|
Search Results
|
| Post |
Author |
Forum |
Replies |
Views
[asc]
|
Posted |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Pushed a small update hcxdumptool. From now on we parse SAE completely:
[10:10:20 - 005] c83a35000002 -> c83a35000001 [AUTHENTICATION, SAE COMMIT, STATUS 0, SEQUENCE 304]
[10:10:20 - 005] c83a3500... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
08-26-2018, 10:23 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi sl0badob
That is correct. An access point is detected to be in our range, if he responds to our request using his ESSID. We are not able to associate to an access point without this information. A... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
08-26-2018, 03:59 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi dizcza.
hcapcaptool -o option will convert pcapng files to hccapx format (not to pcapng) and append the result to an existing hccapx file.
The command you're looking for (merging pcapng files... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
08-27-2018, 02:23 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi ssswanil.
To answer your question, we need some more informations.
1) Do you run latest commit?
If not, please update!
2) Does your driver support full (injection is working!) monitor mode?
... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
08-28-2018, 09:04 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi wakawaka
We can control the transmission branch, because we send only a few packets.
But we are not able to control the receiving branch. If we are in range of hundreds of access points and hundr... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
09-02-2018, 09:44 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi slyexe.
Do you you use the latest commit? I did a complete refactoring. The Raspberry PI A+, B+ is able to handle 4096 access points and/or 4096 clients simultaneously in a very fast way.
"This t... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
09-05-2018, 10:13 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi Superninja
wlan0mon is a typical logical interface type, created by airmon-ng for broadcom devices.
Do you use a broadcom interface?
read more here:
"You are using the Broadcom STA (wl) off... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
09-18-2018, 06:37 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi marcou3000.
There can be different reasons:
1) To much power consumption of an USB high gain adapter (for example AWUS036NH connected to an USP port of a Raspberry PI) - in that case reduce power... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
09-22-2018, 10:27 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Read more here:
https://wikidevi.com/wiki/Rtl8xxxu
Supported modes
STA (Station) mode: supported
IBSS (Ad-Hoc) mode: unknown
AP (Master) mode: unknown
Mesh (802.11s) mode: unknown
P2P mode: unk... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
09-23-2018, 11:47 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| From this commit on:
https://github.com/ZerBea/hcxdumptool/commit/6b006e022291562b9706f408e01ba2904297846f
hcxdumptool will set the interface to monitor mode.
That means iw, ip, iwconfig and ifconf... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
09-30-2018, 05:03 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| No need to run rockyou against your hash. This list is included in the dictionaries of: https://wpa-sec.stanev.org/?dicts
You can upload your cap (using wlancap2wpasec or web interface). If the passw... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
10-01-2018, 01:12 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| For sure this attack must fail on a RADIUS server. The authentication is done by the RADIUS authentication server (not by the router). This provides additional security. Various kinds of the Extensibl... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
11-07-2018, 06:42 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| I don't see any chances to crack PKI credentials or GSM/UMTS subsciber modules or certificates (TLS).
That's one of the reasons, why I don't parse them.
TACACS+ was the last authentication algorithm... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
11-07-2018, 07:58 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| No, the PMKID is not encrypted garbage and can be usefull (in some cases).
Running WPA2, the PMKID is calculated by this function:
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
The PM... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
11-08-2018, 06:22 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| All informations are stored in the hashline:
PMKID*MAC_AP*MAC_STA*ESSID
If we use the hashline from this thread: https://hashcat.net/forum/thread-7717-post-42759.html#pid42759
ea5aad4e27b22c46f8837... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
11-11-2018, 02:55 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| If anyone is interested in SAE example (sae4way.pcapng) (https://hashcat.net/forum/attachment.php?aid=619)from here:
https://hashcat.net/forum/thread-7717-post-42759.html#pid42759
This are the SA... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
11-15-2018, 11:15 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| No, the pcapng doesn't contain IP addresses. But it contain MAC addresses of access points and clients and network names.
If you run hcapcaptool you will get four PMKIDs (two networks with one client... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
11-16-2018, 11:42 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| If you mean, that we have two steps, you got it:
step1 = derivation of Plainmasterkey (PMK), for example by PBKFD2
step2 = derivation of Pairwise Transient Key (PTK) to get access to the network (EA... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
11-10-2018, 12:03 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| v2.pcapng doesn't contain PMKIDs or handshakes and it is flawless:
$ hcxpcaptool -o test.hccapx -z test.16800 v2.pcapng
reading from v2.pcapng
summary: ... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
11-17-2018, 12:01 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Ok, fixed that ugly big endian issue when we are doing an option walk through the pcapng options:
https://github.com/ZerBea/hcxtools/commit/4babccca3789efd0a8aa7d70fdff7a8548768110
Thanks for report... |
|
ZerBea |
User Contributions
|
187 |
1,293,061 |
11-17-2018, 12:50 AM |
