Search Results
|
Post |
Author
[desc]
|
Forum |
Replies |
Views |
Posted |
|
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
1. Calculating of PMKID is faster
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
2. You run hashcat with default nonce-error-corrections on WPA-EAPOL-PBKDF2, so every md5 (WPA1) or sha ... |
|
ZerBea |
hashcat
|
14 |
9,433 |
04-05-2019, 04:51 PM |
|
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
As Atom said, PBKDF2 will cost us much time!
Now we drop PBKDF2:
$ time hashcat -m 2501 test.hccapx --nonce-error-corrections=0 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...
Se... |
|
ZerBea |
hashcat
|
14 |
9,433 |
04-05-2019, 05:08 PM |
|
|
Thread: PBKDF2 and SHA-1 question
Post: RE: PBKDF2 and SHA-1 question
if you include openssl:
#include
#include
#include
PMK is calculated by:
PKCS5_PBKDF2_HMAC((const char*)psk, psklen, (unsigned char*)essid, essidlen, 4096, EVP_sha1(), 32, pmk)
successf... |
|
ZerBea |
hashcat
|
4 |
2,384 |
04-07-2019, 11:18 AM |
|
|
Thread: PBKDF2 and SHA-1 question
Post: RE: PBKDF2 and SHA-1 question
You are right, hashcat is using OpnCl for both functions. The c code example should show that the functions are easy to implement in different coding languages like c, by adding cryptolibs.
There are... |
|
ZerBea |
hashcat
|
4 |
2,384 |
04-09-2019, 08:40 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
You can retrieve a PSK or a PMK only from a weak client. Therefore you must run hcxdumptool over a long time against your penetration target.
We can not distinguish between an ESSID, a damaged ESSID,... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-10-2019, 09:51 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
And this is really important:
Hashmodes 2501 and 16801 are not cracking hashmodes.
The are only usefull to verfify(!) an existing PMK. |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-10-2019, 10:06 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
24h is good, but you should do that on different days and or different month, too.
Let me say a few words about hcx-suite:
The suite is designed as an analysis suite. All attack vectors run on raw... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-10-2019, 11:55 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
We drop a packet if
it doesn't contain a usefull information (deauthentication frames, disassociations frames, ack frames, ...)
if it was transmitted twice or more
if it is damaged (and I mean real... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-14-2019, 01:46 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
I'm not sure if sombody ported hcxdumptool to run using NodeMCU. But there is a similar project here:
https://null-byte.wonderhowto.com/how-to/scan-fake-attack-wi-fi-networks-with-esp8266-based-wifi-... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-14-2019, 04:54 PM |
|
|
Thread: WPA3 Dragonblood Vulnerabilities Disclosure
Post: RE: WPA3 Dragonblood Vulnerabilities Disclosure
Yes, very good and interesting analysis of some WPA3 flaws. Unfortunately the side channel attack requires at least unprivileged access to the victim (dragonblood.pdf: 7.2 Attack Scenario). In other w... |
|
ZerBea |
General Talk
|
5 |
3,493 |
04-17-2019, 08:53 PM |
|
|
Thread: WPA3 Dragonblood Vulnerabilities Disclosure
Post: RE: WPA3 Dragonblood Vulnerabilities Disclosure
Yes, wpa_supplicant and hostapd are amazing open source tools. I really love them both and they are an integral part of my test environment to improve hcxdumptool. |
|
ZerBea |
General Talk
|
5 |
3,493 |
04-20-2019, 10:11 AM |
|
|
Thread: Does the new method work out of the box with Cali?
Post: RE: Does the new method work out of the box with C...
It depend on the WiFi adapter and the driver. If the driver support monitor mode and full packet injection, it will work out of the box, running Linux systems.
Preferred distribution is Arch Linux,... |
|
ZerBea |
hashcat
|
6 |
2,159 |
08-15-2019, 01:28 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
@ ciccio17
In case of a hccapx hash file, use
- wlanhcxinfo to get information about the content.
- wlanhcx2ssid to get desired hash or
- split -b 393 --additional-suffix=.hccapx (393 = size of a... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
04-27-2019, 04:00 PM |
|
|
Thread: Integer overflow detected in keyspace of mask
Post: RE: Integer overflow detected in keyspace of mask
2501 and 16801 hash modes are designed to verify (pre-)calculated PMKs. Latest hashcat use this modes to detect already recovered passwords, by testing the hash against the PMK (take a look at new has... |
|
ZerBea |
General Talk
|
7 |
6,481 |
04-28-2019, 11:37 AM |
|
|
Thread: cap2hccapx - Networks detected: 0
Post: RE: cap2hccapx - Networks detected: 0
@ C-Sky91
Please attach capfile. I would like to take a look inside. |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
7 |
5,289 |
05-02-2019, 05:09 PM |
|
|
Thread: cap2hccapx - Networks detected: 0
Post: RE: cap2hccapx - Networks detected: 0
@ C-Sky91
Thanks for the cap file. Unfortunately the attached cap file is cleaned deadly. It doesn't contain an ESSID.
Only 4 packets inside:
packet 1: EAPOL M1 - replaycount 1
packet 2: EAPOL M4 ... |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
7 |
5,289 |
05-02-2019, 07:16 PM |
|
|
Thread: cap2hccapx - Networks detected: 0
Post: RE: cap2hccapx - Networks detected: 0
The EAPOL messages inside your pcap file are from 2 different EAPOL sequences.
packet 1 and packet 2 from the first EAPOL sequence (with a packet loss of a M2 and a M3)
packet 3 and packet 4 from th... |
|
ZerBea |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
7 |
5,289 |
05-02-2019, 11:39 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
That depends on how many clients are in range.
Here is an example:
https://github.com/ZerBea/hcxtools/issues/92#issuecomment-497603848
Running less than 2h and feeded the result of -E to hashcat ... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-02-2019, 03:41 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
-E, -I and -U collecting data from the WLAN traffic and store them as ASCII text files. The idea is to use this lists as wordlists for hashcat.
For example, if a user confused something when he types... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-02-2019, 04:59 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Great.
It will take a while until you build up your environment / database, but it's worth it. The more clients, the better your lists.
Most of the tools feeding https://wpa-sec.stanev.org/ with dat... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-02-2019, 11:58 PM |