How to exploit WPA / WPA2 to easily steal passwords from modern Wi-Fi routers


Misha Feshchak

Security researchers have revealed that it is possible to easily steal passwords from the latest Wi-Fi routers using WPA / WPA2 which is a Wi-Fi security protocol.

How to Hack WiFi Password Easily use New Attack On WPA / WPA2

Jens 'Atom' Steve, developer of the popular password cracking tool Hashcat, discovered a hacking method that would steal the Wi-Fi password from the latest routers. This approach is meant to work with WPA / WPA2 wireless network protocols that have enabled 'Pairwise Master Key Identifier (PMKID)' based roaming capabilities. By recovering the PSK login password, an attacker can hack the Wi-Fi network, and it may be possible to intercept communication contents from here.

According to Steve, the previously known Wi-Fi hacking method required someone to log in to the network and wait for the network port authentication protocol EAPOL 's four-way handshake process to be acquired. is. However, the newly discovered WPA / WPA2 method eliminates the need to wait for someone to come in on the target network to obtain credentials. Instead, hacking will be performed on the Robust Security Network Information Element (RSN IE) using the single EAPOL frame requested by the access point.

RSN IN is a protocol used to establish secure communication under IEEE 802.11 , and has PMKID, which is a key necessary to establish a connection between a client and an access point, as one of its functions.

by John Schnobrich

The hacking procedure is as follows. According to the length and complexity of the password set in the target network, the time required for hacking may vary, but it has become clear that 'the number of routers currently operating this hacking method is It does not, but works with all 802.11i / p / q / r networks that have roaming enabled, 'commented Steve.

step 1:
Use a tool such as hcxdumptool version 4.2.0 or higher, request PMKID from the target access point, and dump the received frame to a file.

$ ./hcxdumptool -o test.pcapng -i wlp39s0f3u4u5 --enable_status

Step 2:
Use hcxpcaptool to convert the frame output (pcapng format) into a hash format that can be processed by Hashcat.

$ ./hcxpcaptool -z test.16800 test.pcapng

Step 3:
Get a WPA-PSK password using Hashcat version 4.2.0 or higher.

$ ./hashcat -m 16800 test.16800 -a 3 -w 3 '? l? l? l? l? l! lt!'

Note that this hacking method has been shown not to work with WPA3.

in Security, Posted by logu_ii