PMKID Captured.....what now?
#10
BTW:
22000 recover a PSK from a PMKID or EAPOL MESSAGE PAIR
22001 verify a PMK

If you're interested in working with PMKs, please take a look at hash mode 12000, too.
This mode will recover a PSK from a PMK and an ESSID.
From hashcat --help
Code:
12000 | PBKDF2-HMAC-SHA1                                    | Generic KDF

Let's use the example from above and prepare a 12000 hash line from ESSID and PMK hascat can work on:
Code:
$ hcxpmktool -m 88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc -e hashcat-essid

ESSID............: hashcat-essid
PMK..............: 88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc
PBKDF2-HMAC-SHA1.: sha1:4096:aGFzaGNhdC1lc3NpZA==:iPQ4VK57FiT8KrdySFnnlRMPSEPHU1cp6BnPkvOVNdw=

and recover the PSK:
Code:
$ hashcat -m 12000 sha1:4096:aGFzaGNhdC1lc3NpZA==:iPQ4VK57FiT8KrdySFnnlRMPSEPHU1cp6BnPkvOVNdw= -a 3 'hashcat!'
hashcat (v6.2.4-95-g707bff5c2) starting

CUDA API (CUDA 11.4)
====================
* Device #1: NVIDIA GeForce GTX 1650, 3857/3911 MB, 16MCU

OpenCL API (OpenCL 3.0 CUDA 11.4.136) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce GTX 1650, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 908 MB

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.          

sha1:4096:aGFzaGNhdC1lc3NpZA==:iPQ4VK57FiT8KrdySFnnlRMPSEPHU1cp6BnPkvOVNdw=:hashcat!
                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 12000 (PBKDF2-HMAC-SHA1)
Hash.Target......: sha1:4096:aGFzaGNhdC1lc3NpZA==:iPQ4VK57FiT8KrdySFnn...OVNdw=
Time.Started.....: Fri Oct 22 15:29:06 2021 (0 secs)
Time.Estimated...: Fri Oct 22 15:29:06 2021 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:       43 H/s (0.17ms) @ Accel:256 Loops:128 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:3968-4095
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 54c Util:  7% Core:1815MHz Mem:4001MHz Bus:8

Started: Fri Oct 22 15:29:04 2021
Stopped: Fri Oct 22 15:29:06 2021
Reply


Messages In This Thread
PMKID Captured.....what now? - by Pilsener - 10-21-2021, 07:40 PM
RE: PMKID Captured.....what now? - by ZerBea - 10-21-2021, 10:09 PM
RE: PMKID Captured.....what now? - by CUwindows00 - 10-22-2021, 09:53 AM
RE: PMKID Captured.....what now? - by ZerBea - 10-22-2021, 10:30 AM
RE: PMKID Captured.....what now? - by CUwindows00 - 10-22-2021, 12:12 PM
RE: PMKID Captured.....what now? - by ZerBea - 10-22-2021, 01:06 PM
RE: PMKID Captured.....what now? - by CUwindows00 - 10-22-2021, 01:53 PM
RE: PMKID Captured.....what now? - by ZerBea - 10-22-2021, 02:14 PM
RE: PMKID Captured.....what now? - by CUwindows00 - 10-22-2021, 02:30 PM
RE: PMKID Captured.....what now? - by ZerBea - 10-22-2021, 03:11 PM
RE: PMKID Captured.....what now? - by CUwindows00 - 10-23-2021, 04:03 AM
RE: PMKID Captured.....what now? - by ZerBea - 10-23-2021, 06:20 AM