(02-21-2021, 10:54 AM)ZerBea Wrote: How do we convert the key back to plaintext ?
I haven't answered this question, so shame on me.
If you mean with "key" a PMK, and if If you have a PMK and an ESSID, you can calculate the PSK via hash mode -m 12000
It is explained here:
https://github.com/s3inlc/hashtopolis/is...-749519078
Please notice:
This is also PBKDF2 and as slow as hash mode 2500, 16800 and 22000.
Nono are you kidding me you've given me so much info thank you !
You've answered the question in many different ways in fact. My original idea was just to open both PMKs in notepadd++ run the compare addon and find the line. But grepping / cat cutting is much efficient/smart.
You are correct though, I'm being a script kiddie at the moment. I clearly do not yet understand how encryption, hashing and the WPAs work. I read the links but need to re-read and experiment in my lab. Perhaps I should login to my network, fire kismet and observe the traffic. I remember once upon a time doing tech support I used to learn so much by simple TCPdumps.
It's coming back to me.. Just slowly.
I guess what I was hoping is that the wpa key would resemble a dictionnary word rather than something like x9abcd9999 as a password.
I'm too new to make statements like this but from the books I'm reading and such t seems like the most effective method of infiltration is actually impersonation and not cracking.
I mean if all I could is compare a dictionnary to the hash why would I want to make a PMK then ?
It'll take me about 24hrs to construct a PMK from a 3GB wordlist. If I run it straight as a wordlist instead of converting HASHCAT's eta is about maybe 2 days or say 3 even. I understand that technically it can save you a day or two, but on the other hand there's so many mistakes you can make. A 48 hr tradeoff or whatever doesn't sound like a big gain there must be something else.
Either I'm not understanding the true purpose of rainbow tables or I'm far too ambitious for this low level of processing power. Hmmm.
I've stumbled on people across the net talking about how they've recovered PART of a password sometimes. Is this an actual possibility ? Because that would make masking much more feasible you can start guessing a little bit.
Going to read https://www.ins1gn1a.com/understanding-w...-cracking/ now. Thanks
EDIT:
"The MIC is calculated using HMAC_MD5, which takes its input from the KCK Key within the PTK. Unfortunately I wasn't able to come up with some Python code to compute the MIC, even after reviewing aircrack-ng and Cowpatty source code (my C skills are severely lacking). Expand on the above and let me know if anyone has an idea!"
Hmmm I know this is cheating but you guys know about https://gpuhash.me right ? There's a 'check service' option where you can dump your handshake and it'll show you the MICs. Is that what he's saying he's missing here or did I misunderstand ? Because if that's the case I think this would be quite helpful for everyone.