|
Search Results
|
| Post |
Author |
Forum |
Replies
[desc]
|
Views |
Posted |
| |
|
Thread: PMKID Generates Wrong ESSID And Password From Hash
Post: RE: PMKID Generates Wrong ESSID And Password From ...
| 1. create a filterlist.txt and add the target MAC: 112233445566
2. use options --filterlist=filterlist.txt --filtermode=2
--filterlist= : mac filter list
... |
|
ZerBea |
hashcat
|
10 |
3,630 |
06-09-2019, 08:08 PM |
| |
|
Thread: PMKID Generates Wrong ESSID And Password From Hash
Post: RE: PMKID Generates Wrong ESSID And Password From ...
| I think, I got a solution for your "problem". By latest hcxtools commit
https://github.com/ZerBea/hcxtools/commit/358264200bb60b1f5196b4a58429e18da0a8fd0a
I added a new option to hcxpcaptool to filt... |
|
ZerBea |
hashcat
|
10 |
3,630 |
06-10-2019, 03:46 PM |
| |
|
Thread: Mode 22000 Bad file descriptor
Post: RE: Mode 22000 Bad file descriptor
|
Mem5 Wrote: (01-18-2020, 12:51 AM)
--
Using hashcat-5.1.0 beta 1610 :
Code:
--
hashcat.exe -m 22000 hash dic
--
works OK with sample hash WPA*01*9d42bfc4ab79cf3a3a85761efd2a0cf0*e8e61d2bfe07*e2... |
|
ZerBea |
hashcat
|
10 |
3,156 |
01-18-2020, 02:05 PM |
| |
|
Thread: Mode 22000 Bad file descriptor
Post: RE: Mode 22000 Bad file descriptor
| We decided not to use ASCII characters, because:
Wireless network stacks must still be prepared to handle arbitrary values in the SSID field!
Using HEX instead of ASCII makes it easier to use com... |
|
ZerBea |
hashcat
|
10 |
3,156 |
01-19-2020, 02:19 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| 1.
faster
you don't need a CLIENT
works if MFP is activated
not susceptible for packet loss
2.
No. hascat is working on the captured hash and the result is the PMK and the PSK.
Yes. Searching... |
|
ZerBea |
hashcat
|
11 |
2,415 |
03-31-2020, 09:00 AM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Correct: reuse PBKDF2
That means that a PMK is calculated only once for an ESSID-PSK combination and compared against all hashes using the same ESSID.
This line will give you information about it:... |
|
ZerBea |
hashcat
|
11 |
2,415 |
04-01-2020, 05:35 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running this combination:
Code:
--
hcxdumptool -> hcxpcapngtool -> hashcat
--
nonce-error-corrections is in automatic mode. Mostly it is set to 0 by automatic on hcxdumptool captured traffic... |
|
ZerBea |
hashcat
|
11 |
2,415 |
04-01-2020, 06:11 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running that combination nc=2 doesn't make sense.
Either use the automatic or run nc=0.
That depend on the quality of your captured traffic and the sensitivity of your device (PLCP errors).
You can... |
|
ZerBea |
hashcat
|
11 |
2,415 |
04-01-2020, 06:50 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| nc is determined by the message_pair (last field in 22000 line):
Code:
--
bitmask for message pair field:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net... |
|
ZerBea |
hashcat
|
11 |
2,415 |
04-01-2020, 08:09 PM |
| |
|
Thread: hashcat v4.1.0
Post: RE: hashcat v4.1.0
| Awesome. Great job. Thanks for your big efforts.
Now let us look optimistically into the future: FreeRADIUS, VPN and TLS (and some EAP variants) are on top of the list.
Cheers |
|
ZerBea |
hashcat
|
13 |
32,462 |
02-22-2018, 10:11 AM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| How do you know, how complex my both PSKs are!
and you didn't answer my first question:
How did you measure it?
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 04:25 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| How did you measure it?
My results:
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit08
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat ... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 03:53 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| 1. Calculating of PMKID is faster
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
2. You run hashcat with default nonce-error-corrections on WPA-EAPOL-PBKDF2, so every md5 (WPA1) or sha ... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 04:51 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| As Atom said, PBKDF2 will cost us much time!
Now we drop PBKDF2:
$ time hashcat -m 2501 test.hccapx --nonce-error-corrections=0 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...
Se... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 05:08 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| @kryplasemv
every client will receive its own (calculated) PMKID from the access point because the MAC addresses are part of the calculation
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)... |
|
ZerBea |
hashcat
|
14 |
9,429 |
06-17-2019, 07:36 AM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| @Mem5
The construction (PBKDF2 calculation) of the plainmasterkey (PMK) is for both hash modes (2500 and 16800) the same and take long period of CPU/GPU time. This first part is a really slow part.
... |
|
ZerBea |
hashcat
|
14 |
9,429 |
06-17-2019, 07:56 AM |
| |
|
Thread: need batch stop after pass found hccapx
Post: RE: need batch stop after pass found hccapx
| hashcat online converter run cap2hccapx from hashcat-utils.
You should know that cap2hccapx will convert more than one hash to the hccapx file. Therefore it takes every good message pair and convert ... |
|
ZerBea |
hashcat
|
15 |
3,946 |
02-01-2020, 09:38 PM |
| |
|
Thread: need batch stop after pass found hccapx
Post: RE: need batch stop after pass found hccapx
| No, you have to code it by yourself. It is very simple:
https://github.com/ZerBea/hcxtools/issues/121#issuecomment-581013958 |
|
ZerBea |
hashcat
|
15 |
3,946 |
02-04-2020, 04:34 PM |
| |
|
Thread: need batch stop after pass found hccapx
Post: RE: need batch stop after pass found hccapx
| Does it work with the example hash from here if the PSK is in passlist1.txt?
https://hashcat.net/misc/example_hashes/hashcat.hccapx
64 -m 2500 -t 25 --remove -o cracked.txt 1.hccapx pass/passlist1... |
|
ZerBea |
hashcat
|
15 |
3,946 |
01-27-2020, 06:05 PM |
| |
|
Thread: need batch stop after pass found hccapx
Post: RE: need batch stop after pass found hccapx
|
msalman Wrote: (01-28-2020, 03:58 PM)
--
the pass is in my first wordlist
11223344
--
The attached hccapx file is a multi hash file. It contain 15 hashes (6 of them are dupes). If one of them is n... |
|
ZerBea |
hashcat
|
15 |
3,946 |
01-28-2020, 04:44 PM |
