hashcat Forum
need help with hcx dumptool what am i doing wrong - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: need help with hcx dumptool what am i doing wrong (/thread-7929.html)



need help with hcx dumptool what am i doing wrong - PcBlackbelt - 11-06-2018

heres what my my capture looks like and the first two captures are from my router the second two are not is this normal? anyway when i turn the pmkid into hash and try to crack it.. hashcat gives me password from wrong access point.
hcxdumptool -o hashingit -i wlan0 --filterlist=tvfp2filer.txt --filtermode=2 --enable_status 1
start capturing (stop with ctrl+c)
INTERFACE:...............: wlan0
FILTERLIST...............: 1 entries
MAC CLIENT...............: fcc233dadfba
MAC ACCESS POINT.........: b025aa99a8f8 (incremented on every new client)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 63156
ANONCE...................: 1f963f900448da8c1182e40ba288928877f40543759cd5e6425deb3548407868
[16:26:17 - 001] 009fa9073914 -> 5c93a20b3897 [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 2516]
[16:40:15 - 001] 009fa9073914 -> ccfb65942f7e [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 2651]
[17:19:39 - 001] b44bd20fd6ba -> 5c8fe0bf2984 [EAPOL 4/4 - M4 RETRY ATTACK]
[17:39:53 - 011] 2c56dc54e238 -> 5ccf7f48a404 [FOUND PMKID]
INFO: cha=11, rx=145350, rx(dropped)=3145, tx=2453, powned=3, err=0^C
terminated...
the filter is working somewhat atleast cuz i tried without filter and got slammed with tons more


could it be my awus036nha wireless card???


RE: need help with hcx dumptool what am i doing wrong - ZerBea - 11-06-2018

In your case:
[16:26:17 - 001] 009fa9073914 -> 5c93a20b3897 [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 2516]
[16:40:15 - 001] 009fa9073914 -> ccfb65942f7e [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 2651]
[17:39:53 - 011] 2c56dc54e238 -> 5ccf7f48a404 [FOUND PMKID]

009fa9073914 doesn't have PMKID caching enabled - you will not get a PMKID from this AP.



Please read this:
https://hashcat.net/forum/thread-7717-po...l#pid41863
https://hashcat.net/forum/thread-7717-po...l#pid41864
The filter is only used in the transmission branch. The receiving branch remains untouched.

To understand hcxtools and hcxdumptool read this complete thread:
https://hashcat.net/forum/thread-7717.html
and that complete thread:
https://hashcat.net/forum/thread-6661.html



running without a filter list:
  1. hcxdumptool captures everything it receives and will interact with all APs and CLIENTs in range.
  2. running with filter list and filter mode 1:
    hcxdumptool captures everything it receives and will interact with all APs and CLIENTs in range,
    except(!) the ones from the filter list
  3. running with filter list and filter mode 2:
    hcxdumptool captures everything it receives and will interact only with the APs and CLIENTs in range
    from the filter list
important notes:
filter list (both filter modes) doesn't work on CLIENTs which use mac randomization
to make sure, we get all entries from the CLIENTs wpa-supplicant.conf, hcxdumptool will respond (depending on filter list and filter mode) to all requests from the CLIENT until the CLIENT give up.



Passive (hcxdumptool doesn't interact with AP and/or CLIENT):
[FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 2516]
[FOUND PMKID]


Active (hcxdumptool interacts with AP and/or CLIENT):
[FOUND HANDSHAKE AP-LESS, EAPOL TIMEOUT 3981]
[FOUND PMKID CLIENT-LESS]


Added also additional informations to hcxdumptool -h:
--filterlist=<file> : mac filter list
format: 112233445566 + comment
maximum line lenght 255, maximum entries 64
important note:
only used in the transmission branch
the receiving branch remains untouched


RE: need help with hcx dumptool what am i doing wrong - ZerBea - 11-07-2018

Added new filter mode 3 (filter receiving branch) to hcxdumptool.
--filterlist=<file> : mac filter list
format: 112233445566 + comment
maximum line lenght 255, maximum entries 64
important note:
--filtermode=<digit> : mode for filter list
1: use filter list as protection list (default) in transmission branch
receive everything, interact with all APs and CLIENTs in range,
except(!) the ones from the filter list
2: use filter list as target list in transmission branch
receive everything, only interact with APs and CLIENTs in range,
from the filter list
3: use filter list as target list in receiving branch
only receive APs and CLIENTs in range,
from the filter list