hashcat Forum

Full Version: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Some websites convert control characters. In that case a posted hash become useless.
Please, can you give me hcxcleanpmkiddb and hcxcleaneapoldb
Both scripts are very simple. They are part of the environment to clean up the database in a fast way. Therefore I use the PMKs from the potfile as rainbowtable:
cut -c -64 hashcat.archiv.pmk >> $HOME/WLAN/Passwortlisten/foundhashcat.pmk
hashcat.archiv.pmk is the potfile for hashmode 2500 and 16800

hashcat option -o "/tmp/hashcat.pmk" is used to prevent that hashcat flooding my terminal with founds. I don't need them here, because I only want to --remove already recovered networks from the archive hashfiles.

hcxcleanpmkiddb:

#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 16801 --logfile-disable -w 3 --remove --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.16800" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"


hcxcleaneapoldb:

#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 2501 --logfile-disable -w 3 --remove --nonce-error-corrections=2 --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.hccapx" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"

More scripts are here:
https://hashcat.net/forum/attachment.php?aid=660
read more here:
https://hashcat.net/forum/thread-6661-po...l#pid44824
(07-09-2019, 11:40 PM)ZerBea Wrote: [ -> ]Both scripts are very simple. They are part of the environment to clean up the database in a fast way. Therefore I use the PMKs from the potfile as rainbowtable:
cut -c -64 hashcat.archiv.pmk >> $HOME/WLAN/Passwortlisten/foundhashcat.pmk
hashcat.archiv.pmk  is the potfile for hashmode 2500 and 16800

hashcat option -o "/tmp/hashcat.pmk" is used to prevent that hashcat flooding my terminal with founds. I don't need them here, because I only want to --remove already recovered networks from the archive hashfiles.

hcxcleanpmkiddb:

#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 16801 --self-test-disable --advice-disable --logfile-disable -w 3 --remove --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.16800" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"


hcxcleaneapoldb:

#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 2501 --self-test-disable --advice-disable --logfile-disable -w 3 --remove --nonce-error-corrections=2 --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.hccapx" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"

More scripts are here:
https://hashcat.net/forum/attachment.php?aid=660
read more here:
https://hashcat.net/forum/thread-6661-po...l#pid44824


Sorry,  thank you
BTW:
All command line options (in the scripts) are advanced(!) options to perform deep analyses or test/improve hashcat code. As a non-coder or a non-analyst, I recommend to run hashcat with default options!
(06-09-2019, 07:49 PM)ZerBea Wrote: [ -> ]Edimax EW-7811UAC
ID 7392:a812 Edimax Technology Co., Ltd

$ hcxdumptool -I
wlan interfaces:
74da380645e7 wlp0s20f0u1 (rtl88xxau)

$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
  1 / 2412MHz (18 dBm)
  2 / 2417MHz (18 dBm)
  3 / 2422MHz (18 dBm)
  4 / 2427MHz (18 dBm)
  5 / 2432MHz (18 dBm)
  6 / 2437MHz (18 dBm)
  7 / 2442MHz (18 dBm)
  8 / 2447MHz (18 dBm)
  9 / 2452MHz (18 dBm)
10 / 2457MHz (18 dBm)
11 / 2462MHz (18 dBm)
12 / 2467MHz (18 dBm)
13 / 2472MHz (18 dBm)
14 / 2484MHz (18 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
144 / 5720MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)
169 / 5845MHz (18 dBm)
173 / 5865MHz (18 dBm)

$ uname -r
5.1.7-arch1-1-ARCH

Running not out of the box. Get driver from here:
https://github.com/aircrack-ng/rtl8812au

aircrack-ng team is doing a really good job here!


Hi, how can I make it work in ubuntu 18.04
$ git clone https://github.com/aircrack-ng/rtl8812au
$ cd rtl8812au
$ make
$ sudo insmod 88XXau.ko
The plug in the adapter and run hcxdumptool.

This is not persistent. If you need it persistent, use dkms as described here:
https://github.com/aircrack-ng/rtl8812au
Thank you very much for your reply. In my case it does not capture me.
We have 2 issues that can cause your trouble:

You choose the wrong version (only 5.2.20 is working - $ git branch will show you this):
https://github.com/aircrack-ng/rtl8812au...-455573400

You are hit by this (still unfixed) kernel bug:
https://bugzilla.kernel.org/show_bug.cgi?id=202541
Several devices (WiFi adapters Bluetooth adapters, .... - the list is long) are not working or only partly working
By latest commit, I added several new attack modes to hcxdumptool:
--disable_internal_beacons        : do not transmit beacons using received ESSIDs
                                    default: transmit this kind of beacon once on channel change or every five seconds
                                    affected: ap-less and reactive_beacon, flood_beacon
--use_external_beaconlist=<file>  : transmit beacons from this list
                                    maximum ESSID length 32, maximum entries 4095
                                    default: transmit this kind of beacon once on channel change or every five seconds
                                    affected: ap-less and reactive_beacon, flood_beacon
--reactive_beacon                  : transmit internal/external beacon on every received proberequest
                                    affected: ap-less
--flood_beacon=<digit>            : transmit internal/external beacon after n received management packet
                                    warning: this will spam a channel
                                    affected: ap-less and whole traffic on a channel

and a weak candidate detection:
-weak_candidate=<password>        : use this password (8...63 characters) for weak candidate alert
                                    default: 12345678

--enable-status=1 will inform you when a weak candidate (access point running password 12345678) is in range.

hcxtools got several improvemts, too:
hcxpcaptool received better detection of damaged frames
wlanhcx2essid replaced by hcxessidtool

hcxessidtool 5.2.2 (C) 2019 ZeroBeat
usage:
hcxessidtool <options>

options:
-e <essid>  : filter by ESSID
-E <essid>  : filter by part of ESSID
-l <essid>  : filter by ESSID length
-h          : show this help
-v          : show version

--pmkid1=<file>        : input PMKID file 1
--pmkid2=<file>        : input PMKID file 2
--pmkidout12=<file>    : output only lines present in both PMKID file 1 and PMKID file 2
--pmkidout1=<file>    : output only lines present in PMKID file 1
--pmkidout2=<file>    : output only lines present in PMKID file 2
--pmkidout=<file>      : output only ESSID filtered lines present in PMKID file 1
--hccapx1=<file>      : input HCCAPX file 1
--hccapx2=<file>      : input HCCAPX file 2
--hccapxout12=<file>  : output only lines present in both HCCAPX file 1 and HCCAPX file 2
--hccapxout1=<file>    : output only lines present in HCCAPX file1
--hccapxout2=<file>    : output only lines present in HCCAPX file 2
--hccapxout=<file>    : output only ESSID filtered lines present in HCCAPX file 1
--essidout=<file>      : output ESSID list
--essidmacapout=<file> : output MAC_AP:ESSID list
--help                : show this help
--version              : show version

Main purpose is to get full advantage of reuse of PBKDF2
while merging (only) the same ESSIDs from different hash files
examples:
hcxessidtool --pmkid1=file1.16800 --pmkid2=file2.16800 --pmkidout12=joint.16800
hcxessidtool --pmkid1=file1.16800 -l 10 --pmkidout=filtered.16800