WPA / WPA2 Auditing Service

Discussion in 'Community Services' started by Mr. Penguin, 11 Apr 2013.

  1. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    @Cendol - It's clean, m1,m2 and broadcast message.
    for_Cendol.png
    --- Double Post Merged, 18 Jan 2020, Original Post Date: 18 Jan 2020 ---
    @X-Factor - I ran 8 digits and 05 and 8 digits- no hits
     
    • Like Like x 1
  2. Cendol

    Cendol Well-Known Member

    Joined:
    24 Aug 2019
    Messages:
    39
    Likes Received:
    29
    But I though hashcat doesn't allow cleaned caps?
     
    • Like Like x 1
  3. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    @Cendol - Hashcat sure can run clean caps, its just that when you collect a cap with a program such as commview. It screws with the key timeout calculation. And can't be converted with cap2hccapx .
    It all depends on what tools you use to clean it with, wpaclean is a no,no.
    The best way to clean it is with wireshark. People have to learn how to use the various tools.
     
    #3063 longshanks, 18 Jan 2020
    Last edited: 18 Jan 2020
    • Like Like x 3
    • Ok Ok x 1
  4. twagswag

    twagswag Active Member

    Joined:
    18 Dec 2019
    Messages:
    14
    Likes Received:
    10
    I already tried GPUHash that's why wanted you to try your wordlists on it :sorry:
     
    • Like Like x 1
    • Funny Funny x 1
  5. carnivore1

    carnivore1 Well-Known Member

    Joined:
    22 Jul 2018
    Messages:
    128
    Likes Received:
    125
    Session..........: hashcat
    Status...........: Exhausted
    Hash.Type........: WPA-EAPOL-PBKDF2
    Hash.Target......: fares (AP:80:7d:14:e4:c2:94 STA:fc:87:43:75:fe:82)
    Time.Started.....: Sat Jan 18 08:54:01 2020 (41 mins, 3 secs)
    Time.Estimated...: Sat Jan 18 09:35:04 2020 (0 secs)
    Guess.Mask.......: 2?d?d?d?d?d?d?d?d?d [10]
    Guess.Queue......: 1/1 (100.00%)
    Speed.#1.........: 406.0 kH/s (355.01ms) @ Accel:128 Loops:256 Thr:1024 Vec:1
    Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
    Progress.........: 1000000000/1000000000 (100.00%)
    Rejected.........: 0/1000000000 (0.00%)
    Restore.Point....: 1000000000/1000000000 (100.00%)
    Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
    Candidates.#1....: 2697654838 -> 2764649738
    Hardware.Mon.#1..: Temp: 67c Fan: 43% Util: 97% Core:1771MHz Mem:3802MHz Bus:16

    Not 2 ?d(9)..carnivore1
     
    • Funny Funny x 1
    • Laugh My Ass Off Laugh My Ass Off x 1
  6. Cendol

    Cendol Well-Known Member

    Joined:
    24 Aug 2019
    Messages:
    39
    Likes Received:
    29
    Can try my handshake?

    Thanks
     
    • Funny Funny x 1
  7. twagswag

    twagswag Active Member

    Joined:
    18 Dec 2019
    Messages:
    14
    Likes Received:
    10
    try cracking this guys
     

    Attached Files:

    • Like Like x 1
  8. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    @twagswag - What you should be doing is giving us as much info as possible - NOT JUST - CAN YOU CRACK THIS?

    ESSID..: 7/18
    MAC_AP.: 705a9e65c5e2
    VENDOR.: Technicolor CH USA Inc.
    MAC_STA: 0026b6ece60b
    VENDOR.: ASKEY COMPUTER CORP
    summary capture file:
    ---------------------
    file name........................: 718ko11-01.cap
    file type........................: pcap 2.4
    file hardware information........: unknown
    capture device vendor information: 000000
    file os information..............: unknown
    file application information.....: unknown (no custom options)
    network type.....................: DLT_IEEE802_11 (105)
    endianness.......................: little endian
    read errors......................: flawless
    minimum time stamp...............: 19.01.2020 18:26:25 (GMT)
    maximum time stamp...............: 19.01.2020 18:28:12 (GMT)
    packets inside...................: 29143
    skipped damaged packets..........: 0
    packets with GPS data............: 0
    packets with FCS.................: 0
    beacons (total)..................: 1
    probe requests...................: 4
    probe responses..................: 194
    association requests.............: 5
    association responses............: 4
    authentications (OPEN SYSTEM)....: 8
    authentications (BROADCOM).......: 4
    deauthentications................: 15458
    action packets...................: 9
    EAPOL packets (total)............: 4
    EAPOL packets (WPA2).............: 4
    PMKIDs (not zeroed - total)......: 1
    PMKIDs (WPA2)....................: 1
    PMKIDs from access points........: 1
    best handshakes (total)..........: 1 (ap-less: 0)
    best PMKIDs (total)..............: 1

    summary output file(s):
    -----------------------
    PMKID: 33b9f17d2812c01b8d853c60a5afcbd0*705a9e65c5e2*0026b6ece60b*372f3138

