New attack on WPA/WPA2 using PMKID
(11-17-2018, 11:22 AM)ZerBea Wrote: v4.pcapng looking good:

$ hcxpcaptool -o test.hccapx -z test.16800 v4.pcapng
reading from v4.pcapng
summary:                                        
file name....................: v4.pcapng
file type....................: pcapng 1.0
file hardware information....: mips
file os information..........: Linux 3.18.84
file application information.: hcxdumptool 5.0.0
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: big endian
read errors..................: flawless
packets inside...............: 151
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 142
beacons (with ESSID inside)..: 3
probe requests...............: 4
probe responses..............: 8
association requests.........: 3
association responses........: 5
authentications (OPEN SYSTEM): 89
authentications (BROADCOM)...: 5
EAPOL packets................: 39
EAPOL PMKIDs.................: 5
best handshakes..............: 1 (ap-less: 1)

1 handshake(s) written to test.hccapx
5 PMKID(s) written to test.16800

inside of test.16800 is a PMKID from this network ESSID "shit wifi" and the PSK is not 123456789!

$ whoismac -p 07b4xxxx....xxxx*e84e06xxxxxx*f0a225c4c261*736869742077696669
ESSID..: shit wifi
MAC_AP.: e84e06xxxxxx
VENDOR.: EDUP INTERNATIONAL (HK) CO., LTD
MAC_STA: f0a225c4c261
VENDOR.: Private

From the -E option of hcxpcaptool I noticed that there is also an ESSID "Shit Wifi". Unfortunately we have no handshake and no PMKID from this network.

Strange, well I created multiple networks with the same password as I was having issues grabbing the handshake.
When I run the conversion I get this summary:

Code:
summary:
--------
file name....................: v4.pcapng
file type....................: pcapng 1.0
file hardware information....: mips
file os information..........: Linux 3.18.84
file application information.: hcxdumptool 5.0.0
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: big endian
read errors..................: yes
packets inside...............: 151
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 141
beacons (with ESSID inside)..: 3
probe requests...............: 4
probe responses..............: 8
association requests.........: 3
association responses........: 5
authentications (OPEN SYSTEM): 88
authentications (BROADCOM)...: 5
EAPOL packets................: 39
EAPOL PMKIDs.................: 5
best handshakes..............: 1 (ap-less: 0)

5 PMKID(s) written to v4.16800

I double checked and the password should be 

123456789 however I could reset all the wifi and passwords to try a redump, but Im thinking the issue is much bigger then having a incorrect password, of course Im probably wrong haha


Messages In This Thread
New attack on WPA/WPA2 using PMKID - by atom - 08-04-2018, 06:50 PM
RE: New attack on WPA/WPA using PMKID - by hash93 - 08-04-2018, 09:18 PM
RE: New attack on WPA/WPA using PMKID - by ZerBea - 08-05-2018, 10:53 AM
RE: New attack on WPA/WPA2 using PMKID - by kcdtv - 08-05-2018, 11:41 PM
RE: New attack on WPA/WPA2 using PMKID - by lint - 08-06-2018, 06:09 PM
RE: New attack on WPA/WPA2 using PMKID - by lint - 11-07-2018, 07:05 PM
RE: New attack on WPA/WPA2 using PMKID - by atom - 08-08-2018, 11:16 AM
RE: New attack on WPA/WPA2 using PMKID - by atom - 08-08-2018, 11:55 AM
RE: New attack on WPA/WPA2 using PMKID - by kcdtv - 08-09-2018, 04:11 PM
RE: New attack on WPA/WPA2 using PMKID - by octf - 08-11-2018, 07:21 AM
RE: New attack on WPA/WPA2 using PMKID - by skan - 08-13-2018, 03:57 AM
RE: New attack on WPA/WPA2 using PMKID - by LoZio - 08-17-2018, 01:49 PM
RE: New attack on WPA/WPA2 using PMKID - by L3pus - 08-21-2018, 09:23 AM
RE: New attack on WPA/WPA2 using PMKID - by lint - 09-03-2018, 12:07 PM
RE: New attack on WPA/WPA2 using PMKID - by sao - 08-27-2018, 06:10 AM
RE: New attack on WPA/WPA2 using PMKID - by Mem5 - 08-27-2018, 07:24 PM
RE: New attack on WPA/WPA2 using PMKID - by JCas - 09-01-2018, 02:13 PM
RE: New attack on WPA/WPA2 using PMKID - by dafez - 09-03-2018, 04:40 PM
RE: New attack on WPA/WPA2 using PMKID - by dafez - 09-07-2018, 04:55 AM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-21-2018, 03:43 AM
RE: New attack on WPA/WPA2 using PMKID - by Mem5 - 09-21-2018, 09:39 AM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-21-2018, 12:51 PM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-22-2018, 01:49 AM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-22-2018, 04:50 PM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-22-2018, 10:22 PM
RE: New attack on WPA/WPA2 using PMKID - by Rit - 10-23-2018, 11:07 PM
RE: New attack on WPA/WPA2 using PMKID - by Rit - 10-27-2018, 06:29 PM
RE: New attack on WPA/WPA2 using PMKID - by Rit - 10-27-2018, 06:20 PM
RE: New attack on WPA/WPA2 using PMKID - by Rit - 10-27-2018, 06:31 PM
RE: New attack on WPA/WPA2 using PMKID - by lint - 11-07-2018, 07:10 PM
RE: New attack on WPA/WPA2 using PMKID - by dojo_mast3r - 11-17-2018, 09:55 PM