07-09-2019, 08:10 PM
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
07-09-2019, 08:15 PM
Please, can you give me hcxcleanpmkiddb and hcxcleaneapoldb
07-09-2019, 11:40 PM
Both scripts are very simple. They are part of the environment to clean up the database in a fast way. Therefore I use the PMKs from the potfile as rainbowtable:
cut -c -64 hashcat.archiv.pmk >> $HOME/WLAN/Passwortlisten/foundhashcat.pmk
hashcat.archiv.pmk is the potfile for hashmode 2500 and 16800
hashcat option -o "/tmp/hashcat.pmk" is used to prevent that hashcat flooding my terminal with founds. I don't need them here, because I only want to --remove already recovered networks from the archive hashfiles.
hcxcleanpmkiddb:
#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 16801 --logfile-disable -w 3 --remove --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.16800" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"
hcxcleaneapoldb:
#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 2501 --logfile-disable -w 3 --remove --nonce-error-corrections=2 --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.hccapx" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"
More scripts are here:
https://hashcat.net/forum/attachment.php?aid=660
read more here:
https://hashcat.net/forum/thread-6661-po...l#pid44824
cut -c -64 hashcat.archiv.pmk >> $HOME/WLAN/Passwortlisten/foundhashcat.pmk
hashcat.archiv.pmk is the potfile for hashmode 2500 and 16800
hashcat option -o "/tmp/hashcat.pmk" is used to prevent that hashcat flooding my terminal with founds. I don't need them here, because I only want to --remove already recovered networks from the archive hashfiles.
hcxcleanpmkiddb:
#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 16801 --logfile-disable -w 3 --remove --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.16800" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"
hcxcleaneapoldb:
#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 2501 --logfile-disable -w 3 --remove --nonce-error-corrections=2 --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.hccapx" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"
More scripts are here:
https://hashcat.net/forum/attachment.php?aid=660
read more here:
https://hashcat.net/forum/thread-6661-po...l#pid44824
07-10-2019, 01:18 PM
(07-09-2019, 11:40 PM)ZerBea Wrote: [ -> ]Both scripts are very simple. They are part of the environment to clean up the database in a fast way. Therefore I use the PMKs from the potfile as rainbowtable:
cut -c -64 hashcat.archiv.pmk >> $HOME/WLAN/Passwortlisten/foundhashcat.pmk
hashcat.archiv.pmk is the potfile for hashmode 2500 and 16800
hashcat option -o "/tmp/hashcat.pmk" is used to prevent that hashcat flooding my terminal with founds. I don't need them here, because I only want to --remove already recovered networks from the archive hashfiles.
hcxcleanpmkiddb:
#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 16801 --self-test-disable --advice-disable --logfile-disable -w 3 --remove --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.16800" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"
hcxcleaneapoldb:
#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 2501 --self-test-disable --advice-disable --logfile-disable -w 3 --remove --nonce-error-corrections=2 --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.hccapx" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"
More scripts are here:
https://hashcat.net/forum/attachment.php?aid=660
read more here:
https://hashcat.net/forum/thread-6661-po...l#pid44824
Sorry, thank you
07-10-2019, 04:03 PM
BTW:
All command line options (in the scripts) are advanced(!) options to perform deep analyses or test/improve hashcat code. As a non-coder or a non-analyst, I recommend to run hashcat with default options!
All command line options (in the scripts) are advanced(!) options to perform deep analyses or test/improve hashcat code. As a non-coder or a non-analyst, I recommend to run hashcat with default options!
09-17-2019, 08:10 PM
(06-09-2019, 07:49 PM)ZerBea Wrote: [ -> ]Edimax EW-7811UAC
ID 7392:a812 Edimax Technology Co., Ltd
$ hcxdumptool -I
wlan interfaces:
74da380645e7 wlp0s20f0u1 (rtl88xxau)
$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
1 / 2412MHz (18 dBm)
2 / 2417MHz (18 dBm)
3 / 2422MHz (18 dBm)
4 / 2427MHz (18 dBm)
5 / 2432MHz (18 dBm)
6 / 2437MHz (18 dBm)
7 / 2442MHz (18 dBm)
8 / 2447MHz (18 dBm)
9 / 2452MHz (18 dBm)
10 / 2457MHz (18 dBm)
11 / 2462MHz (18 dBm)
12 / 2467MHz (18 dBm)
13 / 2472MHz (18 dBm)
14 / 2484MHz (18 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
144 / 5720MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)
169 / 5845MHz (18 dBm)
173 / 5865MHz (18 dBm)
$ uname -r
5.1.7-arch1-1-ARCH
Running not out of the box. Get driver from here:
https://github.com/aircrack-ng/rtl8812au
aircrack-ng team is doing a really good job here!
Hi, how can I make it work in ubuntu 18.04
09-18-2019, 12:06 AM
$ git clone https://github.com/aircrack-ng/rtl8812au
$ cd rtl8812au
$ make
$ sudo insmod 88XXau.ko
The plug in the adapter and run hcxdumptool.
This is not persistent. If you need it persistent, use dkms as described here:
https://github.com/aircrack-ng/rtl8812au
$ cd rtl8812au
$ make
$ sudo insmod 88XXau.ko
The plug in the adapter and run hcxdumptool.
This is not persistent. If you need it persistent, use dkms as described here:
https://github.com/aircrack-ng/rtl8812au
09-18-2019, 02:25 AM
Thank you very much for your reply. In my case it does not capture me.
