Carding 4 Carders
Professional
Jens Steube, author of the famous password cracking tool Hashcat, talked about discovering a new, faster way to crack wireless passwords. The new technique was discovered almost by accident when Steube and his colleagues were looking for weaknesses in WPA3.
Previously, such attacks assumed that an attacker would have to wait for the right moment for someone to log on to the network, and a four-way EAPOL handshake would be performed, during which the client and the router would use the PMK (Pairwise Master Key) and make sure that both of them knew Pre- Shared Key (PSK). The attacker's task was to catch this moment and intercept the handshake.
But the researchers found that for WPA and WPA2 on 802.11i / p / q / r networks, things could be easier. The new attack relies on the use of RSN IE (Robust Security Network Information Element) and its extraction from a single EAPOL frame. In fact, an attacker only needs to attempt to authenticate on the wireless network, extract the PMKID from one frame, and then, having the RSN IE data in hand, can begin cracking the Pre-Shared Key (PSK).
For example, you can use the same Hashcat for this. The researchers note that it takes 10 minutes on average to crack a password, but it all depends on its complexity.
“Since in this case the PMK is the same as during a normal four-way handshake, this is an ideal attack vector. We get all the data we need from the very first EAPOL frame, ”writes Stube.
So far, experts do not report which routers, which manufacturers are vulnerable to such an attack vector. Most likely, the problem is relevant for all "modern routers" with enabled roaming functions that work with IEEE 802.11i / p / q / r.
