Search Results
|
Post |
Author
[asc]
|
Forum |
Replies |
Views |
Posted |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Correct. Running hcxdumptool without disable arguments and/or setting a filterlist is the most aggressive mode.
hcxdumptool will run deauthentications against established connections and disassociati... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-17-2018, 05:46 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
hcxtools are part of Arch Linux distribution.
https://www.archlinux.org/packages/?q=hcx
the same also applies for hashcat and hashcat-utils
https://www.archlinux.org/packages/?q=hashcat
and NV... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
08-18-2018, 10:44 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
added rcascan (radio assignement scan):
$ hcxdumptool -h
--do_rcascan: show radio channel assignment (scan for target access points)
xxxxxxxxxxxx [CHANNEL 1]
xxxxxxxxxxxx [CHANNEL 7]
xxxxxxxx... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-19-2018, 01:14 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Hi stinky.
No, that is business as usual: WPA-EAPOL-PBKDF2. If we got only M4 of the handshake, we simply ask for the other key messages to retrieve an authorized handshake. That's all - just another... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-19-2018, 03:58 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Usually we use panel antennas like this ones:
https://www.logilink.com/Products_LogiLink/Active_Network_Components/Wireless_LAN_Antennas/Wireless_LAN_Antenna_Yagi-directional_14_dBi-Outdoor.htm
https... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-19-2018, 06:21 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Another driver, tested with hcxdumptool (again Realtek):
https://github.com/kimocoder/rtl8812au/
[35053.423872] usb 5-4.5: Product: Edimax AC600 USB
[35053.423874] usb 5-4.5: Manufacturer: Realte... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-20-2018, 06:54 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
You're running an old version. Please pull latest git commit.
Filter lists are only used in the transmission branch. Using a filter list means, that we run active attacks against the entries (filterm... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-21-2018, 10:22 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Hi faberC.
Shall we take the hashline and a wordlist as input to calculate and/or verify the PMK (CPU based only, for quick tests - Well, I promised Atom never to code a GPU cracker - and he promised... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
08-21-2018, 07:36 PM |
|
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
Hi soxrok2212.
Did a quick binwalk, unsquashfs and radare2 on some files and noticed that the values are retrieved from the board:
ls /sys/module/board/parameters/*.*
or by debugsys --info
squas... |
|
ZerBea |
User Contributions
|
182 |
305,386 |
08-24-2018, 01:33 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Pushed a small update hcxdumptool. From now on we parse SAE completely:
[10:10:20 - 005] c83a35000002 -> c83a35000001 [AUTHENTICATION, SAE COMMIT, STATUS 0, SEQUENCE 304]
[10:10:20 - 005] c83a3500... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-26-2018, 10:23 AM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Hi dizcza.
Yes, there is a way. From the README.md:
Notice
Most output files will be appended to existing files (with the exception of .cap files).
You can/should cat all outputs from hcxpcaptool ... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-26-2018, 03:30 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Hi sl0badob
That is correct. An access point is detected to be in our range, if he responds to our request using his ESSID. We are not able to associate to an access point without this information. A... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-26-2018, 03:59 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Hi diegodieguex.
Nice improvement. Now we can retrieve the ESSID (in ASCII) and the VENDOR information from the hashline. |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-26-2018, 05:24 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Hi dizcza.
hcapcaptool -o option will convert pcapng files to hccapx format (not to pcapng) and append the result to an existing hccapx file.
The command you're looking for (merging pcapng files... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-27-2018, 02:23 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Hi sao.
The answer of your question is here:
https://hashcat.net/forum/thread-7717-post-41675.html#pid41675 |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-27-2018, 02:24 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Now, wpa-sec running full PMKID support. The success rate is very good:
https://wpa-sec.stanev.org/?stats |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-27-2018, 06:32 PM |
|
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
Hi ssswanil.
To answer your question, we need some more informations.
1) Do you run latest commit?
If not, please update!
2) Does your driver support full (injection is working!) monitor mode?
... |
|
ZerBea |
User Contributions
|
187 |
1,293,338 |
08-28-2018, 09:04 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Please try this one:
https://github.com/kimocoder/rtl8812au |
|
ZerBea |
User Contributions
|
648 |
487,343 |
08-28-2018, 03:29 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Added iw functionality to hcxdumptool.
From now on hcxdumptool will set monitor mode and restore old interface settings when terminated. You do not need to run iw, ip, iwconfig, ifconfig any longer.
... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
08-30-2018, 10:53 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
It seems that hcxtools/hcxdumptool successfully ported to "Pineapple".
Read more here:
https://forums.hak5.org/topic/44213-pmkid-attack-on-wifi-pineapples/ |
|
ZerBea |
User Contributions
|
648 |
487,343 |
08-31-2018, 12:25 AM |