PMKID Hash Capture

What is a PMKID Attack

The PMKID attack is a method used to crack WPA/WPA2-PSK Wi-Fi passwords. It targets the Pairwise Master Key Identifier (PMKID) exchange process in the 4-way handshake of the WPA/WPA2 authentication process. By capturing a PMKID hash and using a brute-force or dictionary attack, an attacker can attempt to recover the Wi-Fi password. This attack takes advantage of a weakness in the WPA/WPA2 protocol and the use of weak or easily guessable passwords. It is important to note that performing this attack without proper authorization is illegal and unethical. It is crucial to ensure the security of Wi-Fi networks by using strong passwords and implementing additional security measures.

Steps to follow to capture the PMKID Hash

1. installing Tools

you should install two tools: hcxdumptool , hcxpcapngtool

GitHub - ZerBea/hcxdumptool: Small tool to capture packets from wlan devices.GitHub

GitHub - ZerBea/hcxtools: A small set of tools to convert packets from capture files to hash files for use with Hashcat or John the Ripper.GitHub

Just Follow Steps in the GitHub Repository to download them

1. Stop all services accessing the WIFI Network

sudo systemctl stop NetworkManager.service 
sudo systemctl stop wpa_supplicant.service

1. Capturing WIFI Network

sudo hcxdumptool -i [interface] -o dumpfile.pcapng --active_beacon --enable_status=15

Now, let this command run for some time to capture the required information

1. Start WIFI Network services again

sudo systemctl start wpa_supplicant.service 
sudo systemctl start NetworkManager.service

You can crack the pcapng file "dumpfile.pcapng" using a wordlist (like in the previous test) or using Hashcat:

Hashcat Cracking

Other YouTube Tutorials

You can check those YouTube Videos/Tutorials about PMKID Hash Capture:

• This YouTube Video created by David Bombal

• This YouTube Video created by Null Byte

How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat AttackNull Byte