hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
|
hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
|
Hi ZerBea,
Do you have a suggested way to extract WPS model number and WPS model name from the pcapng output? I did not see a way with hcxpcaptool or hcxpcapngtool. Maybe something like --filter-wps-model-number=NVG589 
I'm working on this feature
https://github.com/ZerBea/hcxtools/blob/...ol.c#L1664 but it has very low priority, because tshark and/or Wireshark can do it much better: $ tshark -r test.pcapng.cap -T fields -e wps.device_name -e wps.serial_number or (inclusive transmitter address and ESSID): $ tshark -r test.pcapng.cap -T fields -e wlan.ta -e wlan.ssid -e wps.device_name -e wps.serial_number reference is here: https://www.wireshark.org/docs/dfref/w/wps.html full reference is here: https://www.wireshark.org/docs/dfref/ From several analysis I noticed that many VENDORs doesn't use this fields or fill it with garbage. So don't expect "amazing results": Running the above cmd we will receive: "XYZ AP 12345678" Totally useless! BTW: Highest priority, as of today: AKM (Authentication and Key Management) and EAP (Extensible Authentication Protocol)!
If you got more information on how many VENDORs still using this fields, please keep us in the loop, here.
BTW: tshark is a powerfull tool to perform several kinds of analysis and to receive the results directly on the command line. Via simple bash scripts, you can evaluate the results of tshark and hcxdumptool/hcxtools in an easy way. Wireshark's default capture format is pcapng, too. So the tools are nearly 100% compatible to each other. Only one exception: tshark/Wireshark can't handle foreign binary custom option fields, well. This are hcxdumptool options codes to "communicate" with hcxpcangtool or multicapconverter (conversion tool): Code: pcapng option codes (Custom Block and/or Section Header Block) used by hcxdumptool:This are hcxpcapngtool messagepair codes to "communicate" with hashcat: Code: Bitmask message pair field used by hcxpcapngtool:
02-06-2020, 01:14 PM
Hello ZerBea, how to convert potfile 16800 and hccapx to 22000 mode.
Thank you
Hi strike1953.
This is another amazing feature of the new hashline: you can use simple bash commands to work on it. e.g. the awk way: Code: $ cat test.16800 | awk 'BEGIN { FS = ":" } ; { print "WPA*01*"$1"***"}' > new.22000
That is another amazing feature.
$ hcxpcapngtool -o test.22000 -E wordlist test.pcap $ hashcat -m 22000 test.22000 wordlist hcxdumptool attack vector against weak client, converted to pcap by tshark, so that you can test it running other tools, too: 
test.pcap.zip (Size: 1.41 KB / Downloads: 6)
What do you think? How much time will hashcat take to recover the PSK? How much time will hashcat take to recover the PSK without a little help of hcxdumptool/hcxtools? Can you imagine what you are missing... - if you don't capture this frames - if you don't save this frames - if you ignore this frames - if you filter this frames out - if you remove this frames from your cap file BTW: This is a test network: hashcat and a test PSK.
02-06-2020, 02:03 PM
(This post was last modified: 02-06-2020, 02:06 PM by strike1953.)
(02-06-2020, 01:44 PM)ZerBea Wrote: Hi strike1953. oh sorry my knowledge is huge. Sorry, my question is oriented to how to convert my old potfile (16800 mode) to the new 22000 mode.
Something like hcxhashcattool
02-06-2020, 02:56 PM
Ok, my fault. Didn't noticed that you mean the potfile.
That depend on your hascat version. The new potfile format is the result of PBKDF2: Code: PMK*ESSID(in HEX)*PSKOr you can use wlangenpmk/wlangenpmkocl, hcxpmkidtool. That require a little bit bash scripting to convert the results to the final potfile format.
02-06-2020, 03:02 PM
(02-06-2020, 02:56 PM)ZerBea Wrote: Ok, my fault. Didn't noticed that you mean the potfile. My current version of hashcat is beta 1644. Escape to my knowledge formulate the conversions. Pity |
|
« Next Oldest | Next Newest »
|
