hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html) +--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html) |
hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-23-2017 Small set of tools to capture and convert packets from wlan devices designed for the use with latest hashcat: wlandump-ng (Small, fast and powerfull deauthentication/authentication/response tool) wlanresponse (Extreme fast deauthentication/authentication/response tool (unattended use on Raspberry Pi's)) wlanrcascan (Small, fast and simple passive WLAN channel assignment scanner (status output)) wlancapinfo (Shows info of pcap file) wlancap2hcx (Converts cap to hccapx and other formats (recommended for use with wlandump-ng and wlanresponse)) wlanhcx2cap ( Converts hccapx to cap) wlanhc2hcx (Converts hccap to hccapx) wlanhcx2essid (Merges hccapx containing the same ESSID) wlanhcx2ssid (Strips BSSID, ESSID, OUI) wlanhcx2john (Converts hccapx to format expected by John the Ripper) wlanhcxinfo (Shows detailed info from contents of hccapxfile) wlanhcxmnc (Manually do nonce correction on byte number xx of a nonce) wlancap2wpasec (Upload multiple caps to http://wpa-sec.stanev.org) whoismac (Show vendor information) pwhash (Generate hash of a word by using a given charset) pioff (Turns Raspberry Pi off via GPIO switch - hardware mods required) Some of the features: wlandump-ng/wlanresponse are able to prevent complete wlan traffic wlandump-ng/wlanresponse are able to capture handshakes from not connected clients wlandump-ng/wlanresponse are able to capture handshakes from 5GHz clients on 2.4GHz wlandump-ng/wlanresponse are able to capture extended EAPOL (WPA Enterprise, WPS) wlandump-ng/wlanresponse are able to capture passwords from the wlan traffic wlancap2hcx is able to strip WPA Enterprise to use with hashcat (-m 4800, -m 5500) Take a look into help of each tool (-h) The tools are part of the penetration-distros BlackArch and The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali); or get latest version from here: https://github.com/ZerBea/hcxtools ZerBea RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - atom - 06-23-2017 Hot! Thanks! RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - winxp5421 - 06-23-2017 This is fantastic! Now, all we need is an automated way to scan client probe requests, setup fake AP with probe request info, client attempts authentication, save to .cap, rinse, repeat. RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-23-2017 Well, that's allready implemented in wlandump-ng wlandump-ng -i <wlandevice> -o test.cap -c 1 -t 60 -d 100 -D 10 -m 512 -b -r -s 20 and wlanresponse wlanresponse -i <wlandevice> -o test.cap -b -t 3 and much more... RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - winxp5421 - 06-23-2017 I have no words for how amazing you are. RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-24-2017 added iSCSI CHAP authentication, MD5(CHAP) and option to save usernames/identities to a file RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-24-2017 refactored scan engine now full 5GHz support for fixed channel operation use high value (-t 86400 for a day) see wlandump-ng -h device must support this! RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-25-2017 example of a typical output: wlancap2hcx *.cap start reading from example.cap 27278 packets processed (27278 wlan, 0 lan, 0 loopback) found 24 usefull wpa handshakes hashcat --nonce-error-corrections is working on that file found MD5-Challenge (hashcat -m 4800) found EAP-TLS Authentication found EAP-Cisco Wireless Authentication (hashcat -m 5500) found EAP-SIM (GSM Subscriber Modules) Authentication found PEAP Authentication found WPS Authentication found IPv4 packets found IPv6 packets found TCP packets found UDP packets found PPP CHAP Authentication packets (hashcat -m 5500) found wpa encrypted data packets found wep encrypted data packets RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-25-2017 example of a typical status: sudo wlandump-ng -i wlp0s26u1u2 -o test.cap -c 1 -t 3 -d 100 -D 10 -m 512 -b -r -s 20 interface.....................................................: wlp0s26u1u2 internal pcap errors.....................................: 0 interface channel/hop timer..........................: 08/3 private-mac (oui/nic)...................................: 00a0856e6e00 deauthentication/disassociation count............: 100/10 current/maximum ringbuffer entries..............: 321/512 proberequests/proberesponses.....................: 798/1073 associationrequests/reassociationrequests.....: 421/57 transmitted m1/received appropriate m2.......: 391/843 received regular m1/m2/m3/m4...................: 57/43/55/16 mac_ap hs xe essid (countdown until next deauthentication/disassociation) --------------------------------------------------------------------------------------------- 00a0856e6dfe 00 00 default (94/10) ... ... 17 more status lines containing networkinfos RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - Hedotensei - 06-26-2017 Hello ! Mate , can you give us a tuto, how to capture the handshake and how convert it please ? im new and i dont know how ! |