Tools need to be downloaded:
- Hcxdumptool
- Hcxpcaptool
- Hash cat
Steps:-
1; Request PMKID from the router
Unlike older techniques where you had to wait until a user connected to the access point so that you can capture the 4-way handshake that is of EAPOL.This new method for finding out the password credentials does not require that anymore. The attack works on the RSN-IE or Robust Security Network Information Element. It only uses one frame which it requests from the wireless router.
2; Install Hcxdumptool & Hcxpcaptool
This is a tool that will help you to capture the PMKID packet from the access point. After capturing the frame, it can also dump it into a file for you. Below are some features of Hcxdumptool:
Can easily capture identities and usernames from a WLAN.Can easily capture passwords, plain master keys, handshakes and PMKIDs from traffic on WLAN.
After installing this tool run the below command in the CLI.
$ ./hcxdumptool -o test.pcapng -i wlp39s0f3u4u5 –enable_status
The command displayed above will dump the frame to a file.
3; After doing the above step now you will need to extract some contents from the frame file.
$ ./hcxpcaptool -z test.16800 test.pcapng
4; Using Hashcat to Crack the Wifi Password (WPA PSK Pre-Shared Key Recovery)
Hashcat is a tool used a lot in the security and penetration testing field. It is used by both hackers and researchers for finding out passwords by cracking their hash. After finding out the hash of the password you can enter the password in hashcat and it will find it out for you. It will take some time depending on how complex the password is of the wireless network. Enter the cmd below and run hashcat.
$ ./hashcat -m 16800 test.16800 -a 3 -w 3 ‘?l?l?l?l?l?lt!’
You need some brain, basic knowledge and patience