09-18-2019, 08:10 AM
We have 2 issues that can cause your trouble:
You choose the wrong version (only 5.2.20 is working - $ git branch will show you this):
https://github.com/aircrack-ng/rtl8812au...-455573400
You are hit by this (still unfixed) kernel bug:
https://bugzilla.kernel.org/show_bug.cgi?id=202541
Several devices (WiFi adapters Bluetooth adapters, .... - the list is long) are not working or only partly working
You choose the wrong version (only 5.2.20 is working - $ git branch will show you this):
https://github.com/aircrack-ng/rtl8812au...-455573400
You are hit by this (still unfixed) kernel bug:
https://bugzilla.kernel.org/show_bug.cgi?id=202541
Several devices (WiFi adapters Bluetooth adapters, .... - the list is long) are not working or only partly working
09-18-2019, 02:04 PM
By latest commit, I added several new attack modes to hcxdumptool:
--disable_internal_beacons : do not transmit beacons using received ESSIDs
default: transmit this kind of beacon once on channel change or every five seconds
affected: ap-less and reactive_beacon, flood_beacon
--use_external_beaconlist=<file> : transmit beacons from this list
maximum ESSID length 32, maximum entries 4095
default: transmit this kind of beacon once on channel change or every five seconds
affected: ap-less and reactive_beacon, flood_beacon
--reactive_beacon : transmit internal/external beacon on every received proberequest
affected: ap-less
--flood_beacon=<digit> : transmit internal/external beacon after n received management packet
warning: this will spam a channel
affected: ap-less and whole traffic on a channel
and a weak candidate detection:
-weak_candidate=<password> : use this password (8...63 characters) for weak candidate alert
default: 12345678
--enable-status=1 will inform you when a weak candidate (access point running password 12345678) is in range.
hcxtools got several improvemts, too:
hcxpcaptool received better detection of damaged frames
wlanhcx2essid replaced by hcxessidtool
hcxessidtool 5.2.2 (C) 2019 ZeroBeat
usage:
hcxessidtool <options>
options:
-e <essid> : filter by ESSID
-E <essid> : filter by part of ESSID
-l <essid> : filter by ESSID length
-h : show this help
-v : show version
--pmkid1=<file> : input PMKID file 1
--pmkid2=<file> : input PMKID file 2
--pmkidout12=<file> : output only lines present in both PMKID file 1 and PMKID file 2
--pmkidout1=<file> : output only lines present in PMKID file 1
--pmkidout2=<file> : output only lines present in PMKID file 2
--pmkidout=<file> : output only ESSID filtered lines present in PMKID file 1
--hccapx1=<file> : input HCCAPX file 1
--hccapx2=<file> : input HCCAPX file 2
--hccapxout12=<file> : output only lines present in both HCCAPX file 1 and HCCAPX file 2
--hccapxout1=<file> : output only lines present in HCCAPX file1
--hccapxout2=<file> : output only lines present in HCCAPX file 2
--hccapxout=<file> : output only ESSID filtered lines present in HCCAPX file 1
--essidout=<file> : output ESSID list
--essidmacapout=<file> : output MAC_AP:ESSID list
--help : show this help
--version : show version
Main purpose is to get full advantage of reuse of PBKDF2
while merging (only) the same ESSIDs from different hash files
examples:
hcxessidtool --pmkid1=file1.16800 --pmkid2=file2.16800 --pmkidout12=joint.16800
hcxessidtool --pmkid1=file1.16800 -l 10 --pmkidout=filtered.16800
--disable_internal_beacons : do not transmit beacons using received ESSIDs
default: transmit this kind of beacon once on channel change or every five seconds
affected: ap-less and reactive_beacon, flood_beacon
--use_external_beaconlist=<file> : transmit beacons from this list
maximum ESSID length 32, maximum entries 4095
default: transmit this kind of beacon once on channel change or every five seconds
affected: ap-less and reactive_beacon, flood_beacon
--reactive_beacon : transmit internal/external beacon on every received proberequest
affected: ap-less
--flood_beacon=<digit> : transmit internal/external beacon after n received management packet
warning: this will spam a channel
affected: ap-less and whole traffic on a channel
and a weak candidate detection:
-weak_candidate=<password> : use this password (8...63 characters) for weak candidate alert
default: 12345678
--enable-status=1 will inform you when a weak candidate (access point running password 12345678) is in range.
hcxtools got several improvemts, too:
hcxpcaptool received better detection of damaged frames
wlanhcx2essid replaced by hcxessidtool
hcxessidtool 5.2.2 (C) 2019 ZeroBeat
usage:
hcxessidtool <options>
options:
-e <essid> : filter by ESSID
-E <essid> : filter by part of ESSID
-l <essid> : filter by ESSID length
-h : show this help
-v : show version
--pmkid1=<file> : input PMKID file 1
--pmkid2=<file> : input PMKID file 2
--pmkidout12=<file> : output only lines present in both PMKID file 1 and PMKID file 2
--pmkidout1=<file> : output only lines present in PMKID file 1
--pmkidout2=<file> : output only lines present in PMKID file 2
--pmkidout=<file> : output only ESSID filtered lines present in PMKID file 1
--hccapx1=<file> : input HCCAPX file 1
--hccapx2=<file> : input HCCAPX file 2
--hccapxout12=<file> : output only lines present in both HCCAPX file 1 and HCCAPX file 2
--hccapxout1=<file> : output only lines present in HCCAPX file1
--hccapxout2=<file> : output only lines present in HCCAPX file 2
--hccapxout=<file> : output only ESSID filtered lines present in HCCAPX file 1
--essidout=<file> : output ESSID list
--essidmacapout=<file> : output MAC_AP:ESSID list
--help : show this help
--version : show version
Main purpose is to get full advantage of reuse of PBKDF2
while merging (only) the same ESSIDs from different hash files
examples:
hcxessidtool --pmkid1=file1.16800 --pmkid2=file2.16800 --pmkidout12=joint.16800
hcxessidtool --pmkid1=file1.16800 -l 10 --pmkidout=filtered.16800