|
Search Results
|
| Post |
Author |
Forum |
Replies |
Views
[asc]
|
Posted |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA using PMKID
| Thanks for reporting this issue. I fixed it with the last commit.
We tried to use filterlist entries on the first outgoing broadcast packet. Since there are no incomming packets at this moment, we ru... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-05-2018, 10:53 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Limitations:
This attack will not work on dynamic calculated PMKs.
You can identify them in your hash file:
MAC_AP, MAC_STA and ESSID are the same, PMKID changed.
In that case an EAPOL 4/4 handsha... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-08-2018, 12:23 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| And please do not wonder about "802.11q". We added this to the write-up, to see how many people simply copy from one another. So please, forgive us..... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-08-2018, 12:29 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| I got many issue reports on git regarding K*A*L*I.
For all K*A*L*I users, which are not penetration testers, please read this nice post here (remove the "*" inside the link):
https://unix.stackexch... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-14-2018, 08:32 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi Kangaroot.
You're running an old version. Latest commit is v 4.2.1:
https://github.com/ZerBea/hcxdumptool/commit/95ef2951c5da7eec9d5469d43fc0851522a2d9d0
several bugfixes and new/changed options |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-14-2018, 11:02 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Well, rolling release principle.... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-15-2018, 10:33 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| This bug was fixed last week! Do you use the latest commit? |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-15-2018, 07:57 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi Kangaroot.
Forgot to answer to this:
Although, --enable-status now accepts only one of four options, not all of them as it used to.
-> No, now we use a bitmask.
- you can run --enable-status=1 ... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-15-2018, 08:00 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| That's interesting:
You received 4 PMKIDs for a single network (I assume that it isn't an ENTERPRISE network). So there must be 4 clients.
How is the commandline for hcxdumptool?
A hashfile shoul... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-17-2018, 03:40 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Correct. Running hcxdumptool without disable arguments and/or setting a filterlist is the most aggressive mode.
hcxdumptool will run deauthentications against established connections and disassociati... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-17-2018, 05:46 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| added rcascan (radio assignement scan):
$ hcxdumptool -h
--do_rcascan: show radio channel assignment (scan for target access points)
xxxxxxxxxxxx [CHANNEL 1]
xxxxxxxxxxxx [CHANNEL 7]
xxxxxxxx... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-19-2018, 01:14 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi stinky.
No, that is business as usual: WPA-EAPOL-PBKDF2. If we got only M4 of the handshake, we simply ask for the other key messages to retrieve an authorized handshake. That's all - just another... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-19-2018, 03:58 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Usually we use panel antennas like this ones:
https://www.logilink.com/Products_LogiLink/Active_Network_Components/Wireless_LAN_Antennas/Wireless_LAN_Antenna_Yagi-directional_14_dBi-Outdoor.htm
https... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-19-2018, 06:21 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Another driver, tested with hcxdumptool (again Realtek):
https://github.com/kimocoder/rtl8812au/
[35053.423872] usb 5-4.5: Product: Edimax AC600 USB
[35053.423874] usb 5-4.5: Manufacturer: Realte... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-20-2018, 06:54 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi dizcza.
Yes, there is a way. From the README.md:
Notice
Most output files will be appended to existing files (with the exception of .cap files).
You can/should cat all outputs from hcxpcaptool ... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-26-2018, 03:30 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi diegodieguex.
Nice improvement. Now we can retrieve the ESSID (in ASCII) and the VENDOR information from the hashline. |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-26-2018, 05:24 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Hi sao.
The answer of your question is here:
https://hashcat.net/forum/thread-7717-post-41675.html#pid41675 |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-27-2018, 02:24 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| Now, wpa-sec running full PMKID support. The success rate is very good:
https://wpa-sec.stanev.org/?stats |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-27-2018, 06:32 PM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| To answer the question we need more informations:
Which tools do you use for capturing, conversation and cracking?
How is the commandline of the tools?
Which result do yo expect (exactly)?
Which r... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
08-31-2018, 09:59 AM |
| |
|
Thread: New attack on WPA/WPA2 using PMKID
Post: RE: New attack on WPA/WPA2 using PMKID
| $ hcxpcaptool -z hash.16800 -E wordlist -I identitylist -U usernamelist *.pcap
Works on all pcaps, but do not expect good results if
- the pcaps are cleaned
- the pcap are merged and contains ESS... |
|
ZerBea |
User Contributions
|
187 |
1,293,036 |
09-01-2018, 03:31 PM |