    Technicolor-Router - [0-9A-F] - Len: 10 (default)

    - `?H?H?H?H?H?H?H?H?H?H`
    (GpuHashme failed a basic search) (now that's what you call doing your homework)
    besides its not the cap i'd like to crack :sneaky:
     
    #3068 longshanks, 20 Jan 2020
    Last edited: 20 Jan 2020
    • Like Like x 2
  9. Yuuki_Ame

    Yuuki_Ame Well-Known Member

    Joined:
    23 Nov 2019
    Messages:
    33
    Likes Received:
    30
    I feel the same. It's like they didn't read the 1st page and the rules.
     
    • Agree Agree x 1
  10. twagswag

    twagswag Active Member

    Joined:
    18 Dec 2019
    Messages:
    14
    Likes Received:
    10
    Sorry for the lack of information accompanying my cap file.
    Actually I didn't know how to output the second part which is "summary capture file". I try to use "https://wpa-sec.stanev.org/" and upload the cap file in it because it gives this summary when the file gets uploaded but this time I accidentally skipped that window. Since pmkid is not supported on this site I wasn't able to post any info with my PMKIDs.

    Also about GPUHash, I tried GPUHash after posting the cap here since I was also trying to crack it on my own computer.

    I'll make sure to keep the rest of it in my mind the next time I post something.
     
    • Agree Agree x 1
  11. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    The key my friend, is learning to use various different tools.
    Of course i'm starting to be abit of an old hand at this, but still learning.
    You never stop learning if you stay hungry.
    This website has no problem with pmkid's.
    The pmkid that i retrieved from your cap , i ran it on some wordlists for several hours and had no joy.
    It is most probably the default keyspace.
     
    #3071 longshanks, 20 Jan 2020
    Last edited: 20 Jan 2020
    • Like Like x 1
  12. GRG

    GRG Active Member

    Joined:
    4 Jan 2020
    Messages:
    8
    Likes Received:
    8
    Hi, again...
    I´m ashamed to be here asking for a favor again. I don´t like being a leech and I want to aport too. I'm making money to buy a used GPU,
    meanwhile, help me with this cap, please!
    GPUHashme Failed in Basic
    I tried rockyou
    Movil phones from Colombia
    Old ESSID:
    UCHIHA
    4lpha!

    Thank you!
     

    Attached Files:

    • Like Like x 1
  13. carnivore1

    carnivore1 Well-Known Member

    Joined:
    22 Jul 2018
    Messages:
    128
    Likes Received:
    125
    Session..........: hashcat
    Status...........: Exhausted
    Hash.Type........: WPA-EAPOL-PBKDF2
    Hash.Target......: Įnmåculadºs (AP:d8:d8:66:07:fe:6f STA:e4:46:da:7e:85:0a)
    Time.Started.....: Mon Jan 20 08:25:56 2020 (58 mins, 28 secs)
    Time.Estimated...: Mon Jan 20 09:24:24 2020 (0 secs)
    Guess.Base.......: File (/root/Downloads/36.4GB-18_in_1.lst/18_in_1.lst)
    Guess.Queue......: 1/1 (100.00%)
    Speed.#1.........: 322.3 kH/s (388.44ms) @ Accel:1024 Loops:512 Thr:64 Vec:1
    Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
    Progress.........: 5343785726/5343785726 (100.00%)
    Rejected.........: 4213091825/5343785726 (78.84%)
    Restore.Point....: 5343785726/5343785726 (100.00%)
    Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
    Candidates.#1....: u p p s l a g s -> zzzzzzzzzzzz + tsohx $>erp<
    Hardware.Mon.#1..: Temp: 62c Fan: 37% Util: 50% Core:1847MHz Mem:3802MHz Bus:16
    From prevoius experience, when GPUhashme cant crack network, even in free service, usually we cant either..carnivore1
     
    • Like Like x 2
  14. Cendol

    Cendol Well-Known Member

    Joined:
    24 Aug 2019
    Messages:
    39
    Likes Received:
    29
    If gpuhash.me can crack it, that means you can crack it too?
     
