PDA

View Full Version : PSKracker - An All-In-One WPA/WPS Toolkit



soxrok2212
2017-10-06, 19:05
Hi all

I haven't posted here in a while, but I figured I'd try to get some more public exposure. I'm working on a new project called PSKracker, which is a toolkit written in C for generating default WPA/WPS keys for various wireless devices.

The launch already supports two cutting edge vulnerabilities with anticipation to add more as they come. For speed and efficiency, everything is written in C.

This project includes or will include:


Default WPA key generators
Default WPS pin generators
Dictionaries used for various manufacturers
A list containing keyspaces for various models as well as reduced charsets and Hashcat masks (piping to Hashcat is supported)
More and more


This project is still in beta and is very incomplete, but other developers and I are working hard. Community feedback is always welcome, as well as creating pull requests for bug fixes, new algorithms, etc. Because of the size of the repository and the intended use of the code, embedded systems are not supported. This toolkit is for testing and securing your own networks, or networks you have permission to test.

You can check it out on GitHub: https://github.com/soxrok2212/PSKracker

scorpius
2017-10-10, 17:53
This is great, and you guys did a wonderful job reversing the XHS key generator. But has the issue been patched -- and does getting the Cable Modem MAC still work?

aanarchyy
2017-10-19, 03:20
I am still looking into a way to reliably retrieve the CM mac, but we have a few other tasks that we are working on.
And as of this post, the CM XHS-XXXXXX/PSK still remains the same.

scorpius
2017-10-23, 19:04
I'm still not able to get the CM mac. I've looked for it in the following places, but nothing usable is there.
1. DHCP ACK while connected to the hotspot.
2. IPV6 multicast packet

And these are devices for which I already have the hidden SSID (XHS-XXXXXX) and 18-char passphrase.

aanarchyy
2017-10-23, 23:38
If two of the three variables are known, creating something to perhaps brute force the third should be trivial.

scorpius
2017-11-19, 00:44
Which variables are you referring to? I'm using wireshark to inspect the packets.

soxrok2212
2017-12-07, 19:56
Which variables are you referring to? I'm using wireshark to inspect the packets.

I would assume aanarchyy meant the CM MAC, SSID, and PSK...?

scorpius
2017-12-09, 20:07
That still doesn't answer the question of how to retrieve the CM mac.