Need some questions answ0ered
#1
Hi!

I want to target only 1 bssid-my AP and not a lot of them(others). If I get standard line I get lots of Rogue PMKID fast what is normal, but the file has too may of PMKIDs(my+others).

If I select as target one AP with specific channel which I got from the scan I dont get it. Is the code allright? I dont want to use old way of handshakes.

Code:
hcxdumptool -i wlan1 -o test --filterlist_ap=MAC_adress --filtermode=2 -c 1 --enable_status=64

Or is it a better way to capture multiple PMKID and what tool do I need to seperate 1 large file with multiple PMKIDs into 1 file 1 PMKID?

If I use enable status 64(tested a little interesting) I get update pretty fast, but what is the difference between PMKID and RoguePMKID? Are both all right or are Rogue from other AP?

When I start cracking the hash I get info digests, unique digests and salts. The name of the essid is often default, so in that case could the hash be cracked even if it says that it is salted? What is the difference between those 3? Normally salted one has extra protection, but I want to know if hashcat takes essid or similar and salted ones can be cracked with no extra methods? I mean captured wireless files - hashes with WPA2 protection.


Thank you that would clarify a lot.
Reply
#2
Google is your friend. Or try built-in search.
https://www.google.com/search?q=site%3Ah...ific+ap%22
https://hashcat.net/forum/search.php

When you read this whole thread, you will become an expert.
https://hashcat.net/forum/thread-6661.html

how to attack a specific ap
https://hashcat.net/forum/thread-6661-po...l#pid48259

It doesn't matter if you capture PMKIDROGUE or PMKID. Both are suitable for PMKID-attacks.
PMKIDROGUE = PMKID requested by hcxdumptool
PMKID = PMKID captured after CLIENT request
https://hashcat.net/forum/thread-10496-p...l#pid54241


Disclaimer: i'm not an expert. Rather, a novice, like you.
Reply