Search Results
|
Post |
Author |
Forum |
Replies |
Views |
Posted
[desc]
|
|
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
1. Calculating of PMKID is faster
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
2. You run hashcat with default nonce-error-corrections on WPA-EAPOL-PBKDF2, so every md5 (WPA1) or sha ... |
|
ZerBea |
hashcat
|
14 |
9,433 |
04-05-2019, 04:51 PM |
|
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
As Atom said, PBKDF2 will cost us much time!
Now we drop PBKDF2:
$ time hashcat -m 2501 test.hccapx --nonce-error-corrections=0 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...
Se... |
|
ZerBea |
hashcat
|
14 |
9,433 |
04-05-2019, 05:08 PM |
|
|
Thread: PBKDF2 and SHA-1 question
Post: RE: PBKDF2 and SHA-1 question
if you include openssl:
#include
#include
#include
PMK is calculated by:
PKCS5_PBKDF2_HMAC((const char*)psk, psklen, (unsigned char*)essid, essidlen, 4096, EVP_sha1(), 32, pmk)
successf... |
|
ZerBea |
hashcat
|
4 |
2,384 |
04-07-2019, 11:18 AM |
|
|
Thread: PBKDF2 and SHA-1 question
Post: RE: PBKDF2 and SHA-1 question
You are right, hashcat is using OpnCl for both functions. The c code example should show that the functions are easy to implement in different coding languages like c, by adding cryptolibs.
There are... |
|
ZerBea |
hashcat
|
4 |
2,384 |
04-09-2019, 08:40 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
You can retrieve a PSK or a PMK only from a weak client. Therefore you must run hcxdumptool over a long time against your penetration target.
We can not distinguish between an ESSID, a damaged ESSID,... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-10-2019, 09:51 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
And this is really important:
Hashmodes 2501 and 16801 are not cracking hashmodes.
The are only usefull to verfify(!) an existing PMK. |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-10-2019, 10:06 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
24h is good, but you should do that on different days and or different month, too.
Let me say a few words about hcx-suite:
The suite is designed as an analysis suite. All attack vectors run on raw... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-10-2019, 11:55 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
We drop a packet if
it doesn't contain a usefull information (deauthentication frames, disassociations frames, ack frames, ...)
if it was transmitted twice or more
if it is damaged (and I mean real... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-14-2019, 01:46 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
I'm not sure if sombody ported hcxdumptool to run using NodeMCU. But there is a similar project here:
https://null-byte.wonderhowto.com/how-to/scan-fake-attack-wi-fi-networks-with-esp8266-based-wifi-... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-14-2019, 04:54 PM |
|
|
Thread: WPA3 Dragonblood Vulnerabilities Disclosure
Post: RE: WPA3 Dragonblood Vulnerabilities Disclosure
Yes, very good and interesting analysis of some WPA3 flaws. Unfortunately the side channel attack requires at least unprivileged access to the victim (dragonblood.pdf: 7.2 Attack Scenario). In other w... |
|
ZerBea |
General Talk
|
5 |
3,493 |
04-17-2019, 08:53 PM |
|
|
Thread: WPA3 Dragonblood Vulnerabilities Disclosure
Post: RE: WPA3 Dragonblood Vulnerabilities Disclosure
Yes, wpa_supplicant and hostapd are amazing open source tools. I really love them both and they are an integral part of my test environment to improve hcxdumptool. |
|
ZerBea |
General Talk
|
5 |
3,493 |
04-20-2019, 10:11 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
@ ciccio17
In case of a hccapx hash file, use
- wlanhcxinfo to get information about the content.
- wlanhcx2ssid to get desired hash or
- split -b 393 --additional-suffix=.hccapx (393 = size of a... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-27-2019, 04:00 PM |
|
|
Thread: Integer overflow detected in keyspace of mask
Post: RE: Integer overflow detected in keyspace of mask
2501 and 16801 hash modes are designed to verify (pre-)calculated PMKs. Latest hashcat use this modes to detect already recovered passwords, by testing the hash against the PMK (take a look at new has... |
|
ZerBea |
General Talk
|
7 |
6,481 |
04-28-2019, 11:37 AM |
|
|
Thread: cap2hccapx - Networks detected: 0
Post: RE: cap2hccapx - Networks detected: 0
@ C-Sky91
Please attach capfile. I would like to take a look inside. |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
7 |
5,289 |
05-02-2019, 05:09 PM |
|
|
Thread: cap2hccapx - Networks detected: 0
Post: RE: cap2hccapx - Networks detected: 0
@ C-Sky91
Thanks for the cap file. Unfortunately the attached cap file is cleaned deadly. It doesn't contain an ESSID.
Only 4 packets inside:
packet 1: EAPOL M1 - replaycount 1
packet 2: EAPOL M4 ... |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
7 |
5,289 |
05-02-2019, 07:16 PM |
|
|
Thread: cap2hccapx - Networks detected: 0
Post: RE: cap2hccapx - Networks detected: 0
The EAPOL messages inside your pcap file are from 2 different EAPOL sequences.
packet 1 and packet 2 from the first EAPOL sequence (with a packet loss of a M2 and a M3)
packet 3 and packet 4 from th... |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
7 |
5,289 |
05-02-2019, 11:39 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
That depends on how many clients are in range.
Here is an example:
https://github.com/ZerBea/hcxtools/issues/92#issuecomment-497603848
Running less than 2h and feeded the result of -E to hashcat ... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-02-2019, 03:41 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
-E, -I and -U collecting data from the WLAN traffic and store them as ASCII text files. The idea is to use this lists as wordlists for hashcat.
For example, if a user confused something when he types... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-02-2019, 04:59 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Great.
It will take a while until you build up your environment / database, but it's worth it. The more clients, the better your lists.
Most of the tools feeding https://wpa-sec.stanev.org/ with dat... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-02-2019, 11:58 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Running hcxpcaptool to convert EAPOL (-o) and PMKID (-k or -z) is fine.
The content of -E is very interesting, because we can find several passwords (PSK) inside. You should know, that
hcxdumptool... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-04-2019, 08:18 AM |