some results coming finally.. THANKS A LOT.
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA-PMKID-PBKDF2
Hash.Target......: test.16800
Time.Started.....: Wed Jun 12 20:33:13 2019 (2 mins, 40 secs)
Time.Estimated...: Wed Jun 12 20:35:53 2019 (0 secs)
Guess.Base.......: File (ESSID.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 6328 H/s (1.52ms) @ Accel:16 Loops:8 Thr:64 Vec:1
Recovered........: 6/458 (1.31%) Digests, 2/195 (1.03%) Salts
Progress.........: 1116570/1116570 (100.00%)
Rejected.........: 104130/1116570 (9.33%)
Restore.Point....: 5726/5726 (100.00%)
Restore.Sub.#1...: Salt:194 Amplifier:0-1 Iteration:2-5
Candidates.#1....: $HEX[21d75fae33100a080ef910] -> $HEX[766f6461666f6e65454136375f3547]
[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => Started: Wed Jun 12 20:33:12 2019
Stopped: Wed Jun 12 20:35:55 2019
Great. You did it! Next step is to create a database (collect data from -E -I and hashes) and I'm sure, your hit rate will increase:
The environment is not magic. It is a simple loop. Start at step one and if the last step fineshed, start the loop again
It depends on latest hashcat-git, hcxdumptool-g and hcxtools-git
Basic step (must be only done once) - create a working directory (wpa). We need the complete file path. In our example
$HOME/WPA
The cycle:
1) hcxdumptool -i interface -o $HOME/WPA/dumpfile.pcapng --enable_status=1
the default options are ok
run hcxdumptool for a while (at least > 2 hours)
then stop it
2) wlancap2wpasec dumpfile.pcapng
upload the pcpang file to wpa-sec.stanev.org and it will be tested against common wordlists - so there is no need for you to do this
3) hcxpcaptool -o $HOME/WPA/archive.hccapx -k $HOME/WPA/archiv.16800 -E $HOME/WPA/essidlist -I $HOME/WPA/identitylist -U $HOME/WPA/Passwortlisten/usernamelist dumpfile.pcapng
convert all hashes and information to database files. They are appended!!!
4) wait a while..., at least until wpa-sec.stanev.org reached "get works" of 15
5) download cracked.txt.gz and rkg.txt.gz from wpa-sec.stanev.org
6) decompress both files and copy them to your working directoy ($HOME/WPA)
7) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist | sort | uniq | hashcat -m 16800 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.16800
sort the wordlists and run them against your hashes.
we run first 16800, because it is faster
founds are removed
8) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist sort | uniq | hashcat -m 2500 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.hccapx
sort the wordlists and run them against your hashes
results are stored in $HOME/WPA/hashcat.mac
we are working on reuse of PBKDF2 and a crossover hashline for both modes. So we have to pay the price PBKDF2 only once and get MIC and PMKID for the same.
9) move dumpfile.pcapng to an archive folder or delete it, or rename it.
10) start again with step 1.
Keep in mind:
This is a basic loop. hashcat, hcxtools and hcxdumptool provide many options. Unfortunately every option has a price tag. Just play around with the options to improve your procedure.
BTW:
If you like to participate, just run help_crack.py from wpa-sec.stanev.org
Im looking for a way of disabling WPA_SUPPLICANT all the times, but no success.
Trying with those lines on /etc/dhcpcd.conf
denyinterfaces wlan0
nohook wpa_supplicant
Any other idea that I could try?
Thanks.
Finally I installed Arch, but some commands are unknown for me, as for exaple, Arch doesnt find commands as MAKE & MAKE INSTALL. Do you know the commands for installing packages on Arch (like hcxtools)?
Found.. makepkg -si
For a rspberry pi capturing system:
$ pacman -Syu
$ pacman -S make gcc watchdog openssl rsync fake-hwclock zlib crda
$ pacman -Rs netctl wpa_supplicant
Thats all.
first cmd will update package lists
second cmd will install required tools
third cmd will remove unwanted tools.
How to is here:
https://hashcat.net/forum/thread-6661-po...l#pid44827
(06-15-2019, 11:07 AM)powermi Wrote: [ -> ]Finally I installed Arch, but some commands are unknown for me, as for exaple, Arch doesnt find commands as MAKE & MAKE INSTALL. Do you know the commands for installing packages on Arch (like hcxtools)?
Found.. makepkg -si
Seems that the command to install hcxtools doesnt work as root, any other way, as it says I dont have permissions as regular user.
(06-15-2019, 12:16 PM)ZerBea Wrote: [ -> ]For a rspberry pi capturing system:
$ pacman -Syu
$ pacman -S make gcc watchdog openssl rsync fake-hwclock zlib crda
$ pacman -Rs netctl wpa_supplicant
Thats all.
first cmd will update package lists
second cmd will install required tools
third cmd will remove unwanted tools.
How to is here:
https://hashcat.net/forum/thread-6661-po...l#pid44827
Great, thanks a lot.
From git:
make install
or from Arch default package list
$ pacman -S hcxtools hcxdumptool
search for hcxtools and/or hcxdumptool here:
https://archlinuxarm.org/packages
(06-12-2019, 09:43 PM)ZerBea Wrote: [ -> ]Great. You did it! Next step is to create a database (collect data from -E -I and hashes) and I'm sure, your hit rate will increase:
The environment is not magic. It is a simple loop. Start at step one and if the last step fineshed, start the loop again
It depends on latest hashcat-git, hcxdumptool-g and hcxtools-git
Basic step (must be only done once) - create a working directory (wpa). We need the complete file path. In our example
$HOME/WPA
The cycle:
1) hcxdumptool -i interface -o $HOME/WPA/dumpfile.pcapng --enable_status=1
the default options are ok
run hcxdumptool for a while (at least > 2 hours)
then stop it
2) wlancap2wpasec dumpfile.pcapng
upload the pcpang file to wpa-sec.stanev.org and it will be tested against common wordlists - so there is no need for you to do this
3) hcxpcaptool -o $HOME/WPA/archive.hccapx -k $HOME/WPA/archiv.16800 -E $HOME/WPA/essidlist -I $HOME/WPA/identitylist -U $HOME/WPA/Passwortlisten/usernamelist dumpfile.pcapng
convert all hashes and information to database files. They are appended!!!
4) wait a while..., at least until wpa-sec.stanev.org reached "get works" of 15
5) download cracked.txt.gz and rkg.txt.gz from wpa-sec.stanev.org
6) decompress both files and copy them to your working directoy ($HOME/WPA)
7) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist | sort | uniq | hashcat -m 16800 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.16800
sort the wordlists and run them against your hashes.
we run first 16800, because it is faster
founds are removed
8) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist sort | uniq | hashcat -m 2500 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.hccapx
sort the wordlists and run them against your hashes
results are stored in $HOME/WPA/hashcat.mac
we are working on reuse of PBKDF2 and a crossover hashline for both modes. So we have to pay the price PBKDF2 only once and get MIC and PMKID for the same.
9) move dumpfile.pcapng to an archive folder or delete it, or rename it.
10) start again with step 1.
Keep in mind:
This is a basic loop. hashcat, hcxtools and hcxdumptool provide many options. Unfortunately every option has a price tag. Just play around with the options to improve your procedure.
BTW:
If you like to participate, just run help_crack.py from wpa-sec.stanev.org