NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - Non Authenticated Handshakes?


6 Results - Page 1 of 1 -
1
Author Message
Avatar
gamma

Status: n/a
Joined: Mon, 27 Aug 2018
Posts: 6
Team:
Reputation: 10 Reputation
Offline
Tue, 28 Aug 2018 @ 04:47:33

Recently I uploaded hccapx file to gpuhash.me and got this message:

Your capture does not contain authenticated handshakes.
It is still workable but always try to catch authenticated handshakes if possible.


Why are authenticated handshakes better?

And how is it possible capture files that do not contain authenticated handshakes still workable?



Avatar
mkerr

Status: Banned
Joined: Sun, 03 Sep 2017
Posts: 377
Team:
Reputation: 317 Reputation
Offline
Tue, 28 Aug 2018 @ 05:46:02

WARNING! User is BANNED and maybe a SCAMMER.

An unauthenticated handshake means that only message 1 and message 2 of a 4-way
handshake has been successfully captured. All the key information comes from the
client only, which could be trying to use an incorrect passphrase. Most times
the client is trying to use the correct passphrase and there is no problem
cracking, but there is always the chance the client passphrase is wrong

If the handshake contains message 3 of the 4-way handshake, this has been created
using key information from the AP, so it must be based on the correct passphrase
and is then considered authenticated and more reliable for cracking

If the AP puts the PMKID in message 1 of the 4-way handshake, this again is created
using key information from the AP and so is very reliable for cracking and only needs
this one message to be captured

None of this will work in WPA3, because an attacker is never able to replicate the
secret key agreement to brute force any part of the interaction


Avatar
gpuhash_me

Status: Trusted
Joined: Sun, 08 Nov 2015
Posts: 843
Team: gpuhash team
Reputation: 1537 Reputation
Offline
Tue, 28 Aug 2018 @ 06:21:00

The worst unauthenticated case is when haxor trying to connect to AP himself with simple passwords like 12345678 while capturing handshakes

If you want to make best quality handshake just open your capture in Wireshark and manually select then export best handshake packets with 3/4 keyframe present (do not forget at least one beacon frame as ESSID carrier)


Head of cheap publicity department
Support, discounts, free offers for HK members
BTC: 1GpuHashTYDRn3S6jbLM4YwmutU5iVCxrf

Avatar
mkerr

Status: Banned
Joined: Sun, 03 Sep 2017
Posts: 377
Team:
Reputation: 317 Reputation
Offline
Tue, 28 Aug 2018 @ 07:46:53

WARNING! User is BANNED and maybe a SCAMMER.

gpuhash_me said:

The worst unauthenticated case is when haxor trying to connect to AP himself with simple passwords like 12345678 while capturing handshakes

You can often detect that kind of stupidity, because the capture just consists
of a stream of M1/M2 handshakes with the M2s ignored by the AP causing the client
to keep timing out and retrying. This can appear in hccapx as multiple unauthenticated
handshakes with the same client MAC

For a capture, even a single isolated M3 to the client MAC can be an indication
that the client knows the passphrase and cracking M1/M2 will be worth trying,
even if that M3 does not have a good timing relationship with any other messages

This kind of isolated M3 may not get included in a hccapx as an authenticated
handshake, so the capture is better for finding these

If the AP is dumb enough to send PMKID in M1 for the PSK, this is always
better than using any handshake message combination, because it doesn't matter
then if the client knows the passphrase or not


Avatar
hyperhash

Status: Banned
Joined: Wed, 18 Jul 2018
Posts: 74
Team:
Reputation: 20 Reputation
Offline
Tue, 28 Aug 2018 @ 09:39:20

WARNING! User is BANNED and maybe a SCAMMER.

mkerr said:


None of this will work in WPA3, because an attacker is never able to replicate the
secret key agreement to brute force any part of the interaction

Progress already being made with WPA3. From Hashcat forum, ZerBea hcxtools can
now parse WPA3 SAE authentications and Atom was investigating WPA3 when finding
PMKID attack


Avatar
mkerr

Status: Banned
Joined: Sun, 03 Sep 2017
Posts: 377
Team:
Reputation: 317 Reputation
Offline
Tue, 28 Aug 2018 @ 10:50:26

WARNING! User is BANNED and maybe a SCAMMER.

hyperhash said:


Progress already being made with WPA3. From Hashcat forum, ZerBea hcxtools can
now parse WPA3 SAE authentications and Atom was investigating WPA3 when finding
PMKID attack

Parsing WPA3 SAE is not going to do you much good, unless you have a method
to attack what you have parsed

Even if Atom found the PMKID hash whilst investigating WPA3, it is not a
weakness in WPA3

WPA3 SAE was specifically designed to be mathematically intractable to attack
That puts breaking it well beyond merely speeding things up with GPUs as was
done with WPA/WPA2

So I see no progress with WPA3 yet, if you mean progress with breaking it



6 Results - Page 1 of 1 -
1

We have a total of 211998 messages in 26000 topics.
We have a total of 23001 registered users.
Our newest registered member is NDecrypt.