Thanks, I'm fine and I you you'll be fine, too.
hcxtools > v6 and hcxdumptool making life a little bit more easier and received a lot of improvements, but the basics are the same (that include filter modes, filter lists and Berkeley Packet Filter). Only default formats changed to pcapng.
capture traffic -> convert to hashcat (or john) hash format -> run hashcat (or john)
The same applies to the attack vectors:
attack vector 1 target AP (PMKID)
attack vector 2 CLIENT (M2)
attack vector 3 AP <-> CLIENT connection (PMKID, M1, M2, M3, M4)
attack vector 4 EAP (EAP-ID, EAP TLS, RADIUS)
or any combination of this.
Code:
attack vector 1, 2, 3, 4 (request EAP-ID, only)
$ hcxdumptool -i interface -o dump.pcapng --essidlist=beaconlist --active_beacon
attack vector 2, (request EAP-ID, only)
$ hcxdumptool -i interface -o dump.pcapng --essidlist=beaconlist --active_beacon --disable_deauthentication --disable_ap_attacks -t 300
attack vector 1, 3
$ hcxdumptool -i interface -o dump.pcapng --essidlist=beaconlist --disable_client_attacks
for attack vector 4 please read --help
If you're an experienced user (you know what you're doing, you are able to create a BPF, you don't need a beautiful real time status display), I recommend to use hcxlabtool from the wifi_laboratory series.
The basics of converting traffic to hashcat/john formats are the same, too, except that the default formats changed:
hcxpcapngtool:
default hash format now -> 22000 EAPOL + PMKID
storing possible PSKs, received from WiFi traffic can be done by -E -I -U
Example dump file is here:
https://github.com/evilsocket/pwnagotchi...nctest.zip
$ hcxpcapngtool -o eapol.22000 -E wordlist test.pcap
$ hashcat -m 22000 --nonce-error-corrections=8 eapol.22000 wordlist
In this example, we must use --nonce-error-corrections=8, because I converted the origin pcapng file to cap/pcap format (a few tools don't understand pcapng). This format is a very basic format and we loose some important information, stored in pcapng format.
hcxhashtool is new. Depending on the options you can filter the output hash file. That can be done by bash tools, too, because 22000 is no longer a binary format.
hcxeiutool is new. Depending on the options you can pre-process hcxpcapngtool -E -I -U output to a raw word list that can be used in combination with rules.