|
Search Results
|
| Post
[asc]
|
Author |
Forum |
Replies |
Views |
Posted |
| |
|
Thread: WPA/WPA2 batch processing
Post: RE: WPA/WPA2 batch processing
| Ok, now I know what you mean with "batch processing". That is aircrack-ng and/or pyrit style.
hashcats provides this feature with hashmode 2501 (for hccapx) and 16801 for (PMKID).
In both cases you ... |
|
ZerBea |
hashcat
|
8 |
5,346 |
09-27-2018, 03:15 PM |
| |
|
Thread: WPA/WPA2 batch processing
Post: RE: WPA/WPA2 batch processing
| Great, 99% of your workflow is ok.
A valid PMK file includes only PMKs:
181ad8169bf942af7d05a3cbd4f200f5f958ea8db4b5a768e17c716a30f61ff5
d99893b4593b3abc4c1179bd70c6244072ae4521047d4c449ecf90e8b2... |
|
ZerBea |
hashcat
|
8 |
5,346 |
09-27-2018, 05:21 PM |
| |
|
Thread: Worldlist Clean up
Post: RE: Worldlist Clean up
| awk is your friend:
awk 'BEGIN { FS = ":" } ; { print $NF }' potfile
or
cat potfile | awk 'BEGIN { FS = ":" } ; { print $NF }'
should do this job depending on the delimiter (":", " ", ....)
... |
|
ZerBea |
General Talk
|
5 |
4,336 |
09-05-2017, 12:14 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| 1.
faster
you don't need a CLIENT
works if MFP is activated
not susceptible for packet loss
2.
No. hascat is working on the captured hash and the result is the PMK and the PSK.
Yes. Searching... |
|
ZerBea |
hashcat
|
11 |
2,410 |
03-31-2020, 09:00 AM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Correct: reuse PBKDF2
That means that a PMK is calculated only once for an ESSID-PSK combination and compared against all hashes using the same ESSID.
This line will give you information about it:... |
|
ZerBea |
hashcat
|
11 |
2,410 |
04-01-2020, 05:35 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running this combination:
Code:
--
hcxdumptool -> hcxpcapngtool -> hashcat
--
nonce-error-corrections is in automatic mode. Mostly it is set to 0 by automatic on hcxdumptool captured traffic... |
|
ZerBea |
hashcat
|
11 |
2,410 |
04-01-2020, 06:11 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| Running that combination nc=2 doesn't make sense.
Either use the automatic or run nc=0.
That depend on the quality of your captured traffic and the sensitivity of your device (PLCP errors).
You can... |
|
ZerBea |
hashcat
|
11 |
2,410 |
04-01-2020, 06:50 PM |
| |
|
Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking
Post: RE: Understanding EAPOL 4-Way Handshake and PMKID ...
| nc is determined by the message_pair (last field in 22000 line):
Code:
--
bitmask for message pair field:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net... |
|
ZerBea |
hashcat
|
11 |
2,410 |
04-01-2020, 08:09 PM |
| |
|
Thread: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 PMK (2501)
Post: RE: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 P...
| You can't compare 2500 to 2501 and 16800 to 16801.
2500 and 16800 are hash modes to get a PSK, while 2501 and 16801 hash modes are used to verify a given(!) PMK.
BTW:
Both modes 250x and 1680x ar... |
|
ZerBea |
hashcat
|
9 |
4,597 |
01-06-2020, 02:34 PM |
| |
|
Thread: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 PMK (2501)
Post: RE: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 P...
| Speed depend on count of hashes inside the hash file and/or nonce-error-correction value. How have you measured the 20%?
I can't reproduce such a big difference running an example hash from here:
... |
|
ZerBea |
hashcat
|
9 |
4,597 |
03-23-2020, 09:36 AM |
| |
|
Thread: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 PMK (2501)
Post: RE: Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 P...
| Great, thanks for posting your result. Some words about nonce error corrections (NC):
NC values have a deep impact on hashcat speed. Within hccapx and 22000 hash records the message pair field is use... |
|
ZerBea |
hashcat
|
9 |
4,597 |
03-23-2020, 03:22 PM |
| |
|
Thread: skipping file: (null) (invalid eapol size)
Post: RE: skipping file: (null) (invalid eapol size)
| hcxdumptool and hcxtools are working fine on UBUNTU 18.04 (as used here):
https://www.nomotion.net/blog/cracking-wifi-without-clients-pmkid-method/
and they will be official part in next UBUNTU vers... |
|
ZerBea |
hashcat
|
9 |
3,034 |
08-27-2019, 07:31 PM |
| |
|
Thread: skipping file: (null) (invalid eapol size)
Post: RE: skipping file: (null) (invalid eapol size)
| On the first run, you need some steps to identify a suitable interface, to check driver and to check that packet injection is working. Also you must identify processes that interferes with hcxdumptool... |
|
ZerBea |
hashcat
|
9 |
3,034 |
08-31-2019, 07:48 AM |
| |
|
Thread: skipping file: (null) (invalid eapol size)
Post: RE: skipping file: (null) (invalid eapol size)
| That are good news. Thanks for the feedback.
Now start to capture (over a long time) and collect hcxpcaptool -E -I -U lists and -o -k hashfiles. At regular intervals run your hashes against this lis... |
|
ZerBea |
hashcat
|
9 |
3,034 |
08-31-2019, 11:14 PM |
| |
|
Thread: potfile wpa format/derivation
Post: RE: potfile wpa format/derivation
| You can read more about this format (2200x, outfile format and potfile format) and the tools working on it here:
https://hashcat.net/forum/thread-6661-post-47931.html#pid47931 |
|
ZerBea |
hashcat
|
6 |
412 |
09-15-2020, 01:27 PM |
| |
|
Thread: potfile wpa format/derivation
Post: RE: potfile wpa format/derivation
| As mentioned in this thread:
https://hashcat.net/forum/thread-6661-post-47931.html#pid47931
22000 format is no longer binary. All bash tools (cat, sort, awk, cut, ....) are working on it, on the pot... |
|
ZerBea |
hashcat
|
6 |
412 |
09-15-2020, 06:43 PM |
| |
|
Thread: PMKID question
Post: RE: PMKID question
| We can take the PMKID from this frames (PBKDF2 hashcat hashmode 16800):
EAPOL M1 from access point (in this case we need one additional frame to get the ESSID: ASSOCIATIONREQUEST, REASSOCIATIONREQUES... |
|
ZerBea |
hashcat
|
4 |
1,698 |
09-25-2019, 07:50 AM |
| |
|
Thread: PMKID question
Post: RE: PMKID question
| Only superficially - I'm still wrestling with Diffie-Hellman. |
|
ZerBea |
hashcat
|
4 |
1,698 |
09-26-2019, 10:55 AM |
| |
|
Thread: PMKID Generates Wrong ESSID And Password From Hash
Post: RE: PMKID Generates Wrong ESSID And Password From ...
| This is very difficult to answer, because your question is very imprecise.
A PMKID is transmitted by the access point (ap) or by a client.
There might be something wrong in your work flow. To g... |
|
ZerBea |
hashcat
|
10 |
3,624 |
06-09-2019, 10:49 AM |
| |
|
Thread: PMKID Generates Wrong ESSID And Password From Hash
Post: RE: PMKID Generates Wrong ESSID And Password From ...
| Yes you are quite right there, by default, hcxdumptool attacks everything in range.
You can either set a target (by filter option), or remove not wanted hashes by hand (PMKID hash file) or by wlanhcx... |
|
ZerBea |
hashcat
|
10 |
3,624 |
06-09-2019, 06:51 PM |
