|
Search Results
|
| Post |
Author |
Forum |
Replies |
Views |
Posted
[asc]
|
| |
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
| I changed naming from AP-LESS to ROGUE ATTACK, because the attack vector isn't AP-LESS or CLIENT-LESS. Instead hcxdumptool will act as a "ROGUE" ACCESS POINT for a CLIENT and as a ROGUE CLIENT for an ... |
|
ZerBea |
User Contributions
|
648 |
486,439 |
05-12-2020, 04:56 PM |
| |
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
| Nice to hear that. Thanks. |
|
ZerBea |
User Contributions
|
648 |
486,439 |
05-12-2020, 12:33 PM |
| |
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
| Difference between the two methods:
filtermode:
all CLIENTs handled (inclusive the ones running MAC randomization)
bpfc:
limited to CLIENTs connected to the AP.
you will receive a warning (hcxpca... |
|
ZerBea |
User Contributions
|
648 |
486,439 |
04-08-2020, 08:07 AM |
| |
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
| Hi strike1953.
2 ways:
less strict: add MAC_AP to filterlist.txt
hcxdumptool --filterlist_ap=filterlist.txt --filtermode=2 ...
strict: create bpfc
Code:
--
$ hcxdumptool -m
$ tcpdump -i w... |
|
ZerBea |
User Contributions
|
648 |
486,439 |
04-07-2020, 08:11 PM |
| |
|
Thread: Help with hashcat infrastructure
Post: RE: Help with hashcat infrastructure
| Try this one:
https://github.com/RealEnder/dwpa |
|
ZerBea |
hashcat
|
2 |
773 |
04-07-2020, 08:50 AM |
| |
|
Thread: hcxdumptool install problem
Post: RE: hcxdumptool install problem
| Do not(!) run airmon-ng! The script (1540 lines to do such a simple thing as setting monitor mode) is designed to be used by aircrack-ng suite and not by hcxdumptool. It will create a virtual monitor ... |
|
ZerBea |
hashcat
|
3 |
1,502 |
04-07-2020, 08:47 AM |
| |
|
Thread: hcxdumptool install problem
Post: RE: hcxdumptool install problem
| $ hcxdumptool --help will show you the correct syntax
add target AP_MC to filterlist.txt (format 112233445566)
replace --filterlist with --filterlist_ap
replace --enable_status with --enable_status... |
|
ZerBea |
hashcat
|
3 |
1,502 |
04-06-2020, 05:50 PM |
| |
|
Thread: Indirect signs of PSK being changed
Post: RE: Indirect signs of PSK being changed
| If the old PSK is known, hcxdumptool --weakcandidate will do that. No alert == PSK changed.
If the old PSK is known, you can use hcxpcapngtool --all option to identify PSK changes.
If ESSID and PSK ... |
|
ZerBea |
General Talk
|
2 |
802 |
04-04-2020, 08:18 AM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| nc is determined by the message_pair (last field in 22000 line):
Code:
--
bitmask for message pair field:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net... |
|
ZerBea |
hashcat
|
11 |
2,401 |
04-01-2020, 08:09 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running that combination nc=2 doesn't make sense.
Either use the automatic or run nc=0.
That depend on the quality of your captured traffic and the sensitivity of your device (PLCP errors).
You can... |
|
ZerBea |
hashcat
|
11 |
2,401 |
04-01-2020, 06:50 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running this combination:
Code:
--
hcxdumptool -> hcxpcapngtool -> hashcat
--
nonce-error-corrections is in automatic mode. Mostly it is set to 0 by automatic on hcxdumptool captured traffic... |
|
ZerBea |
hashcat
|
11 |
2,401 |
04-01-2020, 06:11 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Correct: reuse PBKDF2
That means that a PMK is calculated only once for an ESSID-PSK combination and compared against all hashes using the same ESSID.
This line will give you information about it:... |
|
ZerBea |
hashcat
|
11 |
2,401 |
04-01-2020, 05:35 PM |
| |
|
Thread: How to view SSID of cracked PMKID (16800) PCAP?
Post: RE: How to view SSID of cracked PMKID (16800) PCAP...
| And some of this characters will destroy your terminal. This is especially the case if escape sequences are in use! So it is definitely a good idea to hexify them
Examples:
https://wpa-sec.stanev.... |
|
ZerBea |
hashcat
|
6 |
2,245 |
04-01-2020, 03:38 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| 1.
faster
you don't need a CLIENT
works if MFP is activated
not susceptible for packet loss
2.
No. hascat is working on the captured hash and the result is the PMK and the PSK.
Yes. Searching... |
|
ZerBea |
hashcat
|
11 |
2,401 |
03-31-2020, 09:00 AM |
| |
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
| can be done by bash scripts, too.
Quick and dirty solution:
Code:
--
#!/bin/bash
while read -r line;
do
printf $line | awk 'BEGIN { FS = "*" } ; { printf $4 ":" }'
printf $line | awk '... |
|
ZerBea |
User Contributions
|
648 |
486,439 |
03-27-2020, 09:53 PM |
| |
|
Thread: no ssh in pwnagotchi
Post: RE: no ssh in pwnagotchi
| Maybe that is not enough and you're missing some information.
Please read more here:
https://www.raspberrypi.org/forums/viewtopic.php?t=203716
Code:
--
country=xx
ctrl_interface=DIR=/var/run/... |
|
ZerBea |
General Talk
|
3 |
1,308 |
03-27-2020, 09:19 PM |
| |
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
| hcxhashtool will do the job:
get example hash (22000) from here:
https://hashcat.net/wiki/doku.php?id=example_hashes
and run hcxhashtool to retrieve information
Code:
--
$ hcxhashtool -i ex... |
|
ZerBea |
User Contributions
|
648 |
486,439 |
03-27-2020, 07:41 PM |
| |
|
Thread: no ssh in pwnagotchi
Post: RE: no ssh in pwnagotchi
| "... also ssh file without extension in root dir of sd"
is not the correct way.
recommended way:
https://pwnagotchi.ai/configuration/#about-your-ssh-connection
or the raspbian way (if we assume pw... |
|
ZerBea |
General Talk
|
3 |
1,308 |
03-26-2020, 09:55 AM |
| |
|
Thread: How can i get hash from a cap file?
Post: RE: How can i get hash from a cap file?
| 1)
depending on your hashcat version and hash mode it is either a PMKID or a MIC or a MD5_64 (ancient versions of hashcat).
The posted line is not the raw hash. Instead it is the result of hashcat.
... |
|
ZerBea |
hashcat
|
1 |
868 |
03-23-2020, 07:14 PM |
| |
|
Thread: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 PMK (2501)
Post: RE: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 P...
| Great, thanks for posting your result. Some words about nonce error corrections (NC):
NC values have a deep impact on hashcat speed. Within hccapx and 22000 hash records the message pair field is use... |
|
ZerBea |
hashcat
|
9 |
4,585 |
03-23-2020, 03:22 PM |
