WIFI-PMKIDCredential Access

WPA2 PMKID Attack

RSN IE PMKID extracted from a single association attempt — no client needed, crack offline with hashcat -m 22000.

§ Where this technique fits

WIFI-PMKID is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 1 on average.

§ Dossiers chaining this technique

PMKID attack → offline crack with no client interaction
WPA2 PMKID can be extracted from a single association attempt with the AP — no client needed. hcxdumptool + hashcat -m 22000 yields the PSK if it's weak.
step 1 / 5

§ What commonly comes next

01
Command and Scripting Interpreter
T1059 · Execution
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

PMKID attack → offline crack with no client interaction

§ What commonly comes next