Search Results
|
Post |
Author |
Forum
[desc]
|
Replies |
Views |
Posted |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
There is no need to run hcxtools on the new hashline format. Nearly every bash cmd is working on the new hashline:
e.g. running a simple bash line will give you the ESSID in ASCII format:
cat test... |
|
ZerBea |
User Contributions
|
648 |
487,167 |
01-19-2020, 01:59 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
I don't see any chances to crack PKI credentials or GSM/UMTS subsciber modules or certificates (TLS).
That's one of the reasons, why I don't parse them.
TACACS+ was the last authentication algorithm... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-07-2018, 07:58 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
No, the PMKID is not encrypted garbage and can be usefull (in some cases).
Running WPA2, the PMKID is calculated by this function:
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
The PM... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-08-2018, 06:22 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
All informations are stored in the hashline:
PMKID*MAC_AP*MAC_STA*ESSID
If we use the hashline from this thread: https://hashcat.net/forum/thread-7717-post-42759.html#pid42759
ea5aad4e27b22c46f8837... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-11-2018, 02:55 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
If anyone is interested in SAE example (sae4way.pcapng) (https://hashcat.net/forum/attachment.php?aid=619)from here:
https://hashcat.net/forum/thread-7717-post-42759.html#pid42759
This are the SA... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-15-2018, 11:15 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
No, the pcapng doesn't contain IP addresses. But it contain MAC addresses of access points and clients and network names.
If you run hcapcaptool you will get four PMKIDs (two networks with one client... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-16-2018, 11:42 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Done by latest commit:
https://github.com/ZerBea/hcxtools/commit/a5070f53b82260186ca524949d34cc08fbde51ee
$ hcxhastool -h
--hccap-single : output to ancient hccap single files (MAC ... |
|
ZerBea |
User Contributions
|
648 |
487,167 |
01-29-2020, 06:12 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
If you mean, that we have two steps, you got it:
step1 = derivation of Plainmasterkey (PMK), for example by PBKFD2
step2 = derivation of Pairwise Transient Key (PTK) to get access to the network (EA... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-10-2018, 12:03 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Hi strike1953.
This is another amazing feature of the new hashline: you can use simple bash commands to work on it.
e.g. the awk way:
Code:
--
$ cat test.16800 | awk 'BEGIN { FS = ":" } ; { pr... |
|
ZerBea |
User Contributions
|
648 |
487,167 |
02-06-2020, 01:44 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Ok, my fault. Didn't noticed that you mean the potfile.
That depend on your hascat version. The new potfile format is the result of PBKDF2:
Code:
--
PMK*ESSID(in HEX)*PSK
--
So you have to reca... |
|
ZerBea |
User Contributions
|
648 |
487,167 |
02-06-2020, 02:56 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
v2.pcapng doesn't contain PMKIDs or handshakes and it is flawless:
$ hcxpcaptool -o test.hccapx -z test.16800 v2.pcapng
reading from v2.pcapng
summary: ... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-17-2018, 12:01 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Ok, fixed that ugly big endian issue when we are doing an option walk through the pcapng options:
https://github.com/ZerBea/hcxtools/commit/4babccca3789efd0a8aa7d70fdff7a8548768110
Thanks for report... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-17-2018, 12:50 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Latest link is expired, so I can't download the file.
hcxdumptool attack and dump modes depend on filter list and filter mode option. Running without this options, hcxdumptool will attack all and cap... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-17-2018, 09:44 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
v4.pcapng looking good:
$ hcxpcaptool -o test.hccapx -z test.16800 v4.pcapng
reading from v4.pcapng
summary:
file name................... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-17-2018, 11:22 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Correct: 22000 is 16800 + 2500
So we have to pay the price (PBKDF2) only once. Additional we're leaving binary hccapx format.
apt-get update && upgrade sounds Debian based. I don't know anything a... |
|
ZerBea |
User Contributions
|
648 |
487,167 |
02-06-2020, 09:55 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
tshark can do this really good:
$ tshark -r test.pcapng.cap -T fields -e wps.device_name -e wps.serial_number
or (inclusive transmitter address and ESSID):
$ tshark -r test.pcapng.cap -T fields -e ... |
|
ZerBea |
User Contributions
|
648 |
487,167 |
02-11-2020, 08:01 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
I don't think it's a driver issue and I don't think it's a pineapple issue, because use received a PMKID from the access point!
1) check your environment
identify your access point (ESSID and mac)... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-18-2018, 08:26 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Due to several big endian fixes, hcxdumptool and hcxtools moved to v 5.0.1.
I received a notice that they are running on OpenWRT.
But keep in mind:
Both, PMKID attack vector and AP-LESS attack vect... |
|
ZerBea |
User Contributions
|
187 |
1,293,321 |
11-27-2018, 08:48 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
small notice about hcxpcaptool option -I:
hcxdumptool is able to request identities from a client (for example the International Mobile Subscriber Identity [IMSI] Number from a mobile phone). Running... |
|
ZerBea |
User Contributions
|
648 |
487,167 |
02-04-2019, 07:58 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
That depend on the environment variables of your system.
$ getconf ARG_MAX
2097152
I haven't tested it exactly , because I have not so much entries.
BTW:
It is allowed to use BPFC and filterm... |
|
ZerBea |
User Contributions
|
648 |
487,167 |
03-18-2020, 11:09 AM |