NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - WPA/WPA2 PMKID attack step-by-step (hashcat mode 16800)


47 Results - Page 2 of 2 -
1 2
Author Message
Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Fri, 31 Aug 2018 @ 00:10:45

PMKID Attack WPA/WPA2 on WiFi Pineapples!
Pineapple NANO + TETRA

WARNING
This attack is EXTREMELY effective on the Pineapples! And is capable of capturing an entire neighborhood of PMKID's in a minute or less, no clients needed!
ONLY use hcxdumptool on networks you have permission to.

Source: https://forums.hak5.org/topic/44213-pmkid-attack-on-wifi-pineapples/


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
dr-yachir0

Status: n/a
Joined: Wed, 12 Sep 2018
Posts: 3
Team:
Reputation: 0 Reputation
Offline
Wed, 12 Sep 2018 @ 20:12:12

i git this problem


Attachments: Login to view attachments.
Avatar
Reconsniper

Status: Member
Joined: Sun, 05 Aug 2018
Posts: 102
Team:
Reputation: 698 Reputation
Offline
Sat, 15 Sep 2018 @ 11:20:43

It's alot easier to collect PMKID by using wifite in kali-linux. fully automated.
then use hashcat to decrypt.


BTC:1BQRHfzASYYcaJmwEFDGwKE94wX1pWMaVA

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Sat, 15 Sep 2018 @ 11:30:28

dr-yachir0 said:

i git this problem

The last commit fixed this issue.
Update hcxdumptool and hcxtools, please.


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
spashley

Status: n/a
Joined: Wed, 05 Dec 2018
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Wed, 05 Dec 2018 @ 21:18:19

Hi guys,

so I did everything from scratch, including Null Byte's tutorial that I found on Youtube, but I keep getting the same error message over and over again no matter what I do :

hcxdumptool -i mon0 -o hcxdump.pcapng --filtermode=2 --filterlist=mac.txt --enable_status=1
warning: mon0 is probably a monitor interface

start capturing (stop with ctrl+c)
INTERFACE:...............: mon0
FILTERLIST...............: 1 entries
MAC CLIENT...............: fcc233e14c62
MAC ACCESS POINT.........: b4e1ebb04d49 (incremented on every new client)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 63970
ANONCE...................: da555ac0973ac9c8635fe06dbaa17ff39d7a668afd74989fc1b3f04e7b3e32d5

failed to set channel

terminated...

- In my case, I'm using mon0, as my interface is not wlan0 or wlan1, it's wlp6s0, however the monitor mode seems to be working in mon0 instead.
Could you tell me where I'm getting things wrong? Is it in the monitoring mode, or something else?

P.S. : I've tried not killing the Network Manager and killing it, that didn't make any difference as well.


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Wed, 05 Dec 2018 @ 22:00:41

Stop all services running on your device, which prevent that hcxdumptool is able to change the channel.
Commands:

"systemctl stop wpa_supplicant.service"
"systemctl stop network-manager.service"

"ip link set wlp6s0 down"
"iw dev wlp6s0 set type monitor"
"ip link set wlp6s0 up"

Check monitor mode:
"iw dev"

than run hcxdumptool.

Edited:
iw/ip functionality added to hcxdumptool.
now hcxdumptool will set monitor mode and bring up interface!
previous interface settings will be restored, when hcxdumptool terminated

So you need stop at least these 2 services: wpa_supplicant.service and network-manager.service than run hcxdumptool.

Note:
I recommend try set monitor mode manually in order to check your wifi card support monitor mode.
If you want to use hcxdumptool to caputure wlan traffic, please note that your WiFi adapter must support this.



BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
spashley

Status: n/a
Joined: Wed, 05 Dec 2018
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Wed, 05 Dec 2018 @ 22:57:05

freeroute said:

Stop all services running on your device, which prevent that hcxdumptool is able to change the channel.
Commands:

"systemctl stop wpa_supplicant.service"
"systemctl stop network-manager.service"

"ip link set wlp6s0 down"
"iw dev wlp6s0 set type monitor"
"ip link set wlp6s0 up"

Check monitor mode:
"iw dev"

than run hcxdumptool.

Edited:
iw/ip functionality added to hcxdumptool.
now hcxdumptool will set monitor mode and bring up interface!
previous interface settings will be restored, when hcxdumptool terminated

So you need stop at least these 2 services: wpa_supplicant.service and network-manager.service than run hcxdumptool.


Note:
I recommend try set monitor mode manually in order to check your wifi card support monitor mode.
If you want to use hcxdumptool to caputure wlan traffic, please note that your WiFi adapter must support this.


Is it strange that when I go for
ip link set wlp6s0 up - I get a not possible due to RF-kill.
For some reason when I stop the wpa and NM, it always throws the RF-kill..

This also leads to any sort of hcxdumptool attempts after.

Monitor mode : I’ve tried setting it up from scratch via ifconfig and airmon-ng


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Wed, 05 Dec 2018 @ 23:16:52

Did you try?

