Posts: 45
Threads: 9
Joined: Dec 2017
WPA/WPA2 PMK mode (2501) - is this mode no longer supported by Hashcat? I thought this mode was designed to speed up cracking hashes by pre-calculating PMK for given SSID and a list of pass phrases, so then can be used along with dictionary that will run quicker.
Here is some information I have found:
"We can speed this up by pre-calculating the Pre-Shared Key, also called the Pairwise Master Key (PMK) in the 802.11 standard parlance. It is important to note that, as the SSID is also used to calculate the PMK, with the same passphrase but a different SSID, we would end up with a different PMK. Thus, the PMK depends on both the passphrase and the SSID."
Posts: 45
Threads: 9
Joined: Dec 2017
genpmk (PMK generator) is still can be found in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux and can be used along with cowpatty to wpa/wpa2, but I doubt cowpatty support GPU usage as Hashcat does.
Posts: 2,267
Threads: 16
Joined: Feb 2013
If you run hashcat --help (with the latest version of hashcat) you will see that 2501 is supported and within the output.
you can use hcxtools from
https://github.com/ZerBea/hcxtools (wlancap2hcx -f pmks.txt caputure.cap)
Posts: 45
Threads: 9
Joined: Dec 2017
philsmd, apparently I don't have latest version then
Posts: 45
Threads: 9
Joined: Dec 2017
hashcat --version returns pull/1273/head
2501 is definitely missing, so I assume I have older version.
How do I update it, please?
Posts: 1,044
Threads: 2
Joined: Jun 2017
wlangenpmkocl is the choice to precalculate PMKs for hashcat:
$ wlangenpmkocl -h
wlangenpmkocl 4.0.1 (C) 2018 ZeroBeat
usage: wlangenpmkocl <options>
options:
-e <essid> : input single essid (networkname: 1 .. 32 characters) requires -p
-p <password> : input single password (8 .. 63 characters) requires -e
-i <file> : input passwordlist
-I <file> : input combilist (essid:password)
-a <file> : output plainmasterkeys as ASCII file (hashcat -m 2501)
-A <file> : output plainmasterkeys:password as ASCII file
-c <file> : output cowpatty hashfile (existing file will be replaced)
-P <platform> : input platform, default 0 (first platform)
-D <device> : input device, default 0 (first device)
-l : list device info
-h : this help
Posts: 45
Threads: 9
Joined: Dec 2017
Where can I find wlangenpmkocl?
Posts: 1,044
Threads: 2
Joined: Jun 2017
Posts: 45
Threads: 9
Joined: Dec 2017
Can anyone help to find more info about this? I have tried to generate genpmk file in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and it took me hours to generate rockyou list with specific SSID, when in it takes 35 seconds to run on 2500 on hashcat. So what is the point of 2501? As far as I understoond it should save time on cracking passes, but it doesn't because takes ages to generate pmk file.
Posts: 1,044
Threads: 2
Joined: Jun 2017
03-03-2018, 07:07 PM
(This post was last modified: 03-03-2018, 07:20 PM by ZerBea.)
Maybe you're doing something wrong:
$ time wlangenpmkocl -e networkname -i rockyou -A pmklist
using: GeForce GTX 1080 Ti
9612471 plainmasterkeys generated, 4734589 password(s) skipped
real 0m45,772s
user 0m38,581s
sys 0m7,137s
Remarks:
skipped passwords are < 8 or > 63 chars
Main purpose for me is to verify allready retrieved PSKs on new incomming caps.
(in an extreme fast way, using nonce-error-corrections=128 in combination with hashcat's --remove to cleanup my database).
For that purpose I calculated a PMK list from hashcat's -m 2500 potfile.