+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html)
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-08-2019
I saw people using Wlandump instead hcxdumptool.. any difference on the output?
wlandump-ng is the predecessor of hcxdumptool. It has less functions and it depend on libpcap. That make it slow.
hcxdumptool doesn't depend on libnl, libpcap, wiringpi and other wrappers. That will make it fast.
Could be possible to create a minimal raspberry distro just for hcxtools and access via ssh only?
Yes. This is a backup of my headless system, controlled via ssh:
$ ls -All
total 477912
-rw-r--r-- 1 root root 21043310 5. Jun 17:41 rpiboot.tgz
-rw-r--r-- 1 root root 468330646 5. Jun 17:43 rpiroot.tgz
from this base system:
ArchLinuxARM-rpi-latest.tar.gz 02-Jun-2019 17:47 43059753
No, beautiful GUI, no unnecessary tools - only speed!
BTW:
The gz files doesn't contain images. I don't like the idea to backup a system by "dd".
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-08-2019
Seems that closing the ssh window from a terminal stops the process on the raspberry. Any other way to keep it alive ?
-- thanks, working great on the background.
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-08-2019
run it as background task
$ hcxdumptool -i interface ..... &
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-08-2019
Is any 5ghz dongle working good with hcxtools?
Im about to buy a dongle for another setup cause my AWUS 036AC from Alfa seems not to work.
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-08-2019
TP-LINK Archer T2UH
ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer T2U" 2.4G+5G WLAN Adapter)
$ hcxdumptool -I
wlan interfaces:
503eaaa08f6f wlp3s0f0u10u2 (mt76x0u)
$ hcxdumptool -i wlp3s0f0u10u2 -C
initialization...
available channels:
1 / 2412MHz (14 dBm)
2 / 2417MHz (14 dBm)
3 / 2422MHz (14 dBm)
4 / 2427MHz (14 dBm)
5 / 2432MHz (14 dBm)
6 / 2437MHz (14 dBm)
7 / 2442MHz (14 dBm)
8 / 2447MHz (14 dBm)
9 / 2452MHz (14 dBm)
10 / 2457MHz (14 dBm)
11 / 2462MHz (14 dBm)
12 / 2467MHz (14 dBm)
13 / 2472MHz (14 dBm)
14 / 2484MHz (14 dBm)
36 / 5180MHz (17 dBm)
40 / 5200MHz (17 dBm)
44 / 5220MHz (17 dBm)
48 / 5240MHz (17 dBm)
52 / 5260MHz (17 dBm)
56 / 5280MHz (17 dBm)
60 / 5300MHz (17 dBm)
64 / 5320MHz (17 dBm)
100 / 5500MHz (17 dBm)
104 / 5520MHz (17 dBm)
108 / 5540MHz (17 dBm)
112 / 5560MHz (17 dBm)
116 / 5580MHz (17 dBm)
120 / 5600MHz (17 dBm)
124 / 5620MHz (17 dBm)
128 / 5640MHz (17 dBm)
132 / 5660MHz (17 dBm)
136 / 5680MHz (17 dBm)
140 / 5700MHz (17 dBm)
149 / 5745MHz (17 dBm)
153 / 5765MHz (17 dBm)
157 / 5785MHz (17 dBm)
161 / 5805MHz (17 dBm)
165 / 5825MHz (17 dBm)
Requirement: new kernel!
$ uname -r
5.1.7-arch1-1-ARCH
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-09-2019
Just being wondering.. what do you use the gpio_button for? its a trigger?
BTW Im looking for the --enable_status values and cant find the meaning of each. any guide?
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-09-2019
If you take a look at this photo:
https://github.com/ZerBea/hcxdumptool/wiki/Penetration-testing-system-1
You'll see a "push button" and a LED.
Both are used to control the RPI.
The push button is used to safely shut the RPI down.
The LED is used to indicate the status.
LED flashing every 5 seconds: everything's fine
LED permanent on: no signal received - perhaps no traffic on the channel or driver broken
LED flashing twice every 5 seconds: RPI is under control of hcxpioff
circuit diagram is here:
https://github.com/ZerBea/hcxdumptool/tree/master/docs
--enable_status is explained in --help
--enable_status=<digit> : enable status messages
bitmask:
1: EAPOL
2: PROBEREQUEST/PROBERESPONSE
4: AUTHENTICATON
8: ASSOCIATION
16: BEACON
We use a bitmask to select the options.
For example:
--enable_status=1 : show only EAPOL info
--enable_status=2 : show only PROBEREQUEST/PROBERESPONSE
to get both messages you must add the values:
--enable_status=3 : show EAPOL info and PROBEREQUEST/PROBERESPONSE info
That's the "secret" of the --enable_status switch. In other words we can use many options running a single switch.
BTW:
Sent you a PM.
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-09-2019
ASUS AC51:
ID 0b05:17d1 ASUSTek Computer, Inc. AC51 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U]
$ hcxdumptool -I
wlan interfaces:
0c9d92b486ca wlp0s20f0u1 (mt76x0u)
$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
1 / 2412MHz (16 dBm)
2 / 2417MHz (16 dBm)
3 / 2422MHz (16 dBm)
4 / 2427MHz (16 dBm)
5 / 2432MHz (16 dBm)
6 / 2437MHz (16 dBm)
7 / 2442MHz (16 dBm)
8 / 2447MHz (16 dBm)
9 / 2452MHz (16 dBm)
10 / 2457MHz (16 dBm)
11 / 2462MHz (16 dBm)
12 / 2467MHz (16 dBm)
13 / 2472MHz (16 dBm)
14 / 2484MHz (16 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)
$ uname -r
5.1.7-arch1-1-ARCH
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-09-2019
Edimax EW-7811UAC
ID 7392:a812 Edimax Technology Co., Ltd
$ hcxdumptool -I
wlan interfaces:
74da380645e7 wlp0s20f0u1 (rtl88xxau)
$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
1 / 2412MHz (18 dBm)
2 / 2417MHz (18 dBm)
3 / 2422MHz (18 dBm)
4 / 2427MHz (18 dBm)
5 / 2432MHz (18 dBm)
6 / 2437MHz (18 dBm)
7 / 2442MHz (18 dBm)
8 / 2447MHz (18 dBm)
9 / 2452MHz (18 dBm)
10 / 2457MHz (18 dBm)
11 / 2462MHz (18 dBm)
12 / 2467MHz (18 dBm)
13 / 2472MHz (18 dBm)
14 / 2484MHz (18 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
144 / 5720MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)
169 / 5845MHz (18 dBm)
173 / 5865MHz (18 dBm)
$ uname -r
5.1.7-arch1-1-ARCH
Running not out of the box. Get driver from here:
https://github.com/aircrack-ng/rtl8812au
aircrack-ng team is doing a really good job here!
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-09-2019
So, my awus036ac should work too, as they share the driver. Is it necessary to start airmon-ng on the interface before hcxdumptool?
I'm doing it, but don't know if it's right.