Posts: 103
Threads: 22
Joined: Mar 2019
some results coming finally.. THANKS A LOT.
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA-PMKID-PBKDF2
Hash.Target......: test.16800
Time.Started.....: Wed Jun 12 20:33:13 2019 (2 mins, 40 secs)
Time.Estimated...: Wed Jun 12 20:35:53 2019 (0 secs)
Guess.Base.......: File (ESSID.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 6328 H/s (1.52ms) @ Accel:16 Loops:8 Thr:64 Vec:1
Recovered........: 6/458 (1.31%) Digests, 2/195 (1.03%) Salts
Progress.........: 1116570/1116570 (100.00%)
Rejected.........: 104130/1116570 (9.33%)
Restore.Point....: 5726/5726 (100.00%)
Restore.Sub.#1...: Salt:194 Amplifier:0-1 Iteration:2-5
Candidates.#1....: $HEX[21d75fae33100a080ef910] -> $HEX[766f6461666f6e65454136375f3547]
[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => Started: Wed Jun 12 20:33:12 2019
Stopped: Wed Jun 12 20:35:55 2019
Posts: 1,044
Threads: 2
Joined: Jun 2017
06-12-2019, 09:43 PM
(This post was last modified: 06-13-2019, 11:37 AM by ZerBea.)
Great. You did it! Next step is to create a database (collect data from -E -I and hashes) and I'm sure, your hit rate will increase:
The environment is not magic. It is a simple loop. Start at step one and if the last step fineshed, start the loop again
It depends on latest hashcat-git, hcxdumptool-g and hcxtools-git
Basic step (must be only done once) - create a working directory (wpa). We need the complete file path. In our example
$HOME/WPA
The cycle:
1) hcxdumptool -i interface -o $HOME/WPA/dumpfile.pcapng --enable_status=1
the default options are ok
run hcxdumptool for a while (at least > 2 hours)
then stop it
2) wlancap2wpasec dumpfile.pcapng
upload the pcpang file to wpa-sec.stanev.org and it will be tested against common wordlists - so there is no need for you to do this
3) hcxpcaptool -o $HOME/WPA/archive.hccapx -k $HOME/WPA/archiv.16800 -E $HOME/WPA/essidlist -I $HOME/WPA/identitylist -U $HOME/WPA/Passwortlisten/usernamelist dumpfile.pcapng
convert all hashes and information to database files. They are appended!!!
4) wait a while..., at least until wpa-sec.stanev.org reached "get works" of 15
5) download cracked.txt.gz and rkg.txt.gz from wpa-sec.stanev.org
6) decompress both files and copy them to your working directoy ($HOME/WPA)
7) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist | sort | uniq | hashcat -m 16800 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.16800
sort the wordlists and run them against your hashes.
we run first 16800, because it is faster
founds are removed
8) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist sort | uniq | hashcat -m 2500 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.hccapx
sort the wordlists and run them against your hashes
results are stored in $HOME/WPA/hashcat.mac
we are working on reuse of PBKDF2 and a crossover hashline for both modes. So we have to pay the price PBKDF2 only once and get MIC and PMKID for the same.
9) move dumpfile.pcapng to an archive folder or delete it, or rename it.
10) start again with step 1.
Keep in mind:
This is a basic loop. hashcat, hcxtools and hcxdumptool provide many options. Unfortunately every option has a price tag. Just play around with the options to improve your procedure.
BTW:
If you like to participate, just run help_crack.py from wpa-sec.stanev.org
Posts: 103
Threads: 22
Joined: Mar 2019
Im looking for a way of disabling WPA_SUPPLICANT all the times, but no success.
Trying with those lines on /etc/dhcpcd.conf
denyinterfaces wlan0
nohook wpa_supplicant
Any other idea that I could try?
Thanks.
Posts: 1,044
Threads: 2
Joined: Jun 2017
06-15-2019, 09:39 AM
(This post was last modified: 06-15-2019, 09:40 AM by ZerBea.)
To answer your question - that will help you:
https://raspberrypi.stackexchange.com/qu...t-raspbian
BTW:
"Newbie distros" came pre-configured. Major problem if you are running such a pre-configured distribution is that you have to revert the configurations which are done by the distribution developers. There are also many unneeded and unwanted background services and you likely still have no idea what's going on here.
My advice is to choose a distribution which lets you pick your own components and run only needed services. That means you aren’t saddled with a bunch of software you don’t expect and you aren’t wasting resources on extra system processes.
