|
Search Results
|
| Post
[desc]
|
Author |
Forum |
Replies |
Views |
Posted |
| |
|
Thread: PMKID Generates Wrong ESSID And Password From Hash
Post: RE: PMKID Generates Wrong ESSID And Password From ...
| No problem, you're welcome. |
|
ZerBea |
hashcat
|
10 |
3,624 |
06-09-2019, 10:29 PM |
| |
|
Thread: PMKID Generates Wrong ESSID And Password From Hash
Post: RE: PMKID Generates Wrong ESSID And Password From ...
| I think, I got a solution for your "problem". By latest hcxtools commit
https://github.com/ZerBea/hcxtools/commit/358264200bb60b1f5196b4a58429e18da0a8fd0a
I added a new option to hcxpcaptool to filt... |
|
ZerBea |
hashcat
|
10 |
3,624 |
06-10-2019, 03:46 PM |
| |
|
Thread: PMKID question
Post: RE: PMKID question
| We can take the PMKID from this frames (PBKDF2 hashcat hashmode 16800):
EAPOL M1 from access point (in this case we need one additional frame to get the ESSID: ASSOCIATIONREQUEST, REASSOCIATIONREQUES... |
|
ZerBea |
hashcat
|
4 |
1,698 |
09-25-2019, 07:50 AM |
| |
|
Thread: PMKID question
Post: RE: PMKID question
| Only superficially - I'm still wrestling with Diffie-Hellman. |
|
ZerBea |
hashcat
|
4 |
1,698 |
09-26-2019, 10:55 AM |
| |
|
Thread: potfile wpa format/derivation
Post: RE: potfile wpa format/derivation
| You can read more about this format (2200x, outfile format and potfile format) and the tools working on it here:
https://hashcat.net/forum/thread-6661-post-47931.html#pid47931 |
|
ZerBea |
hashcat
|
6 |
412 |
09-15-2020, 01:27 PM |
| |
|
Thread: potfile wpa format/derivation
Post: RE: potfile wpa format/derivation
| As mentioned in this thread:
https://hashcat.net/forum/thread-6661-post-47931.html#pid47931
22000 format is no longer binary. All bash tools (cat, sort, awk, cut, ....) are working on it, on the pot... |
|
ZerBea |
hashcat
|
6 |
412 |
09-15-2020, 06:43 PM |
| |
|
Thread: skipping file: (null) (invalid eapol size)
Post: RE: skipping file: (null) (invalid eapol size)
| hcxdumptool and hcxtools are working fine on UBUNTU 18.04 (as used here):
https://www.nomotion.net/blog/cracking-wifi-without-clients-pmkid-method/
and they will be official part in next UBUNTU vers... |
|
ZerBea |
hashcat
|
9 |
3,034 |
08-27-2019, 07:31 PM |
| |
|
Thread: skipping file: (null) (invalid eapol size)
Post: RE: skipping file: (null) (invalid eapol size)
| On the first run, you need some steps to identify a suitable interface, to check driver and to check that packet injection is working. Also you must identify processes that interferes with hcxdumptool... |
|
ZerBea |
hashcat
|
9 |
3,034 |
08-31-2019, 07:48 AM |
| |
|
Thread: skipping file: (null) (invalid eapol size)
Post: RE: skipping file: (null) (invalid eapol size)
| That are good news. Thanks for the feedback.
Now start to capture (over a long time) and collect hcxpcaptool -E -I -U lists and -o -k hashfiles. At regular intervals run your hashes against this lis... |
|
ZerBea |
hashcat
|
9 |
3,034 |
08-31-2019, 11:14 PM |
| |
|
Thread: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 PMK (2501)
Post: RE: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 P...
| You can't compare 2500 to 2501 and 16800 to 16801.
2500 and 16800 are hash modes to get a PSK, while 2501 and 16801 hash modes are used to verify a given(!) PMK.
BTW:
Both modes 250x and 1680x ar... |
|
ZerBea |
hashcat
|
9 |
4,597 |
01-06-2020, 02:34 PM |
| |
|
Thread: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 PMK (2501)
Post: RE: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 P...
| Speed depend on count of hashes inside the hash file and/or nonce-error-correction value. How have you measured the 20%?
I can't reproduce such a big difference running an example hash from here:
... |
|
ZerBea |
hashcat
|
9 |
4,597 |
03-23-2020, 09:36 AM |
| |
|
Thread: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 PMK (2501)
Post: RE: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 P...
| Great, thanks for posting your result. Some words about nonce error corrections (NC):
NC values have a deep impact on hashcat speed. Within hccapx and 22000 hash records the message pair field is use... |
|
ZerBea |
hashcat
|
9 |
4,597 |
03-23-2020, 03:22 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| 1.
faster
you don't need a CLIENT
works if MFP is activated
not susceptible for packet loss
2.
No. hascat is working on the captured hash and the result is the PMK and the PSK.
Yes. Searching... |
|
ZerBea |
hashcat
|
11 |
2,410 |
03-31-2020, 09:00 AM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Correct: reuse PBKDF2
That means that a PMK is calculated only once for an ESSID-PSK combination and compared against all hashes using the same ESSID.
This line will give you information about it:... |
|
ZerBea |
hashcat
|
11 |
2,410 |
04-01-2020, 05:35 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running this combination:
Code:
--
hcxdumptool -> hcxpcapngtool -> hashcat
--
nonce-error-corrections is in automatic mode. Mostly it is set to 0 by automatic on hcxdumptool captured traffic... |
|
ZerBea |
hashcat
|
11 |
2,410 |
04-01-2020, 06:11 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running that combination nc=2 doesn't make sense.
Either use the automatic or run nc=0.
That depend on the quality of your captured traffic and the sensitivity of your device (PLCP errors).
You can... |
|
ZerBea |
hashcat
|
11 |
2,410 |
04-01-2020, 06:50 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| nc is determined by the message_pair (last field in 22000 line):
Code:
--
bitmask for message pair field:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net... |
|
ZerBea |
hashcat
|
11 |
2,410 |
04-01-2020, 08:09 PM |
| |
|
Thread: Worldlist Clean up
Post: RE: Worldlist Clean up
| awk is your friend:
awk 'BEGIN { FS = ":" } ; { print $NF }' potfile
or
cat potfile | awk 'BEGIN { FS = ":" } ; { print $NF }'
should do this job depending on the delimiter (":", " ", ....)
... |
|
ZerBea |
General Talk
|
5 |
4,336 |
09-05-2017, 12:14 PM |
| |
|
Thread: WPA/WPA2 batch processing
Post: RE: WPA/WPA2 batch processing
| Working on hashfile.16800 is easy to handle (much easier than working on hccapx files), as it is a txt file.
That means, every bash command is working on that file.
For example: get all ESSIDs with ... |
|
ZerBea |
hashcat
|
8 |
5,345 |
09-27-2018, 10:58 AM |
| |
|
Thread: WPA/WPA2 batch processing
Post: RE: WPA/WPA2 batch processing
| Ok, now I know what you mean with "batch processing". That is aircrack-ng and/or pyrit style.
hashcats provides this feature with hashmode 2501 (for hccapx) and 16801 for (PMKID).
In both cases you ... |
|
ZerBea |
hashcat
|
8 |
5,345 |
09-27-2018, 03:15 PM |
