A promising attack always starts with a state of the art tool to attack the target over the air.
Dumping a BEACON and a 4way handshake or a PMKID only is far from that.
Once you got a pcapng dump file that contain all this information you have to analyze it.
https://github.com/ZerBea/hcxtools/issues/265
First test if the PSK is inside the pcapng file. Some CLIENTs transmit it in the clear.
Now test if the PSK is calculated from the BSSID (or part of the BSSID).
Than test if the PSK is calculated from the ESSID (or part of the ESSID).
https://forum.hashkiller.io/index.php?th...ost-332565
Check if a keygen exists:
https://github.com/routerkeygen/routerkeygenPC
Check if the key space is known (hcxpsktool):
https://github.com/ZerBea/hcxtools
Than try some common wordlists:
https://wpa-sec.stanev.org
https://hashmob.net/resources/hashmob
Generate a base list from known PSKs (hcxeiutool) and run a rule on it.
Find a pattern and run a mask (e.g. AndroidAP: ?l?l?l?l?d?d?d?d).
Dumping a BEACON and a 4way handshake or a PMKID only is far from that.
Once you got a pcapng dump file that contain all this information you have to analyze it.
https://github.com/ZerBea/hcxtools/issues/265
First test if the PSK is inside the pcapng file. Some CLIENTs transmit it in the clear.
Now test if the PSK is calculated from the BSSID (or part of the BSSID).
Than test if the PSK is calculated from the ESSID (or part of the ESSID).
https://forum.hashkiller.io/index.php?th...ost-332565
Check if a keygen exists:
https://github.com/routerkeygen/routerkeygenPC
Check if the key space is known (hcxpsktool):
https://github.com/ZerBea/hcxtools
Than try some common wordlists:
https://wpa-sec.stanev.org
https://hashmob.net/resources/hashmob
Generate a base list from known PSKs (hcxeiutool) and run a rule on it.
Find a pattern and run a mask (e.g. AndroidAP: ?l?l?l?l?d?d?d?d).