hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
#51
How to build up an environment for advanced wpa cracking:

Don't waste your time by testing useless wordlists, downloaded from the internet.
Create your own environment, using real hashes and passwords!

Only a few files needed:
new.hccapx
database.hccapx
hashcat.pot.2500
hashcat.pot.2501
knownpasswords.txt
foundpasswords.txt
essidlist.txt
foundpmks.txt

1. Build hccapx hashdatabase
cat all your hccapx files to one big hccapx: database.hccapx
download caps frome here: https://forum.antichat.ru/threads/435763/page-581
convert them to hccapx (wlancap2hcx) and add the hccapx to database.hccapx
use the -e option to save networknames and found passwords and save them to essids.txt
search for known passwords here: https://forum.antichat.ru/threads/435763/page-581
and add them to knownpasswords.txt
download hccaps from here: https://xsrc.ru/list/
you can use a simple script to download them all:

#!/bin/bash
cd $HOME/Downloads
let i=$1

while [ $i -le $2 ]
do
curl -o $i.hccap -L https://xsrc.ru/download/$i
i=$[$i+1]
done

run the script with this parameters: 1 26068
where xxx is the last contribution number:
https://xsrc.ru/view/26068
convert them to hccapx (wlanhc2hcx) and add the hccapx to database.hccapx

Get your initial wordlist here:
http://wpa-sec.stanev.org/dict/cracked.txt.gz
and copy contence into knownpasswords.txt

2. Build your password database
cat knownpasswords.txt foundpasswords.txt essidlist.txt > testlist.txt
sort your testlist.txt > unique
hashcat -m 2500 --nonce-error-corrections=8 --remove --logfile-disable --potfile-path=hashcat.2500.pot --outfile-format=2 -o foundpasswords.txt database.hccapx testlist.txt
create from every found password a plainmasterkey (wlangenpmk, wlangenpmkocl) and save them to foundpmks.txt

Now you can start your loop if you got new hashes and/or new passwords:
capture or download your hashes
convert and add them to new.hccapx and database.hccapx
add new password to knownpasswords.txt
check for allready cracked hashes:
hashcat -m 2501 --nonce-error-corrections=8 --remove --logfile-disable --potfile-path=hashcat.2501.pot --outfile-format=2 -o foundpmks.txt new.hccapx foundpmks.txt
check for new passwords:
cat knownpasswords.txt foundpasswords.txt essidlist.txt > testlist.txt
hashcat -m 2500 --nonce-error-corrections=32 --remove --logfile-disable --potfile-path=hashcat.2500.pot --outfile-format=2 -o foundpasswords.txt new.hccapx testlist.txt
create from every found password a plainmasterkey (wlangenpmk, wlangenpmkocl) and save them to foundpmks.txt
remove found hashes from your database:
hashcat -m 2501 --nonce-error-corrections=8 --remove --logfile-disable --potfile-path=hashcat.2501.pot --outfile-format=2 -o foundpmks.txt database.hccapx foundpmks.txt
remove new.hccapx
sort your lists> unique

To find new passwords take advantage of hashcat's reuse of PBKDF2 on common ESSIDs
for example: save all nets with the ESSID AndroidAP to AndroidAP.hccapx
use wlanhcx2ssid -i database.hccapx -X AndroidAP
run hashcat on AndroidAP.hccapx using a mask ore a favourite small wordlist or a rule on essidlist.txt:
hashcat -m 2500 --nonce-error-corrections=8 --remove --logfile-disable --potfile-path=hashcat.2500.pot --outfile-format=2 -o foundpasswords.txt AndroidAP.hccapx -a 3 ?l?l?l?l?d?d?d?d
step into your loop here:
create from every found password a plainmasterkey (wlangenpmk, wlangenpmkocl) and save them to foundpmks.txt
remove found hashes from your database:
hashcat -m 2501 --nonce-error-corrections=8 --remove --logfile-disable --potfile-path=hashcat.2501.pot --outfile-format=2 -o foundpmks.txt database.hccapx foundpmks.txt

After a while, you'll see your database (hccapx and passwords) growing up.
Play around with --nonce-error-corrections=x on hash-mode 2501 (test values 32 or 64)
Reply


Messages In This Thread
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 08-18-2017, 08:15 AM
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM