In this writeup, I’ll describe a new technique to crack WPA PSK (Pre-Shared Key) passwords.

In order to make use of this new attack you need the following tools:
hcxdumptool v4.2.0 or higher
hcxtools v4.2.0 or higher
hashcat v4.2.0 or higher

This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. WPA3 will be much harder to attack because of its modern key establishment protocol called “Simultaneous Authentication of Equals” (SAE).

The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame.

At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers).

The main advantages of this attack are as follow:
No more regular users required – because the attacker directly communicates with the AP (aka “client-less” attack)
No more waiting for a complete 4-way handshake between the regular user and the AP
No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
No more eventual invalid passwords sent by the regular user
No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
No more special output format (pcap, hccapx, etc.) – final data will appear as regular hex encoded string

Nguồn: https://codeigniterbrasil.com

Xem thêm bài viết khác: https://codeigniterbrasil.com/lap-trinh-linux/

27 Comments

Diego Hiroshi y sus Videos

May 12, 2020

Muy buena herramienta, con esto dejo de pagar Internet definitivamente. Saludos.

Reply

C C P

May 12, 2020

Not working:
supposed to insert "–filterlist_cliant=filter.txt"

After inserting "./hcxdumptool -o hash -i wlan0mon –filterlist=filter.txt –filtermode=2 enable_status=1"

Receiving error:

./hcxdumptool: option '–filterlist=filter.txt' is ambiguous; possibilities: '–filterlist_ap' '–filterlist_client'

hcxdumptool 6.0.0 (C) 2019 by ZeroBeat

usage: hcxdumptool -h for help.

And even after this fix I get a message:

initialization…

warning: wlan0mon is probably a monitor interface

interface is already in monitor mode.

Reply

Larcio Junior

May 12, 2020

Good job, man!!
Bro, is it Word list required?

Reply

Sofian Houari

May 12, 2020

Does t work for me i need cuda toolkit driver i use Android phone

Reply

Bruno Jose

May 12, 2020

The specified parameter cannot use '-w' as a value – must be a number. Como resolver?

Reply

Edgar Macza-shelstad

May 12, 2020

195 H/s? you'll die before you even crack a 4 digit password lmao

Reply

Ricardo

May 12, 2020

Hola sh4dy ruLL3zZ dame tu correo y te contacto, gracias

Reply

Xavier Hidden

May 12, 2020

You do not explain anything. Your videos are useless.

Reply

Nigan Sell

May 12, 2020

FOUND HANDSHAKE, NO PMKID why..?

Reply

Arman

May 12, 2020

A lot of likes because people just thinks this works, but nobody understood a fuckin shit.

Reply

Amol Gupta

May 12, 2020

After hcxdumptool -o hash -i ………

It gives :
Warning: unable to set channel (1,6,11 etc) (remove this channel from scan list)

Please help

Reply

Carleilton Santos

May 12, 2020

Initialized device kernels and memory … Illegal instruction

Reply

chnyani hack pubg

May 12, 2020

tnx uuuuuuuuuuuuuuuuu

Reply

Xavier Hidden

May 12, 2020

So how does this work? What does it do? Video is a bit vague with no explanation. I would like to follow this but it's not really a tutorial. Your not explaining things.

Reply

mehmet öz

May 12, 2020

Bu yöntem wordliste gerek duymadan şifre kırmayı sağlar mı yani şifrenin ne olduğunu bilmiyorsak !?…..123 yerine !?! mi yazacaz?
2) kaç saat surer?

Reply

pronto solutions

May 12, 2020

still does not work if the password is not in the list

Reply

Fortnite Hacks

May 12, 2020

Eu dou make naquela hora e da erro

Reply

Donald Duck

May 12, 2020

This tool is not useful.
Count how many years it will take to break a twenty-digit password …

Reply

Dominik Bujňák

May 12, 2020

I can not catch pmkid. Will anyone advise me?

Reply

Brahim ben brahim

May 12, 2020

Hi … Thank you for this video … Why add on? |? |? |… 123 and how do I know this since I do not know the password and thank you

Reply

Sofian Houari

May 12, 2020

if does work o will fuck my self ok. Does nt work

Reply

Sofian Houari

May 12, 2020

Why you do not use it in nethunter from Android phone . Or
Its difficult all of you make the easy way

Reply

ROLLI LOLLO

May 12, 2020

Time.Started…..: Wed Nov 21 10:35:48 2018 (16 mins, 15 secs)
Time.Estimated…: Thu Feb 14 04:05:48 2019 (84 days, 17 hours)

Reply

Ben Andrew

May 12, 2020

E: Unable to locate package libssl-dev solve this????

Reply

silinmiş üye

May 12, 2020

halen fluxion 1 numara bu video ise vakit kaybı

Reply

Russell Security Lab

May 12, 2020

I did not understand, in the end you gave the command "- show" to see the password, but did not appear the password '-'

Reply

ArKhuR

May 12, 2020

Entonces es basicamente un ataque de fuerza bruta pero acelerado con GPU. que diferencia tiene con la version windows de hashcat en conjunto con la GUI?

Reply

Leave a Reply