Read more here:
https://wiki.archlinux.org/index.php/Arc...tributions
https://www.makeuseof.com/tag/reasons-in...rch-linux/
Posts: 103
Threads: 22
Joined: Mar 2019
06-15-2019, 11:07 AM
(This post was last modified: 06-15-2019, 12:04 PM by powermi.)
Finally I installed Arch, but some commands are unknown for me, as for exaple, Arch doesnt find commands as MAKE & MAKE INSTALL. Do you know the commands for installing packages on Arch (like hcxtools)?
Found.. makepkg -si
Posts: 1,044
Threads: 2
Joined: Jun 2017
06-15-2019, 12:16 PM
(This post was last modified: 06-15-2019, 12:18 PM by ZerBea.)
For a rspberry pi capturing system:
$ pacman -Syu
$ pacman -S make gcc watchdog openssl rsync fake-hwclock zlib crda
$ pacman -Rs netctl wpa_supplicant
Thats all.
first cmd will update package lists
second cmd will install required tools
third cmd will remove unwanted tools.
How to is here:
https://hashcat.net/forum/thread-6661-po...l#pid44827
Posts: 103
Threads: 22
Joined: Mar 2019
(06-15-2019, 11:07 AM)powermi Wrote: Finally I installed Arch, but some commands are unknown for me, as for exaple, Arch doesnt find commands as MAKE & MAKE INSTALL. Do you know the commands for installing packages on Arch (like hcxtools)?
Found.. makepkg -si
Seems that the command to install hcxtools doesnt work as root, any other way, as it says I dont have permissions as regular user.
Posts: 103
Threads: 22
Joined: Mar 2019
(06-15-2019, 12:16 PM)ZerBea Wrote: For a rspberry pi capturing system:
$ pacman -Syu
$ pacman -S make gcc watchdog openssl rsync fake-hwclock zlib crda
$ pacman -Rs netctl wpa_supplicant
Thats all.
first cmd will update package lists
second cmd will install required tools
third cmd will remove unwanted tools.
How to is here:
https://hashcat.net/forum/thread-6661-po...l#pid44827
Great, thanks a lot.
Posts: 1,044
Threads: 2
Joined: Jun 2017
From git:
make install
or from Arch default package list
$ pacman -S hcxtools hcxdumptool
search for hcxtools and/or hcxdumptool here:
https://archlinuxarm.org/packages
Posts: 8
Threads: 0
Joined: Jun 2019
(06-12-2019, 09:43 PM)ZerBea Wrote: Great. You did it! Next step is to create a database (collect data from -E -I and hashes) and I'm sure, your hit rate will increase:
The environment is not magic. It is a simple loop. Start at step one and if the last step fineshed, start the loop again
It depends on latest hashcat-git, hcxdumptool-g and hcxtools-git
Basic step (must be only done once) - create a working directory (wpa). We need the complete file path. In our example
$HOME/WPA
The cycle:
1) hcxdumptool -i interface -o $HOME/WPA/dumpfile.pcapng --enable_status=1
the default options are ok
run hcxdumptool for a while (at least > 2 hours)
then stop it
2) wlancap2wpasec dumpfile.pcapng
upload the pcpang file to wpa-sec.stanev.org and it will be tested against common wordlists - so there is no need for you to do this
3) hcxpcaptool -o $HOME/WPA/archive.hccapx -k $HOME/WPA/archiv.16800 -E $HOME/WPA/essidlist -I $HOME/WPA/identitylist -U $HOME/WPA/Passwortlisten/usernamelist dumpfile.pcapng
convert all hashes and information to database files. They are appended!!!
4) wait a while..., at least until wpa-sec.stanev.org reached "get works" of 15
5) download cracked.txt.gz and rkg.txt.gz from wpa-sec.stanev.org
6) decompress both files and copy them to your working directoy ($HOME/WPA)
7) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist | sort | uniq | hashcat -m 16800 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.16800
sort the wordlists and run them against your hashes.
we run first 16800, because it is faster
founds are removed
8) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist sort | uniq | hashcat -m 2500 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.hccapx
sort the wordlists and run them against your hashes
results are stored in $HOME/WPA/hashcat.mac
we are working on reuse of PBKDF2 and a crossover hashline for both modes. So we have to pay the price PBKDF2 only once and get MIC and PMKID for the same.
9) move dumpfile.pcapng to an archive folder or delete it, or rename it.
10) start again with step 1.
Keep in mind:
This is a basic loop. hashcat, hcxtools and hcxdumptool provide many options. Unfortunately every option has a price tag. Just play around with the options to improve your procedure.
BTW:
If you like to participate, just run help_crack.py from wpa-sec.stanev.org