hashcat Forum
hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html)



RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - QYQ - 07-22-2017

I have a problem when make install, there is no <linux/wireless.h> file
my sys is mac os sierra 10.12.6
how can I find the losing file
thanks.


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 07-22-2017

Hi.
This is only the first fatal error you got. There will be much more...
You will have to find a replacement for linux iwlib.

The Apple Developer Connection website has a lot of articles which talk about porting progs between environments. You'll need to read these first (and similar articles on the Internet) to get a better sense of the issues involved.

"Certainly, it can be done. In fact, it is fairly routine." But it's really too much for a forum-post here.

And from hcxtools READ.me
Requirements: Linux

That's because I'm a very, very lazy coder. That means if there is a library which is able to do the job better than my tools, I'll use this lib.

Maybe a solution:

edit the Makefile
and remove all entries wlandump-ng and wlanresponse (these are extrem hardware-near coded)
then try to compile hcxtools
maybe that works for you

use a raspberry pi A+, B+ to capture
do not use a raspberry pi 3 (wifi soc doesn't work - no monitor mode)
do not use wlandump-ng or wlanresponse on virtual devices like monx (mon0,...)


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 07-22-2017

basic tutorial about the features to capture passwords from wlantraffic

1.
Choose a place where you do expect to receive many, many clients.
run wlandump-ng or wlanresponse for a while (one or more hours) using this options:

on a notebook
wlandump-ng -i <mywlandevice> -o test.cap -c 1 -t 4 -d 20 -D 2 -m 512 -b -r -l -L -s 20

on a raspberry
wlandump-ng -i <mywlandevice> -o test.cap -c 1 -t 4 -d 20 -D 2 -m 128 -b -r -l -L -s 0
wlanresponse -i <mywlandevice> -o test.cap -t 3 -b -l -L


mydevice is your WLAN device (it must be running allready in monitor mode on a real device - do not use virtual devices like mon0).

Please download and use the attached test.cap for this tutorial
.zip   test.cap.zip (Size: 739 bytes / Downloads: 45)
Extract and copy the cap to a folder and open a terminal inside.

2.
Let's check the cap:

$ wlancapinfo -i test.cap
input file.......: test.cap
magic file number: 0xa1b2c3d4 (cap/pcap)
major version....: 2
minor version....: 4
data link type...: 105 (DLT_IEEE802_11) [http://www.tcpdump.org/linktypes.html]
packets inside...: 6
last pcap error..: flawless

The cap looks like a normal cap, but you should convert it only by using wlancap2hcx, because there are informations inside, other tools are not able to strip.


Let's convert the cap:

$ wlancap2hcx -o test.hccapx -e wordlist test.cap
start reading from test.cap
6 packets processed (6 wlan, 0 lan, 0 loopback)
found 1 wpa2 AES Cipher, HMAC-SHA1
found 1 valid wpa handshake (by wlandump-ng/wlanresponse)

You can see that there's a valid WPA2 handshakles inside and that
wlandump-ng/wlanresponse initiates the authentication with the client.
No accesspint captured - there is no need to capture an accesspoint to get the data!
We use the -e option to save networknames and passwords to a file (it's a good idea to use this option everytime you run wlancap2hcx).

$ ls
test.hccapx test.cap  wordlist

now sort our wordlist
$ sort wordlist | uniq > wordlistsort
you need to do this, because there are many dupes inside.

$ ls
test.hccapx test.cap  wordlist wordlistsort

now run hashcat
$ hashcat -m 2500 --potfile-path=hc2500.pot test.hccapx wordlistsort
hashcat (v3.6.0-247-g8f2cbb26) starting...
Session..........: hashcat
Status...........: Cracked
Hash.Type........: WPA/WPA2
Hash.Target......: UPC501953949 (AP:8c:84:01:09:e9:e6 STA:bc:44:86:a1:66:82)
Time.Started.....: Sat Jul 22 09:59:12 2017 (0 secs)
Time.Estimated...: Sat Jul 22 09:59:12 2017 (0 secs)
Guess.Base.......: File (wordlistsort)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:        0 H/s (0.36ms)
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 2/2 (100.00%)
Rejected.........: 0/2 (0.00%)
Restore.Point....: 0/2 (0.00%)
Candidates.#1....: AXNDFNEU -> UPC501953949
HWMon.Dev.#1.....: Temp: 42c Fan: 28% Util:100% Core:1303MHz Mem:3004MHz Bus:8

Take a look into the potfile and you can imagine what's going on.
You cracked the hash, using the captured password from wlantraffic.

It's a good Idea to add/copy/cat the wordlist to your wordlist(s) - everytime you run wlancap2hcx on new cap files.


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - QYQ - 07-22-2017

(07-22-2017, 09:36 AM)ZerBea Wrote: Hi.
This is only the first fatal error you got. There will be much more...
You will have to find a replacement for linux iwlib.

The Apple Developer Connection website has a lot of articles which talk about porting progs between environments. You'll need to read these first (and similar articles on the Internet) to get a better sense of the issues involved.

"Certainly, it can be done. In fact, it is fairly routine." But it's really too much for a forum-post here.

And from hcxtools READ.me
Requirements: Linux

That's because I'm a very, very lazy coder. That means if there is a library which is able to do the job better than my tools, I'll use this lib.

Maybe a solution:

edit the Makefile
and remove all entries wlandump-ng and wlanresponse (these are extrem hadware-near coded)
then try to compile hcxtools
maybe that works for you

use a raspberry pi A+, B+ to capture
do not use a raspberry pi 3 (wifi soc doesn't work - no monitor mode)
do not use wlandump-ng or wlanresponse on virtual devices like monx (mon0,...)

Ok, I will have a try. Thanks anyway.


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 07-22-2017

Well, let's see how it works.
How about hcxkeys. Are you able to compile them?


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - DaKahuna - 07-23-2017

(07-22-2017, 06:33 AM)QYQ Wrote: I have a problem when make install, there is no <linux/wireless.h> file
my sys is mac os sierra 10.12.6
how can I find the losing file
thanks.

Run an Ubuntu VM in VMware Fusion.  Works very well. 
You will need to use a supported USB WiFi adapter but you would want to do that anyway.


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 08-03-2017

Read more about the authentication process and the importance of the message M2 here:
https://hashcat.net/forum/thread-6745-post-36007.html#pid36007


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - winxp5421 - 08-04-2017

Can you post up a clear GPIO pin out and what is needed for the Hardware mod. I would assume a switch and a couple LED's. but a pinout explanation would be nice.

Thanks,
Winxp


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 08-04-2017

Circuit:
https://github.com/ZerBea/hcxtools/blob/master/gpiowait.odg

Parts:
1 x LED, Low-Current (Kingbright 2.2 V, 2 mA)
1 x Resistor 10k Ohms
1 x Resistor 330 Ohms
1 Push Button
20cm cable

GPIO       pin  pin    GPIO
-------------------------------------
3V3           1            5V
1/3 (SCL)         6      0V
4               7            14 (TXD)
17 (ce1)   11            18 (ce0)



Basic turorial how to "wiringpi"
https://www.sunfounder.com/forum/how-to-apply-wiringpi-gpio-on-raspberry-pi/?p=1


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - winxp5421 - 08-04-2017

Thanks, much obliged.