In this writeup, I’ll describe a new technique to crack WPA PSK (Pre-Shared Key) passwords.
In order to make use of this new attack you need the following tools:
hcxdumptool v4.2.0 or higher
hcxtools v4.2.0 or higher
hashcat v4.2.0 or higher
This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. WPA3 will be much harder to attack because of its modern key establishment protocol called “Simultaneous Authentication of Equals” (SAE).
The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame.
At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers).
The main advantages of this attack are as follow:
No more regular users required – because the attacker directly communicates with the AP (aka “client-less” attack)
No more waiting for a complete 4-way handshake between the regular user and the AP
No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
No more eventual invalid passwords sent by the regular user
No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
No more special output format (pcap, hccapx, etc.) – final data will appear as regular hex encoded string
Nguồn: https://ftlinuxcourse.com
Xem thêm bài viết khác: https://ftlinuxcourse.com/khoa-hoc
Xem thêm Bài Viết:
- Trải nghiệm mới hay ho với hướng dẫn cài Mac Os trên vmware
- Bật mí cách cài đặt ssl miễn phí lên Let’s Encrypt
- Tuyệt chiêu tạo usb boot kali linux đơn giản dành cho bạn
- Hướng dẫn chi tiết từ A – Z các bước cài đặt Python trên Windows 10
- Bật mí quy trình cài đặt Kali Linux trên Vmware đúng chuẩn và chi tiết
Not working:
supposed to insert "–filterlist_cliant=filter.txt"
After inserting "./hcxdumptool -o hash -i wlan0mon –filterlist=filter.txt –filtermode=2 enable_status=1"
Receiving error:
./hcxdumptool: option '–filterlist=filter.txt' is ambiguous; possibilities: '–filterlist_ap' '–filterlist_client'
hcxdumptool 6.0.0 (C) 2019 by ZeroBeat
usage: hcxdumptool -h for help.
And even after this fix I get a message:
initialization…
warning: wlan0mon is probably a monitor interface
interface is already in monitor mode.
Good job, man!!
Bro, is it Word list required?
Does t work for me i need cuda toolkit driver i use Android phone
The specified parameter cannot use '-w' as a value – must be a number. Como resolver?
195 H/s? you'll die before you even crack a 4 digit password lmao
Hola sh4dy ruLL3zZ dame tu correo y te contacto, gracias
You do not explain anything. Your videos are useless.
FOUND HANDSHAKE, NO PMKID why..?
A lot of likes because people just thinks this works, but nobody understood a fuckin shit.
After hcxdumptool -o hash -i ………
It gives :
Warning: unable to set channel (1,6,11 etc) (remove this channel from scan list)
Please help
Initialized device kernels and memory … Illegal instruction
tnx uuuuuuuuuuuuuuuuu
So how does this work? What does it do? Video is a bit vague with no explanation. I would like to follow this but it's not really a tutorial. Your not explaining things.
Bu yöntem wordliste gerek duymadan şifre kırmayı sağlar mı yani şifrenin ne olduğunu bilmiyorsak !?…..123 yerine !?! mi yazacaz?
2) kaç saat surer?
still does not work if the password is not in the list
Eu dou make naquela hora e da erro
This tool is not useful.
Count how many years it will take to break a twenty-digit password …
I can not catch pmkid. Will anyone advise me?
Hi … Thank you for this video … Why add on? |? |? |… 123 and how do I know this since I do not know the password and thank you
if does work o will fuck my self ok. Does nt work
Why you do not use it in nethunter from Android phone . Or
Its difficult all of you make the easy way
Time.Started…..: Wed Nov 21 10:35:48 2018 (16 mins, 15 secs)
Time.Estimated…: Thu Feb 14 04:05:48 2019 (84 days, 17 hours)
E: Unable to locate package libssl-dev solve this????
halen fluxion 1 numara bu video ise vakit kaybı
I did not understand, in the end you gave the command "- show" to see the password, but did not appear the password '-'
Entonces es basicamente un ataque de fuerza bruta pero acelerado con GPU. que diferencia tiene con la version windows de hashcat en conjunto con la GUI?
I've create the filter.txt and run it as your command but it keeps random scan trough many APs with 30 minutes waste of time. What's the problem?
will hashcat work without GPU (only i5) in Kali vm inside VMware Workstation?
[00:04:17 – 001] 002592460d94 -> b0acd265a503 [EAPOL 4/4 – M4 RETRY ATTACK]
[00:04:26 – 002] 002592460d94 -> b0acd265a503 [EAPOL 4/4 – M4 RETRY ATTACK]
[00:04:26 – 002] 002592460d94 -> b0acd265a503 [EAPOL 4/4 – M4 RETRY ATTACK]
[00:04:36 – 001] b0acd265a503 -> 002592460d94 [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 3941]
[00:05:47 – 004] b0acd265a503 -> 544e90cd0901 [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 2783]
Estoy seguro que no me va a aparecer la contraseña ,actualmente el ataque está en prueba y error con un diccionario que no creo que contenga la pass
anyone found the PMKID hash type in the Windows GUI ?
hello
I have this message
floating points exception??
thks
Hello, why do you use 123 in '?l?l?l?l?l123' ? Thank you
rafaz o video dessa vez voce narrado contando com detalhes
Muchas, muchas, gracias. Nuevo suscriptor.
how can i dl the tools and where?
wtf my wlan is off how is enable?
great video bro, i have to try this on my neighbour wifi u got my sub.
ممكن شرح اسهل
que tipo de antena me recomiendan para auditoria de redes qhe me permita inyeccion de paquetes ..
Thanks u bro. ✌
When github link?
فنان ما شاء الله عليكم .. موفق
I get [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 23489] instead of [FOUND PMKID CLIENT-LESS] ?!!
need the github linki :/
Keep working
Buddy plz reply asap
Bro instead of found PMKID i am getting FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 2620