hcxdumptool install problem - Printable Version

hcxdumptool install problem - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: hcxdumptool install problem (/thread-9113.html)

hcxdumptool install problem - Uraniumhazee - 04-06-2020

Code:
sudo make install

cc -O3 -Wall -Wextra -std=gnu99  -o hcxpioff hcxpioff.c  -DVERSION_TAG=\"6.0.5-4-gb2adde8\" -DVERSION_YEAR=\"2020\"

cc -O3 -Wall -Wextra -std=gnu99  -o hcxdumptool hcxdumptool.c  -lcrypto -lssl -DVERSION_TAG=\"6.0.5-4-gb2adde8\" -DVERSION_YEAR=\"2020\"

install -m 0755 -D hcxpioff /usr/local/bin/hcxpioff

install -m 0755 -D hcxdumptool /usr/local/bin/hcxdumptool

rm -f hcxpioff

rm -f hcxdumptool

rm -f *.o *~

how can i solve this problem

another problem with capture pmkids

Code:
hcxdumptool -o hash -i wlan0mon --filterlist=filter.txt --filtermode=2 --enable_status

hcxdumptool: option '--filterlist=filter.txt' is ambiguous; possibilities: '--filterlist_ap' '--filterlist_client'

hcxdumptool 6.0.5-4-gb2adde8 (C) 2020 by ZeroBeat

usage: hcxdumptool -h for help

Thanks

RE: hcxdumptool install problem - ZerBea - 04-06-2020

$ hcxdumptool --help will show you the correct syntax
add target AP_MC to filterlist.txt (format 112233445566)
replace --filterlist with --filterlist_ap
replace --enable_status with --enable_status=31
replace -o hash with -o dump.pcapng

Do not(!) use hcxdumptool in combination with airmon-ng. You should have received many warnings during start up of hcxdumptool that it isn't a good idea.
hcxdumptool uses an own monitor mode and will show you the services that take access to the interface. You have to stop them by hand!

The complete command line should look like this:

Code:
$ hcxdumptool -i <interface> -o dump.pcapng --filterlist_ap=filter.txt --filtermode=2 --enable_status=31

To convert the traffic to hashcat format, run hcxpcapngtool (latest git head):

Code:
$ hcxpcapngtool -o test.22000 *.pcapng

Get a good wordlist:
https://3wifi.stascorp.com/3wifi-dic-2020-03-02.7z

To recover the PSK run hashcat (latest git head):

Code:
$ hashcat -m 22000 test.22000 3WiFi_WiFiKey.txt

Alternative (some CLIENTs transmit PSK in plain/clear):
run hcxdumptool 24/7

convert to hashcat format:

Code:
$ hcxpcapngtool -o test.22000 -E wordlist *.pcapng

run hashcat

Code:
$ hashcat -m 22000 test.22000 wordlist

To get driver type and to test that your interface/driver is suitable, run:

Code:
$ hcxdumptool -I

$ hcxdumptool -i <interface> --check_driver

$ hcxdumptool -i <interface> --check_injection

BTW:
If you understand Spanish (WiFislax forum: search for hcx):
https://foro.seguridadwireless.net/

If you understand Russian (something about wordlists):
https://antichat.com/threads/281655/page-179

RE: hcxdumptool install problem - Uraniumhazee - 04-06-2020

(04-06-2020, 05:50 PM)ZerBea Wrote: $ hcxdumptool --help will show you the correct syntax
add target AP_MC to filterlist.txt (format 112233445566)
replace --filterlist with --filterlist_ap
replace --enable_status with --enable_status=31
replace -o hash with -o dump.pcapng

Do not(!) use hcxdumptool in combination with airmon-ng. You should have received many warnings during start up of hcxdumptool that it isn't a good idea.
hcxdumptool uses an own monitor mode and will show you the services that take access to the interface. You have to stop them by hand!

The complete command line should look like this:

Code:
$ hcxdumptool -i <interface> -o dump.pcapng --filterlist_ap=filter.txt --filtermode=2 --enable_status=31

To convert the traffic to hashcat format, run hcxpcapngtool (latest git head):

Code:
$ hcxpcapngtool -o test.22000 *.pcapng

Get a good wordlist:
https://3wifi.stascorp.com/3wifi-dic-2020-03-02.7z

To recover the PSK run hashcat (latest git head):

Code:
$ hashcat -m 22000 test.22000 3WiFi_WiFiKey.txt

Alternative (some CLIENTs transmit PSK in plain/clear):
run hcxdumptool 24/7

convert to hashcat format:

Code:
$ hcxpcapngtool -o test.22000 -E wordlist *.pcapng

run hashcat

Code:
$ hashcat -m 22000 test.22000 wordlist

To get driver type and to test that your interface/driver is suitable, run:

Code:
$ hcxdumptool -I $ hcxdumptool -i <interface> --check_driver $ hcxdumptool -i <interface> --check_injection

BTW:
If you understand Spanish (WiFislax forum: search for hcx):
https://foro.seguridadwireless.net/

If you understand Russian (something about wordlists):
https://antichat.com/threads/281655/page-179

thanks for your replies
i successed but i tried one more time

i got this error

Code:
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~# hcxdumptool -o test.pcapng -i wlan0mon --enable_status 3

initialization...

warning: NetworkManager is running with pid 533

(possible interfering hcxdumptool)

warning: wpa_supplicant is running with pid 845

(possible interfering hcxdumptool)

warning: wlan0mon is probably a virtual monitor interface

interface is already in monitor mode

warning: interface is not up

warning: failed to init socket

try to use iw to set monitor mode

try to use ip link to bring interface up

terminating...

how can i fix this

RE: hcxdumptool install problem - ZerBea - 04-07-2020

Do not(!) run airmon-ng! The script (1540 lines to do such a simple thing as setting monitor mode) is designed to be used by aircrack-ng suite and not by hcxdumptool. It will create a virtual monitor interface by NETLINK command.

To solve the warnings:
warning: NetworkManager is running with pid 533

Code:
sudo systemctl stop NetworkManager.service

warning: wpa_supplicant is running with pid 845

Code:
sudo systemctl stop wpa_supplicant.service

warning: wlan0mon is probably a virtual monitor interface
A virtual monitor interface created by NETLINK is good if you like to stream nice videos from cute little kittens. It is not the first choice to perform high speed layer two WiFi attacks.

interface is already in monitor mode
warning: interface is not up
if the interface is already in monitor mode, hcxdumptool expect a full operational interface. It will warn you if that isn't the case.

Notice: Not all drivers/interfaces are suitable to run monitor mode and full packet injection. We need both!
Please post output of

Code:
$ hcxdumptool -I

Please post output of

Code:
$ hcxdumptool -i <your_interface> --check_driver

Please post output of

Code:
$ hcxdumptool -i <your_interface> --check_injection

And some words about "K*A*L*I, because I noticed several issue reports and comments from people with hardly any knowledge of Linux or anything related to computer security who are now trying to use K*A*L*I as their main "cracking" Linux distribution. You don’t have to use K*A*L*I. It is just a special distribution that makes the tasks it’s specifically designed for easier, while consequently making many, many other tasks more difficult.
First get familiar with Linux environment - Ubuntu (recommended by hashcat developer) gives you a better opportunity.