How Hackers Crack WPA2 Networks Using the PMKID Hashcat Attack

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

for years attacking a wpa2 Network meant kicking someone off the network waiting for them to reconnect and collecting the WPA handshake in order to attempt to crack it a new attack based off the pmk ID allows us to attack networks even when no one's connected and we'll explore this on this episode of cyber weapons lab for years hacking a wpa2 network has meant waiting until someone comes home and then briefly kicking that person off the network in order to capture a WPA handshake now this method allows you to attempt to brute-force the password against a big list of plaintext passwords and if it happens to contain the password that was used on the network you'll be able to tell when the guess is correct now this is not always an attack that will work if the password is strong so in general while this attack is a little a little bit limited in scope it still can be quite effective against WPA networks that don't have a particularly strong password now this has been limited also by the fact that you need to kick somebody off and capture all four parts of what's called a four-way handshake which is the exchange that happens when a new device attempts to join a wireless network now a new attack has come out using the pmk ID of the robust security element which is a part of some frames that is included by default in some wireless networks now since the manufacturer is the one that decides whether or not this goes into a wireless network it's kind of random as to whether or not this attack will work but it is worth pointing out because it extends the functionality of these sort of brute force wpa2 attacks to networks that don't even have anyone connected now the way that this works is we are actually able to use only a single part of the 4-way message in order to attack the network and this is really cool because we don't need to wait around for somebody to join and we don't need to send out a bunch of super obvious D authentication frames alerting everyone nearby that we're running this sort of attack instead we can simply collect a single frame from the access point and used that to attempt to brute force the password the exact same way we would do with a standard WPA handshake based attack now in order to try this out we'll need to use a suite called hcx tools and we'll also need to use HDX dump in order to convert the file into something that hash cat can understand now as soon as we have that uh loaded we can take a password file and attempt to brute force the password the same way so once we have hcx tools Pub HDX dump and hash cat installed on your Kali Linux installation we can begin hey bytes in 2019 YouTube started enforcing a ban on instructional hacking and as a result we started getting warnings and even a strike on some of our content now in order to make sure we didn't get taken off YouTube entirely we had to move some of the more problematic videos over to the null byte web site now I understand this is a little bit annoying but you can still access the content by checking out the link below and in the description thanks for understanding as you can see here after a long run we weren't actually able to decrypt these passwords because the password list we use didn't contain the passwords in the hashes that we grabbed now I wanted to show this because this will often be the result and we get a lot of questions in our comments as to why this isn't working well if the password isn't contained in that password list then this attack will fail just like the previous wpa2 attacks that relied on a handshake so this isn't a silver bullet but if your password list does contain the password aka there is a weak password in a wireless network nearby this still represents a super valid and potent attack against wpa2 networks if you're okay with it being a cracking based attack well the new pmk ID based hash cat attacks are effective against a wide variety of networks they don't necessarily extend the capability beyond that of wpa2 attacks in the past to overcome strong passwords now it's important to realize that a strong password can stop a hacker in their tracks if you've also taken care of the WPS setup in to disable some of the common Hardware tricks that can get around these sorts of passwords now setting a strong password means not using things that are easy to guess like details about your life such as your address your phone number your date of birth or details about your family instead you're going to want to pick something that's strongly randomized and includes a lot of different things that would be difficult for someone to guess and a good step towards this is using a password manager in order to make sure you don't need to remember a bunch of long complicated passwords that's all we have for this episode of cyberweapons lab make sure to LIKE comment and subscribe and if you have any thoughts and feedback on the show shoot me a message on Twitter because we'd love to hear from you we'll see you next time you

Info

Channel: Null Byte

Views: 227,587

Rating: undefined out of 5

Keywords: wht, wonderhowto, nullbyte, null byte, hack, hacking, hacker, hacks, hackers, how to hack, howto, how to, tutorial, guide, cyber weapon, cyber weapons, cyber, cyber weapons lab

Id: 1yaHe7zWg1k

Channel Id: undefined

Length: 5min 11sec (311 seconds)

Published: Fri Jan 31 2020