|
Search Results
|
| Post |
Author |
Forum |
Replies |
Views
[asc]
|
Posted |
| |
|
Thread: WPA2 Half-Handshake
Post: RE: WPA2 Half-Handshake
| Short answer to your question:
Yes, it is possible with latest hashcat!
Long statement:
But you don't need that tool!
Using only M1 and M2 is not a new idea.
You can use every combination o... |
|
ZerBea |
hashcat
|
8 |
11,186 |
08-01-2017, 05:09 PM |
| |
|
Thread: WPA2 Half-Handshake
Post: RE: WPA2 Half-Handshake
| And please keep in mind:
hcxtools and hashcat are "area weapons" against wifi!
hashcat (v3.6.0-279-g6946329b) starting...
Session..........: hashcat
Status...........: Running
Hash.Type......... |
|
ZerBea |
hashcat
|
8 |
11,186 |
08-01-2017, 07:11 PM |
| |
|
Thread: WPA2 Half-Handshake
Post: RE: WPA2 Half-Handshake
| Well, answering every probe request, makes it possible that a client will try to connect to us. In that case, we are the access point (ap) which the client expected to see. This is an attempt to get t... |
|
ZerBea |
hashcat
|
8 |
11,186 |
08-01-2017, 11:23 PM |
| |
|
Thread: WPA2 Half-Handshake
Post: RE: WPA2 Half-Handshake
|
ThiagoAlvarenga Wrote: (08-02-2017, 04:48 AM)
--
This is my first post, if I'm posting from the wrong place, to the administrators, move to the correct location and accept my apologies.
My native ... |
|
ZerBea |
hashcat
|
8 |
11,186 |
08-02-2017, 07:10 AM |
| |
|
Thread: WPA2 Half-Handshake
Post: RE: WPA2 Half-Handshake
|
braxxox Wrote: (08-02-2017, 03:22 AM)
--
The -b option (beaconing on the last 10 probes) will seduce clients which do not send probes, yet, to probe us and then to connect us.
I'm having a bit ... |
|
ZerBea |
hashcat
|
8 |
11,186 |
08-02-2017, 06:54 AM |
| |
|
Thread: hccapx Problem
Post: RE: hccapx Problem
| cap2hccapx is working fine.
As far as I know, handshaker is a script that starts
several different tools to capture a handshake.
The result is a cleaned cap, containing only a beacon (or proberespo... |
|
ZerBea |
hashcat
|
7 |
10,026 |
06-24-2017, 07:20 AM |
| |
|
Thread: hccapx Problem
Post: RE: hccapx Problem
| You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result). |
|
ZerBea |
hashcat
|
7 |
10,026 |
06-24-2017, 08:44 PM |
| |
|
Thread: hccapx Problem
Post: RE: hccapx Problem
| No problem:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
... |
|
ZerBea |
hashcat
|
7 |
10,026 |
06-26-2017, 09:21 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| How do you know, how complex my both PSKs are!
and you didn't answer my first question:
How did you measure it?
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 04:25 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| How did you measure it?
My results:
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit08
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat ... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 03:53 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| 1. Calculating of PMKID is faster
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
2. You run hashcat with default nonce-error-corrections on WPA-EAPOL-PBKDF2, so every md5 (WPA1) or sha ... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 04:51 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| As Atom said, PBKDF2 will cost us much time!
Now we drop PBKDF2:
$ time hashcat -m 2501 test.hccapx --nonce-error-corrections=0 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...
Se... |
|
ZerBea |
hashcat
|
14 |
9,429 |
04-05-2019, 05:08 PM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| @kryplasemv
every client will receive its own (calculated) PMKID from the access point because the MAC addresses are part of the calculation
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)... |
|
ZerBea |
hashcat
|
14 |
9,429 |
06-17-2019, 07:36 AM |
| |
|
Thread: 4-Way Handshake vs PMKID
Post: RE: 4-Way Handshake vs PMKID
| @Mem5
The construction (PBKDF2 calculation) of the plainmasterkey (PMK) is for both hash modes (2500 and 16800) the same and take long period of CPU/GPU time. This first part is a really slow part.
... |
|
ZerBea |
hashcat
|
14 |
9,429 |
06-17-2019, 07:56 AM |
| |
|
Thread: WPA2 crackstation
Post: RE: WPA2 crackstation
| I'm running this:
amd ryzen 1700
msi x370 krait
msi gtx 1080 ti aero oc
16 gb g.skill ripjaws v ddr4-3200
Samsung SSD PM961 NVMe 128GB M.2 (arch system)
500 gb samsung evo 850 (data)
bequiet ... |
|
ZerBea |
Hardware
|
6 |
8,594 |
08-01-2017, 01:16 PM |
| |
|
Thread: WPA2 crackstation
Post: RE: WPA2 crackstation
| $ hashcat -m 2500 --benchmark
hashcat (v3.6.0-305-g1b835c8f) starting in benchmark mode...
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 10... |
|
ZerBea |
Hardware
|
6 |
8,594 |
08-04-2017, 08:37 AM |
| |
|
Thread: Automatic Handshake Extraction/Separation and hccapx Generation Tool
Post: RE: Automatic Handshake Extraction/Separation and ...
| Hi JohnDN90.
That is a nice tool, and a really like that idea. There is also another attempt to do this (https://github.com/hashcat/hashcat-utils/pull/39). I decided to support both with an option to... |
|
ZerBea |
User Contributions
|
3 |
7,514 |
01-17-2018, 12:21 PM |
| |
|
Thread: Automatic Handshake Extraction/Separation and hccapx Generation Tool
Post: RE: Automatic Handshake Extraction/Separation and ...
| Hi JohnDN90.
Pushed an update some minutes ago. Using Option -O will give you raw handshakes (comparable to pyrit: --all-handhakes).
You can use every messagepair to recover the key:
M1M2 (not a... |
|
ZerBea |
User Contributions
|
3 |
7,514 |
01-17-2018, 04:45 PM |
| |
|
Thread: help with android wpa store
Post: RE: help with android wpa store
| Hi ware55.
use hashcat hashmode -m 12000
and read basic information (how-to) here:
https://hashcat.net/forum/thread-6661-post-35846.html#pid35846
In case of an ANDROID hotspot default password... |
|
ZerBea |
hashcat
|
7 |
6,782 |
12-17-2017, 11:28 AM |
| |
|
Thread: help with android wpa store
Post: RE: help with android wpa store
| Hi ware55.
As this depends on your cell phone and your Android Version, it's a question to ask in this forum:
https://forum.xda-developers.com |
|
ZerBea |
hashcat
|
7 |
6,782 |
12-20-2017, 06:26 PM |
