerBea Wrote: hashcat is able to recover the PSK only from WPA2 and WPA2 key version 3 (that is not WPA3)
hccapx is still used and will be in use in the near future
Advantage of hash mode 22000:
- not longer binary format
- all bash tools are working on this format (to sort hashes, show hashes, remove hashes, ...)
- PMKID and EAPOL message pairs stored in the same hash file
- reuse of PBKDF2 over PMKID and EAPOL message pairs on the same ESSID
The main advantages of PMKID attack are as follow:
Code:No more regular users required - because the attacker directly communicates with the AP (aka "client-less" attack)
No more waiting for a complete 4-way handshake between the regular user and the AP
No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
No more eventual invalid passwords sent by the regular user
No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string
Just saw this didn't know:
No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string
No more eventual invalid passwords sent by the regular user
No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
Very interesting. This is really important. Because waiting for handshakes and stuff who cares you're letting your dump run all day either way. These 3 factors though are major to me. I'm starting to see why you're spitting blood continuously to get us on 22k. Thanks