03-01-2021, 03:16 AM
(02-28-2021, 11:12 PM)ZerBea Wrote: Regarding your example, there is nothing to extract. It is a proprietary ESSID.
To get a feeling for PSKs in the clear, get this example:
https://github.com/evilsocket/pwnagotchi...nctest.zip
Decompress it, convert it and run hashcat:
and you'll know what I mean.Code:$ hcxpcapngtool -o eapol.22000 -E wordlist test.pcap
$ hashcat -m 22000 --nonce-error-corrections=8 eapol.22000 wordlist
Wait a sec. I was just sitting there thinking and it clicked. Sorry man there are SO many moving parts to this perhaps I should've structured my thoughts and intent better.
The reason why I'm so bent on using PMKs, is because passwords naturally to me are extremely difficult to crack. Without a large ruleset there's no way for example it would crack my network auto wpa key. However adding rules to say a 40GB wordlist would take centuries. So I figured if I make a PMK, I can apply heavy rulesets to it and still complete the hashin in a reasonable amount of time. Now generating a rainbow off of 40gb will prolly take like 2 weeks, but after that the tests will be quite quick.
So that's what I've been trying to accomplish here. However, through your hcxtools not only have I gained a much greater understanding but it's the sudo wlanpmk2hcx -e SSID -p HASH that I wanted because that generates the 12000 hash mode. Maybe I'm offbase, but it that made me feel like I skipped a whole bruteforcing step. Still trying to figure out if that's wishful thinking but there you have it.