WPA/WPA2 batch processing
#9
(09-27-2018, 04:59 PM)v00razz Wrote:
(09-27-2018, 03:15 PM)ZerBea Wrote: Ok, now I know what you mean with "batch processing". That is aircrack-ng and/or pyrit style.
hashcats provides this feature with hashmode 2501 (for hccapx) and 16801 for (PMKID).
In both cases you must use a PMK (plainmasterkey) file as wordlist. It is for both hashmodes the same! You can pre-calculate PMKs from ESSID and PSK using PBKDF2 algorithm.

hcxkeys will do this for you (on GPU):
https://github.com/ZerBea/hcxkeys

That mode is very fast using hashcat:
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA-PMKID-PMK
Hash.Target......: hashfile.16801
Time.Started.....: Thu Sep 27 15:13:24 2018 (21 secs)
Time.Estimated...: Thu Sep 27 15:13:45 2018 (0 secs)
Guess.Base.......: File (pmklist)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:   115.2 MH/s (0.00ms) @ Accel:128 Loops:1024 Thr:1024 Vec:1
Recovered........: 435/25676 (1.69%) Digests, 433/24808 (1.75%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:1282,76947,1846729 (Min,Hour,Day)
Progress.........: 2288091456/2288091456 (100.00%)
Rejected.........: 0/2288091456 (0.00%)
Restore.Point....: 92232/92232 (100.00%)
Restore.Sub.#1...: Salt:24807 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 0000000000000000000000000000000000000000000000000000000000000000 -> ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Hardware.Mon.#1..: Temp: 51c Fan: 36% Util: 47% Core:1898MHz Mem:5005MHz Bus:16
Started: Thu Sep 27 15:12:43 2018
Stopped: Thu Sep 27 15:13:46 2018

Take a look at the hashfiles for mode 16800 and 16801.
16801 doesn't have an ESSID and doesn't need an ESSID!
And again: bash commands (cat, cut, tail, grep, awk, split, sort, ...) are your friends.
You can use them to generate the basic input wordlists.
You can use them to split potfiles into parts/columns you need for a later calculation.
-h option of the tools is your friend, too. The same applies to readme files.

Thank you so much for that reply.
I've downloaded this tool and I tried making it work. THis is how far I got.
I ran:
wlangenpmkocl -e Katarina -i wordlist -A pmkfile



cat wordlist:
katarina
passw123

I get pmkfile..

cat pmkfile:
181ad8169bf942af7d05a3cbd4f200f5f958ea8db4b5a768e17c716a30f61ff5:katarina
d99893b4593b3abc4c1179bd70c6244072ae4521047d4c449ecf90e8b2b3501f:passw123

cat Katarina.16800: (original PMKID capture)
7ffb1ec865bf3df4f2567ac4664f8c82*e8cd2da9ae23*28cfe951c5fd*4b61746172696e61

I already cracked Katarina.16800 with dictionary so I know its a valid hash.

then I ran:
hashcat -m 16801 Katarina.16800 pmkfile

But I get this error:
Hashfile 'Katarina.16800' on line 1 (7ffb1e...23*28cfe951c5fd*4b61746172696e61): Token length exception
No hashes loaded.

Please provide step by step solution. Thanks a lot!

I figured it out! I got it... 
I take the original hash and remove everything after the 3rd wildcard *.
7ffb1ec865bf3df4f2567ac4664f8c82*e8cd2da9ae23*28cfe951c5fd*4b61746172696e61

I get:

7ffb1ec865bf3df4f2567ac4664f8c82*e8cd2da9ae23*28cfe951c5fd
I save that to newKatarina.16800

now i run:
wlangenpmkocl -e Katarina -i wordlist -a pmkfile

and lastly:
hashcat -m 16801 newKatarina.16800 pmkfile

It works. Thank you so so much Big Grin


Messages In This Thread
WPA/WPA2 batch processing - by v00razz - 09-26-2018, 10:56 AM
RE: WPA/WPA2 batch processing - by Mem5 - 09-26-2018, 04:03 PM
RE: WPA/WPA2 batch processing - by v00razz - 09-26-2018, 04:50 PM
RE: WPA/WPA2 batch processing - by ZerBea - 09-27-2018, 10:58 AM
RE: WPA/WPA2 batch processing - by v00razz - 09-27-2018, 12:24 PM
RE: WPA/WPA2 batch processing - by ZerBea - 09-27-2018, 03:15 PM
RE: WPA/WPA2 batch processing - by v00razz - 09-27-2018, 04:59 PM
RE: WPA/WPA2 batch processing - by v00razz - 09-27-2018, 05:37 PM
RE: WPA/WPA2 batch processing - by ZerBea - 09-27-2018, 05:21 PM