|
Search Results
|
| Post
[asc]
|
Author |
Forum |
Replies |
Views |
Posted |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Some statistics:
Session..........: hashcat
Status...........: Quit
Hash.Type........: WPA-PMKID-PBKDF2
Hash.Target......: 16800.txt
Time.Started.....: Wed Aug 8 12:16:43 2018 (10 secs)
Time.... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-08-2018, 12:18 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Limitations:
This attack will not work on dynamic calculated PMKs.
You can identify them in your hash file:
MAC_AP, MAC_STA and ESSID are the same, PMKID changed.
In that case an EAPOL 4/4 handsha... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-08-2018, 12:23 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| And please do not wonder about "802.11q". We added this to the write-up, to see how many people simply copy from one another. So please, forgive us..... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-08-2018, 12:29 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
|
octf Wrote: (08-11-2018, 07:21 AM)
--
My testing area has lots of Netgear and TpLink routers. By using either hcxdumptool or wpa_supplicant, I was unable to capture a single PMKID. So the vulnerabi... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-12-2018, 01:34 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Well, it doesn't make sense to attack dynamically derived PMKs, but it's really funny.
I did a small update on hcxtools.
Download example cap from here:
https://wiki.wireshark.org/SampleCaptures... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-13-2018, 11:25 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| I got many issue reports on git regarding K*A*L*I.
For all K*A*L*I users, which are not penetration testers, please read this nice post here (remove the "*" inside the link):
https://unix.stackexch... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-14-2018, 08:32 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi Kangaroot.
You're running an old version. Latest commit is v 4.2.1:
https://github.com/ZerBea/hcxdumptool/commit/95ef2951c5da7eec9d5469d43fc0851522a2d9d0
several bugfixes and new/changed options |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-14-2018, 11:02 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Well, rolling release principle.... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-15-2018, 10:33 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| This bug was fixed last week! Do you use the latest commit? |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-15-2018, 07:57 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi Kangaroot.
Forgot to answer to this:
Although, --enable-status now accepts only one of four options, not all of them as it used to.
-> No, now we use a bitmask.
- you can run --enable-status=1 ... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-15-2018, 08:00 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Well, it is a new attack vector and a nice playground.
Take a look at the statistics of a typical hcxdumptool pcapng file. I got this one from a tester:
summary:
file name....................:... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-16-2018, 10:05 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| That are some good news.
Well, UBUNTU is recommended by hashcat team and is an easy to use distribution. I share that opinion. Designed for complete novices, UBUNTU teaches a beginner everything he n... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-16-2018, 02:19 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| That's interesting:
You received 4 PMKIDs for a single network (I assume that it isn't an ENTERPRISE network). So there must be 4 clients.
How is the commandline for hcxdumptool?
A hashfile shoul... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-17-2018, 03:40 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| hcxdumptool is able to run different attack vectors. And the client-less (PMKID) attack vector is only one of them:
ap-less:
Only one packet (M2) from a client required. You do not need to hunt fo... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-17-2018, 10:51 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Correct. Running hcxdumptool without disable arguments and/or setting a filterlist is the most aggressive mode.
hcxdumptool will run deauthentications against established connections and disassociati... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-17-2018, 05:46 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| added rcascan (radio assignement scan):
$ hcxdumptool -h
--do_rcascan: show radio channel assignment (scan for target access points)
xxxxxxxxxxxx [CHANNEL 1]
xxxxxxxxxxxx [CHANNEL 7]
xxxxxxxx... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-19-2018, 01:14 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi stinky.
No, that is business as usual: WPA-EAPOL-PBKDF2. If we got only M4 of the handshake, we simply ask for the other key messages to retrieve an authorized handshake. That's all - just another... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-19-2018, 03:58 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Usually we use panel antennas like this ones:
https://www.logilink.com/Products_LogiLink/Active_Network_Components/Wireless_LAN_Antennas/Wireless_LAN_Antenna_Yagi-directional_14_dBi-Outdoor.htm
https... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-19-2018, 06:21 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Another driver, tested with hcxdumptool (again Realtek):
https://github.com/kimocoder/rtl8812au/
[35053.423872] usb 5-4.5: Product: Edimax AC600 USB
[35053.423874] usb 5-4.5: Manufacturer: Realte... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-20-2018, 06:54 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| You're running an old version. Please pull latest git commit.
Filter lists are only used in the transmission branch. Using a filter list means, that we run active attacks against the entries (filterm... |
|
ZerBea |
User Contributions
|
187 |
1,293,136 |
08-21-2018, 10:22 AM |
