Hashcat + wlangenpmkocl how to convert back to plaintext ?
#7
(02-21-2021, 10:54 AM)ZerBea Wrote: How do we convert the key back to plaintext ?
I haven't answered this question, so shame on me.
If you mean with "key" a PMK, and if If you have a PMK and an ESSID, you can calculate the PSK via hash mode -m 12000
It is explained here:
https://github.com/s3inlc/hashtopolis/is...-749519078
Please notice:
This is also PBKDF2 and as slow as hash mode 2500, 16800 and 22000.

Here's the problem though (and correct me if I'm wrong). Let's be honest the likeliness of a PSK being in the wordlist is practically nill. I don't understand how these guys in their talks say things like rockyou=76% success right. Maybe like 15 years ago... Masking takes too long. Hybrid would take even longer.

There has to be a smarter approach around this. Again like I said before I'm beginningto realize impersonation is the way to go, but I just can't let go of this. I hate unsolved puzzles, I need to get to the bottom of this. I mean like 30 years ago you had people doing this with like 286s how did they fare it ? The limitations they would face are proportional to the ones we face today in my opinion.

fyi I do understand what you're doing that procedure is in the milos.org link I posted. It's just that technique still brings us back to 'oh well I can just run the dictionnary plain and if the key shows up well fine if it takes a few extra days so be it'. I was thinking by going PMK it would allow us to run advanced rulesets THEN the dictionnary can be very powerful, especially this one. (I have a 80GB one but I'm still benchmarking the 4GB one, seems like that's gonna take 90hrs to PMK, then like 5 minutes to run through hashcat)

EDIT: Ok some progress here..

hashcat -a 6 -m 2501 -w 4 "ANALYZE ME\ithurts.hccapx" dict\ithurts.pmk masks\rockyou-1-60.hcmask

Forgot about the hybrid attacks. I know the -m 2501 is making you wince, we'll take care of that last don't worry.
This is POC though there's 1 password in the pmk and it's the actual. Let's see what happens tonight with the live exercise. I'll keep us posted Wink
Reply


Messages In This Thread
RE: Hashcat + wlangenpmkocl how to convert back to plaintext ? - by pr0ph3t - 02-21-2021, 03:44 PM