+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: hcxdumptool (/thread-11913.html)
hcxdumptool - mrwho'sHE - 04-16-2024
Hello folks,
can somebody tell me how we can find hcxdumptool capture any handshake?
does it have any identifire or something?
for example in this:
CHA LAST R 1 3 P S MAC-AP ESSID (last seen on top) SCAN-FREQUENCY: 2437
-----------------------------------------------------------------------------------------
[ 11] 12:53:47 + 46a58d4560dd Mi 10T Lite
[ 11] 12:53:46 b6e7d329466d Electropack
[ 6] 12:53:46 + + d4a456ab46c4 camera_46c4
[ 2] 12:53:46 + 763d432151c0 POCO X5 Pro 5G
[ 1] 12:53:45 + + 46a2208ab29b MobinNet_E29A
RE: hcxdumptool - ZerBea - 04-16-2024
Explanation:
Code:
[ 11] 12:53:47 + 46a58d4560dd Mi 10T Lite -> AP not in range
[ 11] 12:53:46 b6e7d329466d Electropack -> AP doesn't use a PSK
[ 6] 12:53:46 + + d4a456ab46c4 camera_46c4 -> AP does not respond to hcxdumptool's ASSOCIATIONREQUEST
[ 2] 12:53:46 + 763d432151c0 POCO X5 Pro 5G -> AP not in Range
[ 1] 12:53:45 + + 46a2208ab29b MobinNet_E29A -> AP does not respond to hcxdumptool's ASSOCIATIONREQUESTSolution:
Improve your antenna or get closer to the targets.
The columns are explained in help menu:
Code:
$ hcxdumptool -h
--rds=<digit> : sort real time display
attack mode:
default: sort by time (last seen on top)
1 = sort by status (last PMKID/EAPOL on top)
scan mode:
1 = sort by PROBERESPONSE count
Columns:
R = + AP display : AP is in TX range or under attack
S = + AP display : AUTHENTICATION KEY MANAGEMENT PSK
P = + AP display : got PMKID hashcat / JtR can work on
1 = + AP display : got EAPOL M1 (CHALLENGE)
3 = + AP display : got EAPOL M1M2M3 or EAPOL M1M2M3M4 (AUTHORIZATION) hashcat / JtR can work on
E = + CLIENT display : got EAP-START MESSAGE
2 = + CLIENT display : got EAPOL M1M2 (ROGUE CHALLENGE) hashcat / JtR can work onRE: hcxdumptool - mrwho'sHE - 04-17-2024
(04-16-2024, 02:15 PM)ZerBea Wrote:
Thank you.
RE: hcxdumptool - ZerBea - 04-17-2024
You're welcome.
BTW:
Some more information is here:
https://github.com/ZerBea/hcxdumptool/discussions/432
To monitor the entire traffic, you can always run tshark or Wireshark in parallel with hcxdumptool.
e.g. monitor outgoing packets:
https://github.com/ZerBea/hcxdumptool/discussions/395
Some systems are described here:
https://github.com/ZerBea/hcxdumptool/wiki
Some adapters are tested here:
https://github.com/ZerBea/hcxdumptool/discussions/361