|
Search Results
|
| Post |
Author |
Forum |
Replies
[desc]
|
Views |
Posted |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Well, it doesn't make sense to attack dynamically derived PMKs, but it's really funny.
I did a small update on hcxtools.
Download example cap from here:
https://wiki.wireshark.org/SampleCaptures... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
08-13-2018, 11:25 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Well, it is a new attack vector and a nice playground.
Take a look at the statistics of a typical hcxdumptool pcapng file. I got this one from a tester:
summary:
file name....................:... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
08-16-2018, 10:05 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| That are some good news.
Well, UBUNTU is recommended by hashcat team and is an easy to use distribution. I share that opinion. Designed for complete novices, UBUNTU teaches a beginner everything he n... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
08-16-2018, 02:19 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| hcxdumptool is able to run different attack vectors. And the client-less (PMKID) attack vector is only one of them:
ap-less:
Only one packet (M2) from a client required. You do not need to hunt fo... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
08-17-2018, 10:51 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| You're running an old version. Please pull latest git commit.
Filter lists are only used in the transmission branch. Using a filter list means, that we run active attacks against the entries (filterm... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
08-21-2018, 10:22 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Pushed a small update hcxdumptool. From now on we parse SAE completely:
[10:10:20 - 005] c83a35000002 -> c83a35000001 [AUTHENTICATION, SAE COMMIT, STATUS 0, SEQUENCE 304]
[10:10:20 - 005] c83a3500... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
08-26-2018, 10:23 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi sl0badob
That is correct. An access point is detected to be in our range, if he responds to our request using his ESSID. We are not able to associate to an access point without this information. A... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
08-26-2018, 03:59 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi dizcza.
hcapcaptool -o option will convert pcapng files to hccapx format (not to pcapng) and append the result to an existing hccapx file.
The command you're looking for (merging pcapng files... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
08-27-2018, 02:23 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi ssswanil.
To answer your question, we need some more informations.
1) Do you run latest commit?
If not, please update!
2) Does your driver support full (injection is working!) monitor mode?
... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
08-28-2018, 09:04 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi wakawaka
We can control the transmission branch, because we send only a few packets.
But we are not able to control the receiving branch. If we are in range of hundreds of access points and hundr... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
09-02-2018, 09:44 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi slyexe.
Do you you use the latest commit? I did a complete refactoring. The Raspberry PI A+, B+ is able to handle 4096 access points and/or 4096 clients simultaneously in a very fast way.
"This t... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
09-05-2018, 10:13 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi Superninja
wlan0mon is a typical logical interface type, created by airmon-ng for broadcom devices.
Do you use a broadcom interface?
read more here:
"You are using the Broadcom STA (wl) off... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
09-18-2018, 06:37 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi marcou3000.
There can be different reasons:
1) To much power consumption of an USB high gain adapter (for example AWUS036NH connected to an USP port of a Raspberry PI) - in that case reduce power... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
09-22-2018, 10:27 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Read more here:
https://wikidevi.com/wiki/Rtl8xxxu
Supported modes
STA (Station) mode: supported
IBSS (Ad-Hoc) mode: unknown
AP (Master) mode: unknown
Mesh (802.11s) mode: unknown
P2P mode: unk... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
09-23-2018, 11:47 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| From this commit on:
https://github.com/ZerBea/hcxdumptool/commit/6b006e022291562b9706f408e01ba2904297846f
hcxdumptool will set the interface to monitor mode.
That means iw, ip, iwconfig and ifconf... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
09-30-2018, 05:03 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| No need to run rockyou against your hash. This list is included in the dictionaries of: https://wpa-sec.stanev.org/?dicts
You can upload your cap (using wlancap2wpasec or web interface). If the passw... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
10-01-2018, 01:12 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| For sure this attack must fail on a RADIUS server. The authentication is done by the RADIUS authentication server (not by the router). This provides additional security. Various kinds of the Extensibl... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-07-2018, 06:42 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| I don't see any chances to crack PKI credentials or GSM/UMTS subsciber modules or certificates (TLS).
That's one of the reasons, why I don't parse them.
TACACS+ was the last authentication algorithm... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-07-2018, 07:58 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| No, the PMKID is not encrypted garbage and can be usefull (in some cases).
Running WPA2, the PMKID is calculated by this function:
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
The PM... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-08-2018, 06:22 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| All informations are stored in the hashline:
PMKID*MAC_AP*MAC_STA*ESSID
If we use the hashline from this thread: https://hashcat.net/forum/thread-7717-post-42759.html#pid42759
ea5aad4e27b22c46f8837... |
|
ZerBea |
User Contributions
|
187 |
1,293,331 |
11-11-2018, 02:55 PM |