"rfkill unblock all"


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
vtar

Status: Banned
Joined: Wed, 07 Mar 2018
Posts: 284
Team:
Reputation: 126 Reputation
Offline
Thu, 06 Dec 2018 @ 01:31:57

WARNING! User is BANNED and maybe a SCAMMER.

Can captured PMKID automatically using wifite?


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Thu, 06 Dec 2018 @ 09:18:08

Additional guidance.
Today morning I got a message from the developer of the hcxtools/hcxdumptool.
Here it is: https://paste.hashkiller.co.uk/zMk6zvk3EeiA_0CNXEjIzQ

Main problem is that many user add(!) and a monitor interface additionally to an existing interface. That will block and slow down the interface.

Next problem is that some distributions run rfkill as a system service on boot:
https://www.freedesktop.org/software/systemd/man/systemd-rfkill.service.html

By the way: Null Byte's tutorial is not correct. They did not read the README file. (never use virtual interface)



BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
spashley

Status: n/a
Joined: Wed, 05 Dec 2018
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Thu, 06 Dec 2018 @ 17:46:03

freeroute said:

Did you try?

"rfkill unblock all"

Never even thought of using it.. Thanks a lot!
Sorry for my dumb questions but it’s my first time using hcxtools and I’ve learned quite a lot in the last 24h by trying out things.
I’m still unavle however to strip the Pkimd, as I’ve got 2 on a separate *pcapng but when I strip, it only goes for “Reading file”?

Also, I can see that the Pkimd gets found very fast, with me I spend hours waiting and I have to switch channels or don’t use them at all to speed-up..


Avatar
spashley

Status: n/a
Joined: Wed, 05 Dec 2018
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Thu, 06 Dec 2018 @ 19:36:15

<edit: Here is what I'm getting everytime.


Attachments: Login to view attachments.
Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Thu, 06 Dec 2018 @ 20:06:15

Okay.
Need some info. Could you paste it, please?
https://paste.hashkiller.co.uk/S11x5PmSEeiA_0CNXEjIzQ


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
spashley

Status: n/a
Joined: Wed, 05 Dec 2018
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Thu, 06 Dec 2018 @ 20:35:33

freeroute said:

Okay.
Need some info. Could you paste it, please?
https://paste.hashkiller.co.uk/S11x5PmSEeiA_0CNXEjIzQ

Updated.
Hope I got most of this right

- https://paste.hashkiller.co.uk/wWNOyPmWEeiA_0CNXEjIzQ


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Thu, 06 Dec 2018 @ 21:57:49

Your card doesn't support packet injection.

I received this message, I publish it in unchanged form:

"https://board.b-at-s.info/index.php?showtopic=10172
Unfortunately most Intel cards' drivers DO NOT support packet injection. I have the Intel 3160 in my laptop and I can
sadly guarantee that you can't get it to work. I tried everything and researched a lot. Heard you can rebuild different
drivers but no words on that.

Also here:"
https://forum.aircrack-ng.org/index.php?topic=1191.0


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
spashley

Status: n/a
Joined: Wed, 05 Dec 2018
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Sun, 16 Dec 2018 @ 18:19:52

freeroute said:

Your card doesn't support packet injection.

I received this message, I publish it in unchanged form:

"https://board.b-at-s.info/index.php?showtopic=10172
Unfortunately most Intel cards' drivers DO NOT support packet injection. I have the Intel 3160 in my laptop and I can
sadly guarantee that you can't get it to work. I tried everything and researched a lot. Heard you can rebuild different
drivers but no words on that.

Also here:"
https://forum.aircrack-ng.org/index.php?topic=1191.0

Hi, sorry for my late reply on this..
Is it possible to use my other video card which is nVidia GeForce 920M?

Also, I'm new to the forum but I can see that you have some +reps, can I give you a +rep and if I can, from where can I do it?


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Mon, 17 Dec 2018 @ 00:18:15

spashley said:

freeroute said:

Your card doesn't support packet injection.

I received this message, I publish it in unchanged form:

"https://board.b-at-s.info/index.php?showtopic=10172
Unfortunately most Intel cards' drivers DO NOT support packet injection. I have the Intel 3160 in my laptop and I can
sadly guarantee that you can't get it to work. I tried everything and researched a lot. Heard you can rebuild different
drivers but no words on that.

Also here:"
https://forum.aircrack-ng.org/index.php?topic=1191.0

Hi, sorry for my late reply on this..
Is it possible to use my other video card which is nVidia GeForce 920M?

Also, I'm new to the forum but I can see that you have some +reps, can I give you a +rep and if I can, from where can I do it?


https://paste.hashkiller.co.uk/8sSZKQGQEemA_0CNXEjIzQ


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules


47 Results - Page 2 of 2 -
1 2

We have a total of 197543 messages in 24436 topics.
We have a total of 21708 registered users.
Our newest registered member is dhiafd711.