hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
#47
added detection of zeroed plainmasterkeys to hcxtools:

$ wlancap2hcx  -o test.hccapx *.cap
start reading from wlan.cap
8659109 packets processed (8659109 wlan, 0 lan, 0 loopback)
total 201527 usefull wpa handshakes
found 52 handshakes with zeroed plainmasterkeys (hashcat -m 2501 with a zeroed plainmasterkey)
found 1642 WPA1 RC4 Cipher, HMAC-MD5
found 199883 WPA2 AES Cipher, HMAC-SHA1
found 2 WPA2 AES Cipher, AES-128-CMAC
found 90883 valid WPA handshakes (by wlandump-ng/wlanresponse)
hashcat --nonce-error-corrections is working on that file
found MD5-Challenge (hashcat -m 4800)
found EAP-TLS Authentication
found EAP-Cisco Wireless Authentication (hashcat -m 5500)
found EAP-SIM (GSM Subscriber Modules) Authentication
found PEAP Authentication
found WPS Authentication
warning: use of wpaclean detected

found 52 handshakes with zeroed plainmasterkeys (hashcat -m 2501 with a zeroed plainmasterkey)
means that a client uses a misconfigured wpa-supplicant or an accesspoint uses a misconfigured hostapd.

use hashcat -m 2501 test.hccapx pmkfile to crack the net

pmkfile:
0000000000000000000000000000000000000000000000000000000000000000

If you cracked M1/M2 or M1/M4 the client is misconfigured.
If you cracked M2/M3 or M3/M4 the accesspoint is misconfigured and you are able connect to the net using a zeroed plainmasterkey.
Reply


Messages In This Thread
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 08-14-2017, 12:15 PM
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM