NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - WPA Packet Cracking - TALK TALK -Handshakes


21 Results - Page 1 of 1 -
1
Author Message
Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Sun, 04 Aug 2019 @ 10:09:56

I suspect this .pcapng contains handshakes for TALKTALK amongst others.

I know that I can run:
'hashcat -w 3 -m 2500 -a 3 TalkTalk .cap -1 ABCDEFGHJKMNPQRTUVWXY346789 ?1?1?1?1?1?1?1?1' for an effective crack.


However I do not know how to easily load and convert the .pcapng file?


Could somebody have a crack at at, or offer some advice on how to analyse, clean and convert the fiel?
Finding this a lot of fun and appreciate all the help.


Attachments: Login to view attachments.
Avatar
pasnger57

Status: Member
Joined: Tue, 11 Sep 2018
Posts: 387
Team:
Reputation: 181 Reputation
Offline
Sun, 04 Aug 2019 @ 11:50:03

files run through hcxpcaptool

found handshakeas
SKYE4B1A

BTHub6-9XHP

and a pmkid TALKTALKA9D412
4e51352e714a24918638857e75459986*346b46a9d40f*b025aaafcbca*54414c4b54414c4b413944343132


Attachments: Login to view attachments.
Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Mon, 05 Aug 2019 @ 15:00:00

That is awesome thank you pasnger57. The sky one I managed to crack via other methods. The TALKTALKA9D412 I would really like to have a crack at because I know the length and letters are limited, and I dont have the processing power to attempt BT.

Pretty new to pmkid though, so no idea how to go about this?

Any help or advice would be appreciated.


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Mon, 05 Aug 2019 @ 15:30:39

Think I managed to load it into hashcat and run code with TalkTalk pass parameters. My laptop is a bit of a heap so could take days but should hopefully turn something up. Cheers for the help pasnger57, sendin u some good rep.


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Mon, 05 Aug 2019 @ 15:33:03

Run it on windows using command:
hashcat64.exe -m 16800 test.16800 --kernel-accel=1 -w 4 --force -a 3 ABCDEFGHJKMNPQRTUVWXY346789 ?1?1?1?1?1?1?1?1'


Avatar
pasnger57

Status: Member
Joined: Tue, 11 Sep 2018
Posts: 387
Team:
Reputation: 181 Reputation
Offline
Tue, 06 Aug 2019 @ 03:14:46

learningtowin said:

Run it on windows using command:
hashcat64.exe -m 16800 test.16800 --kernel-accel=1 -w 4 --force -a 3 ABCDEFGHJKMNPQRTUVWXY346789 ?1?1?1?1?1?1?1?1'


hummm not exactly right for that command should look more like this

hashcat64.exe -m 16800 -w 4 -a 3 "path/to/.cap" -1 ABCDEFGHJKMNPQRTUVWXY346789 ?1?1?1?1?1?1?1?1

no much use for to use --force and kernel accel in this case
and as for the work load profile -w 4 will make the pc unresponsive but will pump a few extra Kh/s
depending on your video card i would recommend -w 3


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Tue, 06 Aug 2019 @ 21:51:35

Thanks pasnger57! This is really helpful. Will attempt to modify using your advice.


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Tue, 06 Aug 2019 @ 22:08:37

Saying that im getting around 8000H/s . Suspect it might be issues with the hardware as it wont run without --force command. I have a linux distribution I will try to run it on tomorrow.


Avatar
tuxnet

Status: n/a
Joined: Fri, 02 Aug 2019
Posts: 5
Team:
Reputation: 0 Reputation
Offline
Wed, 07 Aug 2019 @ 00:28:54

learningtowin said:

Saying that im getting around 8000H/s . Suspect it might be issues with the hardware as it wont run without --force command. I have a linux distribution I will try to run it on tomorrow.

You tell us how it went, please and luck.


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Wed, 07 Aug 2019 @ 13:28:01

Will keep you posted. Debating getting new laptop, so doing a bit of research into what works best for this kind of thing. Any advice would be appreciated, thanks.


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Thu, 08 Aug 2019 @ 21:17:17

On Windows I get error:
Intel's OpenCL runtime (GPU only) is currently broken.
We are waiting for updated OpenCL drivers from Intel.


On Linux:
Not a native Intel OpenCL runtime. Expect massive speed loss.


Going to try and resuscitate some old hardware I have lying around and see if I have any luck with that.


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Fri, 09 Aug 2019 @ 14:41:07

Old hardware's having similar issues. Dont seem to have the same problem when using a dictionary attack though. Does anyone know if there would be a way to generate a list of all the TalkTalk password variations as a .txt?