    • Like Like x 1
  15. carnivore1

    carnivore1 Well-Known Member

    Joined:
    22 Jul 2018
    Messages:
    128
    Likes Received:
    125
     
    • Like Like x 3
  16. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    @carnivore1 - Outstanding efforts young man (y)
    You are a trier and dedicated - I love your pursuit of excellence.
    I'm very impressed with the way you have been performing, here and else where.
    You remind me of myself, when i started here, 4 yrs ago.
    You have come along way since i first met you here.
    You and Dawbs make a great team (y)
    Keep up the good work :happy:
    Don't forget to do a Recon, there's a Sniper out there somewhere. :ninja:
     
    #3076 longshanks, 21 Jan 2020
    Last edited: 21 Jan 2020
    • Like Like x 1
  17. GRG

    GRG Active Member

    Joined:
    4 Jan 2020
    Messages:
    8
    Likes Received:
    8
    @carnivore1 - Thank you for response and efforts. I guess was a dificult key only see the special characters on SSIDs.
    PD: Amazing: 58 mins, 28 secs on a Dict 18-in-1, with my CPU takes around 5 days. :hungover:
    Sorry for my english.
    Thanks to everyone!
     
    • Like Like x 1
  18. twagswag

    twagswag Active Member

    Joined:
    18 Dec 2019
    Messages:
    14
    Likes Received:
    10
    ESSID : error loading
    VENDOR : Tendatec tenda technology

    summary capture file
    --------------------
    file name..............................: phpiDpL0F
    version (pcap/cap).....................: 2.4 (very basic format without any additional information)
    timestamp minimum (GMT)................: 19.01.2020 20:28:40
    timestamp maximum (GMT)................: 19.01.2020 21:41:09
    link layer header type.................: DLT_IEEE802_11 (105)
    endianess (capture system).............: little endian
    packets inside.........................: 11255
    BEACON.................................: 1
    PROBEREQUEST (directed)................: 4
    PROBERESONSE...........................: 324
    AUTHENTICATION (OPEN SYSTEM)...........: 13
    ASSOCIATIONREQUEST.....................: 5
    WPA encrypted..........................: 267
    EAPOL messages (total).................: 19
    EAPOL WPA messages.....................: 19
    EAPOLTIME gap (measured maximum usec)..: 12274
    EAPOL M1 messages......................: 10
    EAPOL M2 messages......................: 3
    EAPOL M3 messages......................: 3
    EAPOL M4 messages......................: 3
    EAPOL pairs............................: 9
    EAPOL pairs written to hccapx..........: 1 (RC checked)
    EAPOL M12E2............................: 1​

    I couldn't find a default charset but here's a pic I found on some googling
    Random tenda wpa sticker


    Currently running hashesOrg2019 (5.1gb)
    Tried rockyou(with best64 rule), crackstation(human-only), zomato, hashesOrg(4.15gb), hashesorg2015-2018(8.72gb), but gpuhash was able to crack it. But as @carnivore1 said, if gpuhash can do it, then you can do it too. So i'm trying to crack it. I'd like you guys to try your lists and methods on it too.
     

    Attached Files:

    • Like Like x 1
  19. carnivore1

    carnivore1 Well-Known Member

    Joined:
    22 Jul 2018
    Messages:
    128
    Likes Received:
    125
    Session..........: hashcat
    Status...........: Running
    Hash.Type........: WPA-EAPOL-PBKDF2
    Hash.Target......: error loading (AP:c8:3a:35:cd:6f:30 STA:60:14:b3:15:8a:3a)
    Time.Started.....: Tue Jan 21 07:54:44 2020 (5 secs)
    Time.Estimated...: Fri Feb 21 03:13:20 2020 (30 days, 19 hours)
    Guess.Mask.......: ?H?H?H?H?H?H?H?H?H?H [10]
    Guess.Queue......: 1/1 (100.00%)
    Speed.#1.........: 413.1 kH/s (372.49ms) @ Accel:128 Loops:256 Thr:1024 Vec:1
    Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
    Progress.........: 0/1099511627776 (0.00%)
    Rejected.........: 0/0 (0.00%)
    Restore.Point....: 0/68719476736 (0.00%)
    Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:3328-3584
    Candidates.#1....: 1234567899 -> 1F6E721234
    Hardware.Mon.#1..: Temp: 56c Fan: 0% Util:100% Core:1797MHz Mem:3802MHz Bus:16

    It would take this long running default (A-F 0-9) `10..Yes , better off running wordlists to find it..carnivore1
     
    • Like Like x 1
  20. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    Your wrong there Carnie, theres lower case with a q, plus its only 8 not 10, (according to his picture- if thats correct, that is)
    so it would be -a 3 -1 ?u?l?d ?1?1?1?1?1?1?1?1
    which would take 30 years.
    T.png
    Yes, i see they cracked it doing a basic search too- in 15 minutes
    but why do you guys (not carnivore1) post caps up at GPUHASHME and have no intention of paying them???? If i fixed your plumbing and you would not pay me, i would fix your car , so you wouldn't have to worry about driving anymore. permanently.
     
    #3080 longshanks, 22 Jan 2020
    Last edited: 22 Jan 2020
    • Like Like x 1

Share This Page

Loading...