|
Search Results
|
| Post |
Author |
Forum |
Replies
[asc]
|
Views |
Posted |
| |
|
Thread: need batch stop after pass found hccapx
Post: RE: need batch stop after pass found hccapx
| No, you have to code it by yourself. It is very simple:
https://github.com/ZerBea/hcxtools/issues/121#issuecomment-581013958 |
|
ZerBea |
hashcat
|
15 |
3,946 |
02-04-2020, 04:34 PM |
| |
|
Thread: need batch stop after pass found hccapx
Post: RE: need batch stop after pass found hccapx
| Does it work with the example hash from here if the PSK is in passlist1.txt?
https://hashcat.net/misc/example_hashes/hashcat.hccapx
64 -m 2500 -t 25 --remove -o cracked.txt 1.hccapx pass/passlist1... |
|
ZerBea |
hashcat
|
15 |
3,946 |
01-27-2020, 06:05 PM |
| |
|
Thread: need batch stop after pass found hccapx
Post: RE: need batch stop after pass found hccapx
|
msalman Wrote: (01-28-2020, 03:58 PM)
--
the pass is in my first wordlist
11223344
--
The attached hccapx file is a multi hash file. It contain 15 hashes (6 of them are dupes). If one of them is n... |
|
ZerBea |
hashcat
|
15 |
3,946 |
01-28-2020, 04:44 PM |
| |
|
Thread: need batch stop after pass found hccapx
Post: RE: need batch stop after pass found hccapx
| One last question: Which options have you used to capture the dumpfile?
I noticed that all(!) undirected proberequest frames are not present (filtered out).
This frames may contain information abo... |
|
ZerBea |
hashcat
|
15 |
3,946 |
02-06-2020, 11:52 AM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| How do you know, how complex my both PSKs are!
and you didn't answer my first question:
How did you measure it?
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 04:25 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| How did you measure it?
My results:
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit08
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat ... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 03:53 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| 1. Calculating of PMKID is faster
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
2. You run hashcat with default nonce-error-corrections on WPA-EAPOL-PBKDF2, so every md5 (WPA1) or sha ... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 04:51 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| As Atom said, PBKDF2 will cost us much time!
Now we drop PBKDF2:
$ time hashcat -m 2501 test.hccapx --nonce-error-corrections=0 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...
Se... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 05:08 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| @kryplasemv
every client will receive its own (calculated) PMKID from the access point because the MAC addresses are part of the calculation
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)... |
|
ZerBea |
hashcat
|
14 |
9,429 |
06-17-2019, 07:36 AM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| @Mem5
The construction (PBKDF2 calculation) of the plainmasterkey (PMK) is for both hash modes (2500 and 16800) the same and take long period of CPU/GPU time. This first part is a really slow part.
... |
|
ZerBea |
hashcat
|
14 |
9,429 |
06-17-2019, 07:56 AM |
| |
|
Thread: hashcat v4.1.0
Post: RE: hashcat v4.1.0
| Awesome. Great job. Thanks for your big efforts.
Now let us look optimistically into the future: FreeRADIUS, VPN and TLS (and some EAP variants) are on top of the list.
Cheers |
|
ZerBea |
hashcat
|
13 |
32,462 |
02-22-2018, 10:11 AM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| 1.
faster
you don't need a CLIENT
works if MFP is activated
not susceptible for packet loss
2.
No. hascat is working on the captured hash and the result is the PMK and the PSK.
Yes. Searching... |
|
ZerBea |
hashcat
|
11 |
2,415 |
03-31-2020, 09:00 AM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Correct: reuse PBKDF2
That means that a PMK is calculated only once for an ESSID-PSK combination and compared against all hashes using the same ESSID.
This line will give you information about it:... |
|
ZerBea |
hashcat
|
11 |
2,415 |
04-01-2020, 05:35 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running this combination:
Code:
--
hcxdumptool -> hcxpcapngtool -> hashcat
--
nonce-error-corrections is in automatic mode. Mostly it is set to 0 by automatic on hcxdumptool captured traffic... |
|
ZerBea |
hashcat
|
11 |
2,415 |
04-01-2020, 06:11 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running that combination nc=2 doesn't make sense.
Either use the automatic or run nc=0.
That depend on the quality of your captured traffic and the sensitivity of your device (PLCP errors).
You can... |
|
ZerBea |
hashcat
|
11 |
2,415 |
04-01-2020, 06:50 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| nc is determined by the message_pair (last field in 22000 line):
Code:
--
bitmask for message pair field:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net... |
|
ZerBea |
hashcat
|
11 |
2,415 |
04-01-2020, 08:09 PM |
| |
|
Thread: No handshakes when trying to convert to hccapx
Post: RE: No handshakes when trying to convert to hccapx
| Upload the cap here:
https://wpa-sec.stanev.org/?nets |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
10 |
14,097 |
05-18-2018, 05:56 PM |
| |
|
Thread: No handshakes when trying to convert to hccapx
Post: RE: No handshakes when trying to convert to hccapx
| ...or simple use hcxtools for capturing and conversion, as they provide nonce-error-corrections and more...
BTW:
hcxtools running in background of wpa-sec and they did the conversion! |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
10 |
14,097 |
05-19-2018, 09:15 AM |
| |
|
Thread: No handshakes when trying to convert to hccapx
Post: RE: No handshakes when trying to convert to hccapx
| Hi kexec.
That is a typical aircrack capture. You captured 125954 packets (3.949.735 Bytes) for only one unauthorized handshake (tons of useless frames inside).
$ hcxpcaptool -o test.hccapx -E wordl... |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
10 |
14,097 |
05-22-2018, 09:45 AM |
| |
|
Thread: No handshakes when trying to convert to hccapx
Post: RE: No handshakes when trying to convert to hccapx
| Hi kexec.
I see that you successfully converted it to hccapx using hcxpcaptool, so it is a bug in hashcat's cap2hccapx?
hcxpcaptool is completely different to other tools, so it will convert your... |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
10 |
14,097 |
05-23-2018, 08:14 PM |
