hashcat Forum

hashcat Forum > Misc > General Talk > hcxdumptool
Full Version: hcxdumptool
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mrwho'sHE

04-16-2024, 11:28 AM
Hello folks,
can somebody tell me how we can find hcxdumptool capture any handshake?
does it have any identifire or something?
for example in this:

  CHA    LAST  R 1 3 P S    MAC-AP    ESSID (last seen on top)  SCAN-FREQUENCY:  2437
-----------------------------------------------------------------------------------------
[ 11] 12:53:47        + 46a58d4560dd Mi 10T Lite
[ 11] 12:53:46          b6e7d329466d Electropack
[  6] 12:53:46 +      + d4a456ab46c4 camera_46c4
[  2] 12:53:46        + 763d432151c0 POCO X5 Pro 5G
[  1] 12:53:45 +      + 46a2208ab29b MobinNet_E29A

ZerBea

04-16-2024, 02:15 PM
Explanation:
Code:
[ 11] 12:53:47        + 46a58d4560dd Mi 10T Lite -> AP not in range
[ 11] 12:53:46          b6e7d329466d Electropack -> AP doesn't use a PSK
[  6] 12:53:46 +      + d4a456ab46c4 camera_46c4 -> AP does not respond to hcxdumptool's ASSOCIATIONREQUEST
[  2] 12:53:46        + 763d432151c0 POCO X5 Pro 5G -> AP not in Range
[  1] 12:53:45 +      + 46a2208ab29b MobinNet_E29A -> AP does not respond to hcxdumptool's ASSOCIATIONREQUEST

Solution:
Improve your antenna or get closer to the targets.

The columns are explained in help menu:
Code:
$ hcxdumptool -h

--rds=<digit>             : sort real time display
                             attack mode:
                              default: sort by time (last seen on top)
                               1 = sort by status (last PMKID/EAPOL on top)
                             scan mode:
                               1 = sort by PROBERESPONSE count
                             Columns:
                              R = + AP display     : AP is in TX range or under attack
                              S = + AP display     : AUTHENTICATION KEY MANAGEMENT PSK
                              P = + AP display     : got PMKID hashcat / JtR can work on
                              1 = + AP display     : got EAPOL M1 (CHALLENGE)
                              3 = + AP display     : got EAPOL M1M2M3 or EAPOL M1M2M3M4 (AUTHORIZATION) hashcat / JtR can work on
                              E = + CLIENT display : got EAP-START MESSAGE
                              2 = + CLIENT display : got EAPOL M1M2 (ROGUE CHALLENGE) hashcat / JtR can work on

mrwho'sHE

04-17-2024, 11:21 AM
(04-16-2024, 02:15 PM)ZerBea Wrote: [ -> ]

Thank you.

ZerBea

04-17-2024, 11:56 AM
You're welcome.

BTW:
Some more information is here:
https://github.com/ZerBea/hcxdumptool/discussions/432

To monitor the entire traffic, you can always run tshark or Wireshark in parallel with hcxdumptool.
e.g. monitor outgoing packets:
https://github.com/ZerBea/hcxdumptool/discussions/395

Some systems are described here:
https://github.com/ZerBea/hcxdumptool/wiki

Some adapters are tested here:
https://github.com/ZerBea/hcxdumptool/discussions/361
hashcat Forum > Misc > General Talk > hcxdumptool