Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hashcat Developer Discovers Simpler Way To Crack WPA2 Wireless Passwords (hashcat.net)

Posted by msmash on from the closer-look dept.

New submitter Woodmeister shares a report: While looking for ways to attack the new WPA3 security standard, Hashcat developer Jens "Atom" Steube found a simpler way to capture and crack access credentials protecting WPA and WPA2 wireless networks. The attacker needs to capture a single EAPOL frame after requesting it from the access point, extract the PMKID from it by dumping the recieved frame to a file, convert the captured data to a hash format accepted by Hashcat, and run Hashcat to crack it. Once that's done, the attacker has the Pre-Shared Key (PSK), i.e. the password, of the wireless network. Depending on the length and complexity of the password and the power of the cracking rig, that last step could take hours or days. "The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame," Steube explained. This makes the attack much easier to pull off, as the attacker doesn't depend on another user and on being in range of both the user and the access point at the exact moment when the user connects to the wireless network and the handshake takes place.

5 of 150 comments (clear)

  1. Re: Use good passwords by Anonymous Coward · · Score: 5, Funny

    What i have at home is a faraday cage with the router and a comfy chair inside it.

  2. Re:How does this apply to full length keys? by TechyImmigrant · · Score: 4, Funny

    Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B

    It won't take very log. You've already given us the password.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  3. Re: Use good passwords by Anonymous Coward · · Score: 5, Funny

    What am I, a network administrator? Who's got time for that

    I give them my neighbor's SSID and password, which I've cracked. Problem solved.

  4. Re:How does this apply to full length keys? by IMightB · · Score: 4, Funny

    Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B

    It won't take very log. You've already given us the password.

    All I see is **********************

  5. Re: Use good passwords by Bender0x7D1 · · Score: 3, Funny

    might as well use ethernet, or tin cans with a string...

    That would require multiple dongles if he has a Mac.

    --
    Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.