NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - AP-less attack with hcxtools


45 Results - Page 2 of 2 -
1 2
Author Message
Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
Sat, 29 Sep 2018 @ 14:00:26

meso said:

This is great, so we can use AP-less attack to get handshake by
using different BSSID to one from true AP?

Yes. This is correct.

Great thread in this topic:
https://hashcat.net/forum/thread-6661-page-6.html
https://hashcat.net/forum/thread-6745-post-36007.html#pid36007


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
meso

Status: Banned
Joined: Wed, 19 Sep 2018
Posts: 25
Team:
Reputation: 0 Reputation
Offline
Sat, 29 Sep 2018 @ 14:08:50

WARNING! User is BANNED and maybe a SCAMMER.

freeroute said:

meso said:

This is great, so we can use AP-less attack to get handshake by
using different BSSID to one from true AP?

Yes. This is correct.

cool!
this will help those who want to test on gpuhash and then post here for free
with different BSSID that cannot be checked


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
Sat, 29 Sep 2018 @ 14:13:17

I don't think so.
Ask @gpuhash_me...


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
payknight

Status: Cracker
Joined: Wed, 13 Apr 2016
Posts: 498
Team: just4fun
Reputation: 349 Reputation
Offline
Sat, 29 Sep 2018 @ 14:21:51

freeroute said:

I don't think so.
Ask @gpuhash_me...

when using -O does pkmid will convert to hccapx ?

cuz -o will output only hccapx formart, and -z will output only pkmid hash.


+rep if i helped
BTC : 1PAyKniGHt7yyCb8HdsziTHBEFX6zkGSHz

Avatar
meso

Status: Banned
Joined: Wed, 19 Sep 2018
Posts: 25
Team:
Reputation: 0 Reputation
Offline
Sat, 29 Sep 2018 @ 14:33:39

WARNING! User is BANNED and maybe a SCAMMER.

freeroute said:

I don't think so.
Ask @gpuhash_me...

their database is key with BSSID and AP-less allow use any BSSID


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
Sat, 29 Sep 2018 @ 14:49:32

payknight said:

freeroute said:

I don't think so.
Ask @gpuhash_me...

when using -O does pkmid will convert to hccapx ?

cuz -o will output only hccapx formart, and -z will output only pkmid hash.

It is not possible to convert a PMKID back to a hccapx.

-O is an option to do analysis. It calculates all(!) message_pairs. 99% of this hashes will lead to uncrackable results.
Developers/coders use this mode to find issues in the detection of the handshakes!

-O is not a mode for a normal user.Do not use this mode, if you are not an analyst or a coder!

Use "-o" option.


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
Sat, 29 Sep 2018 @ 17:54:54

@meso

I received an answer from @gpuhash_me for your question:

"The BSSID is not the only key in the database, we could check also PMKID hash or handshake MIC fields (which is inconvenient but possible), but if average user is smart enough to perform AP-less attack, change the BSSID, upload the handshake to gpuhash.me then ask for free password (with different BSSID) on the forum ....
The main purpose of the rule is to prevent script kiddies from vasting our GPU resources then ask for free passwords..."


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
meso

Status: Banned
Joined: Wed, 19 Sep 2018
Posts: 25
Team:
Reputation: 0 Reputation
Offline
Sat, 29 Sep 2018 @ 18:07:10

WARNING! User is BANNED and maybe a SCAMMER.

freeroute said:

@meso

I received an answer from @gpuhash_me for your question:

"The BSSID is not the only key in the database, we could check also PMKID hash or handshake MIC fields (which is inconvenient but possible), but if average user is smart enough to perform AP-less attack, change the BSSID, upload the handshake to gpuhash.me then ask for free password (with different BSSID) on the forum ....
The main purpose of the rule is to prevent script kiddies from vasting our GPU resources then ask for free passwords..."

all proposed checks are trivial to bypass so not worth bothering with
each handshake has different MIC due to random nonces so bypass with two different handshakes
PMKID depends on BSSID so is no better to check than BSSID
agree u will be safe while forum is full of script kiddies


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
Wed, 31 Oct 2018 @ 08:02:56

UPDATE hcxtools are in sync with hashcat --30.10.2018
==========
hcxtools moved to version 5.0.0
hcxpsktool: added NETGEARxx list
--netgear : include NETGEAR candidates


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
Wed, 07 Nov 2018 @ 10:32:50

UPDATE -- 07.10.2018
==========

hcxdumptool - added new option filter mode 3:
--filterlist=file                : mac filter list
                                     format: 112233445566 + comment
                                     maximum line lenght 255, maximum entries 64
--filtermode=digit          : mode for filter list
                                     1: use filter list as protection list (default) in transmission branch
                                        receive everything, interact with all APs and CLIENTs in range,
                                        except(!) the ones from the filter list
                                     2: use filter list as target list in transmission branch
                                        receive everything, only interact with APs and CLIENTs in range,
                                        from the filter list
                                     3: use filter list as target list in receiving branch
                                        only receive APs and CLIENTs in range,
                                        from the filter list


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
pasnger57

Status: n/a
Joined: Tue, 11 Sep 2018
Posts: 84
Team:
Reputation: 64 Reputation
Offline
Mon, 12 Nov 2018 @ 17:31:38

my bad i wrong page


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
Mon, 26 Nov 2018 @ 11:02:44

26.11.2018 -- hcxtools and hcxdumptool update
==========
several big endian fixes
switched to version 5.0.1


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
Thu, 29 Nov 2018 @ 10:57:39

27.11.2018 -- hcxdumptool update
==========
added new option:
--poweroff : once hcxdumptool finished, power off system


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
Tue, 04 Dec 2018 @ 12:39:02

Added a new option -C to hcxdumptool:

usage:
sudo hcxdumptool -i interface -C

Now hcxdumptool tries to set all wlan channels and reports
success:

$ sudo hcxdumptool -I
wlan interfaces:
7cdd908c166a wlp39s0f3u4u4 (rt2800usb)

$ sudo hcxdumptool -i wlp39s0f3u4u4 -C
available channels:
1,2,3,4,5,6,7,8,9,10,11,12,13,14


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2302
Team:
Reputation: 7782 Reputation
Online
7 days ago

Due to this post, there is an update (hcxdumptool).
Now we have additional informations in the help menu:

-C : show available channels and quit if no channels are available, interface is pobably in use or doesn't support monitor mode

--do_rcascan : show radio channel assignment (scan for target access points) this can be used to test if packet injection is working if no access point responds, packet injection is probably not working


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp


45 Results - Page 2 of 2 -
1 2

We have a total of 162986 messages in 20471 topics.
We have a total of 19226 registered users.
Our newest registered member is bi4picik.