New PMKID Attack for WPA & WPA2 hacking wifi password

Recently, a security analyst has exposed a new technique to hack WiFi (WPA2 Hacking) that simply let attackers to crack WiFi passwords of most of the routers.

Jens ‘Atom’ Steube, lead developer of Hashcat (a popular password cracking tool), revealed that the new method was discovered accidentally during the analysis of the recently launched WPA3 security standard.

This new technique of cracking WiFi password works explicitly against WPA/WPA2 wireless network protocols with PMKID (Pairwise Master Key Identifier)- based roaming features enabled.

This new WiFi hacking strategy could possibly allow attackers to retrieve the PSK (Pre-shared Key) login passwords, enabling them to hack into your Wi-Fi network and spy on the Internet correspondences.

How to Hack WiFi Password on Laptop using PMKID

wpa2 hacking

According to Steube, in the old WPA2 hacking approach attackers has to wait for someone to login into a network and capture a full 4-way handshake of Extensible authentication Protocol over LAN (EAPOL) which is a network port authentication protocol. Whereas, the new approach doesn’t requires another operator to be on the target network to capture all the login credentials.

Instead, it is performed on the Robust Security Network Information Element (RSN IE) using a single Extensible Authentication Protocol over LAN (EAPOL) frame after requesting it from the access point.

Steps for Cracking WiFi Password

Before proceeding following tools need to be downloaded:

Step 1Run ‘hcxdumptool’ tool (v4.2.0 or higher) to request the PMKID from the targeted Access Point and dump the received frame to a file.

$ ./hcxdumptool -o test.pcapng -i wlp39s0f3u4u5 –enable_status


wpa2 hacking step 1

If an Access Point recieves our association request packet and supports sending PMKID,  “FOUND PMKID” message will seen after a moment:

wpa2 hacking step 1

Step 2Run ‘hcxpcaptool’ to convert the captured data from pcapng format to a hash format accepted by hashcat.

$ ./hcxpcaptool -z test.16800 test.pcapng


wpa2 hacking step 2

Step 3 — Use ‘hashcat’ (v4.2.0 or higher) password cracking tool to obtain the WPA Pre-Shared Key (PSK) password.

$ ./hashcat -m 16800 test.16800 -a 3 -w 3 ‘?l?l?l?l?l?lt!’


wpa2 hacking step 3

“At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers).” said Jens ‘Atom’ Steube.

Since the new WiFi hack just conflicts with systems with roaming capacities empowered, clients are prescribed to ensure their WiFi password to be strong enough so it can’t be cracked easily .

For more information visit: Hashcat Forum.

Have something to say about this wpa2 hacking? Comment below or share it with us on Facebook, Twitter or our Google+ Pages.

Also Read: 

Leave a Reply

Your email address will not be published. Required fields are marked *