|
Search Results
|
| Post |
Author |
Forum |
Replies
[asc]
|
Views |
Posted |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| From this commit on:
https://github.com/ZerBea/hcxdumptool/commit/6b006e022291562b9706f408e01ba2904297846f
hcxdumptool will set the interface to monitor mode.
That means iw, ip, iwconfig and ifconf... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
09-30-2018, 05:03 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| No need to run rockyou against your hash. This list is included in the dictionaries of: https://wpa-sec.stanev.org/?dicts
You can upload your cap (using wlancap2wpasec or web interface). If the passw... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
10-01-2018, 01:12 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| For sure this attack must fail on a RADIUS server. The authentication is done by the RADIUS authentication server (not by the router). This provides additional security. Various kinds of the Extensibl... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-07-2018, 06:42 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| I don't see any chances to crack PKI credentials or GSM/UMTS subsciber modules or certificates (TLS).
That's one of the reasons, why I don't parse them.
TACACS+ was the last authentication algorithm... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-07-2018, 07:58 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| No, the PMKID is not encrypted garbage and can be usefull (in some cases).
Running WPA2, the PMKID is calculated by this function:
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
The PM... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-08-2018, 06:22 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| All informations are stored in the hashline:
PMKID*MAC_AP*MAC_STA*ESSID
If we use the hashline from this thread: https://hashcat.net/forum/thread-7717-post-42759.html#pid42759
ea5aad4e27b22c46f8837... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-11-2018, 02:55 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| If anyone is interested in SAE example (sae4way.pcapng) (https://hashcat.net/forum/attachment.php?aid=619)from here:
https://hashcat.net/forum/thread-7717-post-42759.html#pid42759
This are the SA... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-15-2018, 11:15 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| No, the pcapng doesn't contain IP addresses. But it contain MAC addresses of access points and clients and network names.
If you run hcapcaptool you will get four PMKIDs (two networks with one client... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-16-2018, 11:42 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| If you mean, that we have two steps, you got it:
step1 = derivation of Plainmasterkey (PMK), for example by PBKFD2
step2 = derivation of Pairwise Transient Key (PTK) to get access to the network (EA... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-10-2018, 12:03 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| v2.pcapng doesn't contain PMKIDs or handshakes and it is flawless:
$ hcxpcaptool -o test.hccapx -z test.16800 v2.pcapng
reading from v2.pcapng
summary: ... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-17-2018, 12:01 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Ok, fixed that ugly big endian issue when we are doing an option walk through the pcapng options:
https://github.com/ZerBea/hcxtools/commit/4babccca3789efd0a8aa7d70fdff7a8548768110
Thanks for report... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-17-2018, 12:50 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Latest link is expired, so I can't download the file.
hcxdumptool attack and dump modes depend on filter list and filter mode option. Running without this options, hcxdumptool will attack all and cap... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-17-2018, 09:44 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| v4.pcapng looking good:
$ hcxpcaptool -o test.hccapx -z test.16800 v4.pcapng
reading from v4.pcapng
summary:
file name................... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-17-2018, 11:22 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| I don't think it's a driver issue and I don't think it's a pineapple issue, because use received a PMKID from the access point!
1) check your environment
identify your access point (ESSID and mac)... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-18-2018, 08:26 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Due to several big endian fixes, hcxdumptool and hcxtools moved to v 5.0.1.
I received a notice that they are running on OpenWRT.
But keep in mind:
Both, PMKID attack vector and AP-LESS attack vect... |
|
ZerBea |
User Contributions
|
187 |
1,293,324 |
11-27-2018, 08:48 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Hi soxrok2212.
Did a quick binwalk, unsquashfs and radare2 on some files and noticed that the values are retrieved from the board:
ls /sys/module/board/parameters/*.*
or by debugsys --info
squas... |
|
ZerBea |
User Contributions
|
182 |
305,383 |
08-24-2018, 01:33 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| ...and if you don't have the default ESSID (with the 4 xdigits, required by the WIFI keygen),
$ hcxpsktool --digit10
will calculate the whole key space , based on wpa-sec analyses (known SEEDs):
$ hc... |
|
ZerBea |
User Contributions
|
182 |
305,383 |
05-16-2020, 10:04 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Maybe you're interested in this (not only ATT):
https://boxnet.servehttp.com/cap/pix/DUMP/
BTW:
You can reduce the key space, if you assume "N0" within every serial number:
dddddN0ddddd
That mak... |
|
ZerBea |
User Contributions
|
182 |
305,383 |
05-20-2020, 09:25 AM |
| |
|
Thread: ATTENTION! OpenCL kernel self-test failed.
Post: RE: ATTENTION! OpenCL kernel self-test failed.
| @ philsmd
latest tests of 22000 - WPA-PBKDF2-PMKID+EAPOL are very impressive. 2200x offers many advantages. |
|
ZerBea |
hashcat
|
31 |
12,818 |
12-22-2019, 12:44 PM |
| |
|
Thread: Cracking a CHAP from Freeradius
Post: RE: Cracking a CHAP from Freeradius
| Also a good idea is to read the RFC docs , even if they are not easy to understand. They are our basic docs if we add new functions to our tools:
https://tools.ietf.org/html/rfcXXXX
where XXXX is t... |
|
ZerBea |
hashcat
|
21 |
17,277 |
02-13-2018, 03:49 PM |