Avatar
Redpreast

Status: n/a
Joined: Wed, 01 May 2019
Posts: 5
Team:
Reputation: 6 Reputation
Offline
Fri, 09 Aug 2019 @ 16:11:00

you can use hashcat mask processor to generate word list for you but instead of storing it on the disk pipe it to hashcat like
./mp64.exe -1 346789ABCDEFGHJKMNPQRTUVWXY ?1?1?1?1?1?1?1?1 | hashcat64.exe -m 16800 test.16800

You can also use these flags to further optimise the attack
-q, --seq-max=NUM Maximum number of multiple sequential characters
-r, --occurrence-max=NUM Maximum number of occurrence of a character


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Fri, 09 Aug 2019 @ 21:34:37

Hey Redpreast, sent some rep ur way. Thats some pretty cool advice, especially on the filtering. Messing around with it now, unfortunately seems my hardware is still not up to scratch to give any kind of reasonable time. Makes a hella lotta sense though as I dont think I've ever seen a talk talk pass with repeat of same characters more than twice in a row, or thrice overall.

Learning a lot on here, pretty freakin cool guys!

Also had a though last night. The name PM-KID makes me think of Boris Johnson lol. Losing sleep over this shit, gonna put out bounty on it soon I think. Appreciating the chat though. I only delve into this stuff a couple times per year, and every year its something new/different. Makes for a fair amount of fun, and the community on here is great.


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Fri, 09 Aug 2019 @ 22:04:43

mp64.exe -1 346789ABCDEFGHJKMNPQRTUVWXY ?1?1?1?1?1?1?1?1 -q 2 -r 3 | hashcat64.exe -m 16800 test.16800

Still returning error message:
Intel's OpenCL runtime (GPU only) is currently broken.
We are waiting for updated OpenCL drivers from Intel.
You can use --force to override, but do not report related errors.
No devices found/left.

When I run with --force it works, but only managing 6000 h/s. However it is generating far more plausible password combinations.


Avatar
pasnger57

Status: Member
Joined: Tue, 11 Sep 2018
Posts: 387
Team:
Reputation: 181 Reputation
Offline
Sat, 10 Aug 2019 @ 22:29:33

i Could be Wrong on this but i just don't think Piping works In Windows so using a executable ./mp64.exe is got me for a loop or are you crossbreeding our windows and UNIX ?


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Sun, 11 Aug 2019 @ 10:17:12

Apart from my hardware being crappy/missing runtimes, it did seem to work. I just dropped all the files for piping into the hashcat folder alongside the file needing cracked and run the command in my previous post from that directory. It did not give me an estimated overall time as it seemed to be running through different variations one at a time but it was trying passwords that seemed a lot more likely than wen I just run it standard.


Avatar
Mockedarche

Status: Member
Joined: Fri, 19 Oct 2018
Posts: 121
Team:
Reputation: 193 Reputation
Offline
Sun, 11 Aug 2019 @ 10:46:52

learningtowin said:

Apart from my hardware being crappy/missing runtimes, it did seem to work. I just dropped all the files for piping into the hashcat folder alongside the file needing cracked and run the command in my previous post from that directory. It did not give me an estimated overall time as it seemed to be running through different variations one at a time but it was trying passwords that seemed a lot more likely than wen I just run it standard.


Do you have any idea what the password would be? I am attempting to crack via the link pasnger57 posted. I am assuming that hccapx is the correct one.


If I helped rep

Avatar
pasnger57

Status: Member
Joined: Tue, 11 Sep 2018
Posts: 387
Team:
Reputation: 181 Reputation
Offline
Sun, 11 Aug 2019 @ 11:35:33

ya i see my post and ill note that i used hash mode -m 16800 witch is for PMKID and not for a .hccapx witch would be -m 2500
but aside from that witch is the reduced key space for the type of router and you should be attempting to crack this whit 4 GTX 1060 or better (maybe as little as 4 980s) to get a cracking speed that can do it in a day or so


Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Sun, 11 Aug 2019 @ 13:42:29

Mockedarche said:

learningtowin said:

Apart from my hardware being crappy/missing runtimes, it did seem to work. I just dropped all the files for piping into the hashcat folder alongside the file needing cracked and run the command in my previous post from that directory. It did not give me an estimated overall time as it seemed to be running through different variations one at a time but it was trying passwords that seemed a lot more likely than wen I just run it standard.


Do you have any idea what the password would be? I am attempting to crack via the link pasnger57 posted. I am assuming that hccapx is the correct one.

Yeh the file is .16800 (see attached) I know that it will be an 8 character password consisting of ABCDEFGHJKMNPQRTUVWXY346789. I suspect its unlikely there will be more than 2-3 sequential characters and 3-4 max occurrences.


Attachments: Login to view attachments.
Avatar
learningtowin

Status: n/a
Joined: Sun, 29 Jul 2018
Posts: 42
Team:
Reputation: 0 Reputation
Offline
Sun, 11 Aug 2019 @ 20:20:30

P.s. good luck @Mockedarche. You're a better cracker than I am if u get anywhere with this. That being said I've learned a Hella lot on here n it's inspired me to look at getting new hardware too. Thank you to everyone who's commented. Much love



21 Results - Page 1 of 1 -
1

We have a total of 201307 messages in 24812 topics.
We have a total of 22100 registered users.
Our newest registered member is shee303.