Search Results
|
Post |
Author |
Forum |
Replies |
Views |
Posted
[asc]
|
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
v4.pcapng looking good:
$ hcxpcaptool -o test.hccapx -z test.16800 v4.pcapng
reading from v4.pcapng
summary:
file name................... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-17-2018, 11:22 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Latest link is expired, so I can't download the file.
hcxdumptool attack and dump modes depend on filter list and filter mode option. Running without this options, hcxdumptool will attack all and cap... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-17-2018, 09:44 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
No, this PMKIDs belong to this ESSIDs:
Birdy
Slow Wifi
Your target network wasn't captured.
You can run whoismac to get informations about the 16800 hashline:
whoismac -p |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-17-2018, 01:27 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Ok, fixed that ugly big endian issue when we are doing an option walk through the pcapng options:
https://github.com/ZerBea/hcxtools/commit/4babccca3789efd0a8aa7d70fdff7a8548768110
Thanks for report... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-17-2018, 12:50 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
But both pcapng files are usefull for me. I noticed an issue in combination with mips and will try to fix it. Please give me a few minutes to fix it. v2.pcapng doesn't contain handshakes or PMKIDs. |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-17-2018, 12:28 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
v2.pcapng doesn't contain PMKIDs or handshakes and it is flawless:
$ hcxpcaptool -o test.hccapx -z test.16800 v2.pcapng
reading from v2.pcapng
summary: ... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-17-2018, 12:01 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
No, the pcapng doesn't contain IP addresses. But it contain MAC addresses of access points and clients and network names.
If you run hcapcaptool you will get four PMKIDs (two networks with one client... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-16-2018, 11:42 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Read errors mean that the pineapple possible not shutting down correctly. We miss the final interface statistics block. It doesn't mean that the hash is uncrackable. To find out, what's going wrong, w... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-16-2018, 10:20 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
If anyone is interested in SAE example (sae4way.pcapng) (https://hashcat.net/forum/attachment.php?aid=619)from here:
https://hashcat.net/forum/thread-7717-post-42759.html#pid42759
This are the SA... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-15-2018, 11:15 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
All informations are stored in the hashline:
PMKID*MAC_AP*MAC_STA*ESSID
If we use the hashline from this thread: https://hashcat.net/forum/thread-7717-post-42759.html#pid42759
ea5aad4e27b22c46f8837... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-11-2018, 02:55 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
If you mean, that we have two steps, you got it:
step1 = derivation of Plainmasterkey (PMK), for example by PBKFD2
step2 = derivation of Pairwise Transient Key (PTK) to get access to the network (EA... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-10-2018, 12:03 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
No, the PMKID is not encrypted garbage and can be usefull (in some cases).
Running WPA2, the PMKID is calculated by this function:
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
The PM... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-08-2018, 06:22 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
I don't see any chances to crack PKI credentials or GSM/UMTS subsciber modules or certificates (TLS).
That's one of the reasons, why I don't parse them.
TACACS+ was the last authentication algorithm... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-07-2018, 07:58 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
For sure this attack must fail on a RADIUS server. The authentication is done by the RADIUS authentication server (not by the router). This provides additional security. Various kinds of the Extensibl... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-07-2018, 06:42 PM |
|
|
Thread: need help with hcx dumptool what am i doing wrong
Post: RE: need help with hcx dumptool what am i doing wr...
Added new filter mode 3 (filter receiving branch) to hcxdumptool.
--filterlist= : mac filter list
format: 112233445566 + comment
... |
|
ZerBea |
hashcat
|
2 |
2,296 |
11-07-2018, 12:18 PM |
|
|
Thread: need help with hcx dumptool what am i doing wrong
Post: RE: need help with hcx dumptool what am i doing wr...
In your case:
[16:26:17 - 001] 009fa9073914 -> 5c93a20b3897 [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 2516]
[16:40:15 - 001] 009fa9073914 -> ccfb65942f7e [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT ... |
|
ZerBea |
hashcat
|
2 |
2,296 |
11-06-2018, 10:36 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
This questions are allready answered:
https://hashcat.net/forum/thread-7717-post-41863.html#pid41863
https://hashcat.net/forum/thread-7717-post-41864.html#pid41864
To understand hcxtools and hcxd... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
10-30-2018, 11:02 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
That's ok. It's just a warning, that you will not get full advantage of your GPU. |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
10-02-2018, 08:15 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
hcxdumptool retrieve the GPS data from GPSD in json format. So every device mentioned here as working, should work:
https://www.catb.org/gpsd/hardware.html
For my tests I run an "AktivePilot JENTRO B... |
|
ZerBea |
User Contributions
|
648 |
487,286 |
10-02-2018, 08:13 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
> wanted try, but wpasec accept only cap format.
No! wpa-sec running hcxtools in background.
Accepted formats are: cap, pcap, pcapng and gzip compressed cap, pcap and pcapng.
Just upload your capt... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
10-02-2018, 11:59 AM |