hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html) +--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html) |
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - mugenma - 02-11-2020 (02-10-2020, 04:15 PM)ZerBea Wrote: This information is only available in an original(!) and uncleaned(!) dump file (cap/pcap/pcapng format). Thank you very much for in-depth reply. This is really helpful. I knew about tshark and wireshark. I was hoping that there was simpler way Thanks again !!! RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 02-11-2020 tshark can do this really good: $ tshark -r test.pcapng.cap -T fields -e wps.device_name -e wps.serial_number or (inclusive transmitter address and ESSID): $ tshark -r test.pcapng.cap -T fields -e wlan.ta -e wlan.ssid -e wps.device_name -e wps.serial_number You can save them via stdout and validate them via bash commands with hcxhastool output. RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - wakawaka - 02-11-2020 updated to latest (after not updating 6 months or so) and I notice that when running latest hcxdumptool - there is no more status line at the bottom which states how many handshakes have been captured anymore - less items (status updates) on display than before ? am running hcxdumptool with --enable_status=15, should this be changed to something else ? anyway Zerbea, thanks for all your work in updating and adding new features to this tool. RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 02-11-2020 We are using a bitmask: Code: --enable_status=<digit> : enable real-time display (waterfall) To retrieve the status add 64! RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - WPA_Catcher - 02-11-2020 Hi ZerBea Just thought I would let you know I am still watching your progress on GitHub as you tweak your code! I am slowly working through the questions I have myself and look forward to the day hcx-anything replaces pretty much all other wifi tools. Great work and thank you for sharing. RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 02-12-2020 I'll do my very best. BTW: Feedback appreciated regarding this commit: https://github.com/ZerBea/hcxdumptool/commit/6c98258c437b205810fd496d37495e2d48e02cc5 Target: AP with activated Management Frame Protection (MFP) and (if possible) deactivated PMKID caching and connected CLIENT(s) $ hcxdumptool -i interface --enable_status=63 --reactive_beacon -c working_channel_of_AP expected result: 12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx REASSOCIATION (NETWORKNAME) 12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M1M2 RC:x EAPOLTIME:xxxxx (NETWORKNAME) 12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M2M3 RC:x EAPOLTIME:xxxxx (NETWORKNAME) or 12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx REASSOCIATION (NETWORKNAME) 12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M1M2 RC:xxxxx EAPOLTIME:xxxxx (NETWORKNAME) or 12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx REASSOCIATION (NETWORKNAME) 12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M1M2 RC:xxxxxx EAPOLTIME:xxxxx (NETWORKNAME) 12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M2M3 RC:x EAPOLTIME:xxxxx (NETWORKNAME) or any combination of this message pairs. For this test, it is important that the CLIENT is connected before hcxdumtool starts. Only then MFP is active. If it isn't possible to deactivate PMKID caching, it is very likely that hcxdumptool got a PMKID before MFP is active and stops the attack. In that case please retry it. Requesting a PMKID is much faster than retrieving a full 4-way handshake. Read more about MFP (PMF) here: https://en.wikipedia.org/wiki/IEEE_802.11w-2009 RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - WPA_Catcher - 02-13-2020 (02-12-2020, 01:25 PM)ZerBea Wrote: I'll do my very best. I am impressed with the new vector, you are really pushing forward on all possibilities. The more I learn about this subject the more I realise I am not qualified to have any opinion! However I think the first option looks OK to me. hcx- is just getting better and better! RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - wakawaka - 02-15-2020 am using RT3070 & RT3072 adapters with latest update Code: PHY Interface Driver Chipset but get lots of these errors Code: INFO ERROR:0 INCOMING:581 OUTGOING:358 PMKID:0 MP:0 GPS:0 RINGBUFFER:13 is this normal? have another RT8812AU adapter that I have not tried as it sometimes have driver issues am still able to capture pmkid/handshakes Code: summary capture file: RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 02-15-2020 There are no(!) errors: INFO ERROR:0 INCOMING:5831 OUTGOING:3445 PMKID:21 MP:1 GPS:0 RINGBUFFER:17 INFO ERROR:0 that means no device ERROR INCOMING:5831 received packets OUTGOING:3445 transmitted packets PMKID:21 received total PMKIDs (not unique) GPS:0 no GPS frames retrieved MP:1 one hadhsake RINGBUFFER: 17 APs in use skipped damaged packets..........: 1 we possible miss the interface statistic block at the end of the cap file. RT8812AU and RTL8188EU are under maintenance and there are many issues. Christian (kimocoder) doing a great job here: https://github.com/aircrack-ng/rtl8812au/issues https://github.com/aircrack-ng/rtl8188eus/issues Unfortunately he is a little bit busy. Unfortunately both drivers require iw (running NETLINK) to set monitor mode. hcxdumptool use ioctl() and AF_PACKET instead of adding another dependency to the attack vector. That is much, much faster than a virtual NETLINK interface! BTW: hcxpcaptool is deprecated. Please use hcxpcapngtool! RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ciccio17 - 02-23-2020 hi zerbea, i'm back, long time now, hope everythink is ok for you. i have some question. is the bug with ath9k-htc resolved? also is this problem the same on ath9k non usb card, i use hcxdumptool on openwrt in general? also i'm still on version 5 of your tools, and still on stable hashcat 5.1. so should i stay on this old tools or just use the new one with my hardware and hashcat 5.1 version? also is usable the tool on linux kernel 5.4.x? i used your last git on kernel 4.19 and is totaly a different tool for me, thank you for you work. |