09-01-2022, 04:56 PM
(This post was last modified: 09-01-2022, 04:58 PM by CyberPentester.)
(09-01-2022, 08:46 AM)ZerBea Wrote: @CyberPentester, I really want to answer your question, received by PMWhoops, did not know that was a thing. I enabled it now. Thanks for letting me know and answering here.
But you disabled private messaging!
(09-01-2022, 08:46 AM)ZerBea Wrote: In the second part, PMKID calculation (PMKID) is much faster:Yes, understood the part of the complexity between PMKID and EAPOL 4way, thank you for the explanation into how the algorithm works. My question was a bit confusing, so let me change it to this: If I had multiple PMKID hashes from the same ESSID and put them all into hashcat, it does not make the PSK crack faster, correct? In fact it would take longer?
If you only want to recover the PSK just use the PMKID hash line (WPA*01*) and remove the EAPOL 4way hash lines (WPA*02*) for that ESSID.
(09-01-2022, 08:46 AM)ZerBea Wrote: The second question is not easy to answer, because it depend on the target.
If the default password algo is known, routerkeygen (RKG) should be the first choice.
https://github.com/routerkeygen/routerkeygenPC
The manufacturer is not there, but I do know the keyspace. I would have to take some time to figure out this tool. If I choose one of manufacturers in that tool that has the same keyspace as the router I know, will the generated wordlist be optimized or does it also do a simple bruteforce mask without taking into account probability?
(09-01-2022, 08:46 AM)ZerBea Wrote: If the default key space is know, hcxpsktool could be a choice.
I do know the keyspace. Does hcxpsktool take into account probability of same characters appearing multiple times in the PSK candidates? Also may you please provide an example of hcxpsktool for a keyspace of 10 digits?
Thanks again for answering!