-
Notifications
You must be signed in to change notification settings - Fork 904
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement new WPA/WPA2 attack - PMKID #1937
Comments
Please specify the exact new method name, so others wouldn't open duplicate issues. |
Maybe in a first time simply add a new option in aircrack-ng where the user would have to enter manually the two macs and the PMKID (which can be gathered very easly - and fast - with wpa_supplicant) . The only thing that i don't have clear is what is the "PMK name" in the formula: |
BSSID is already an option, so there would only be a need for STA which could be also useful for regular cracking where there are handshakes from different stations. Alternatively, it can be fed the first EAPOL packet that should contain all the information needed. |
PMKID attack has been included in wifite2. |
Could someone post a capture file to be used in unit-testing this new feature? I also request that the correct results of each component of the formula (for the unit-test file) be included, too. Thanks, |
testfile.zip $ hcxpcaptool -z test.16800 test.pcap 1 PMKID(s) written to test.16800 warning......................: zero value timestamps detected BTW: |
This is the second part. It's a simple code example to calculate the PMKID using libcrypto: |
If you decide to implement an active attack vector (aireplay-ng, besside-ng), do not trust in the RSN-IE of the beacon. Instead do a proberequest and clone the RSN-IE from the probersponse for you your association. Write proberesponse, authentication (request/response), associationrequest, associationresponse and M1 to the cap file (besside-ng). That will make life easier for online hash crackers. |
Hello. dump axis BSSID: 28-10-7B-94-BB-29 |
Currently running all local tests. Big thanks for the help with this one! -Joe |
More information may be found at https://hashcat.net/forum/thread-7717.html
Which include a write-up on the matter.
The text was updated successfully, but these errors were encountered: