update hcxtools (better plainmasterkey handling): https://github.com/ZerBea/hcxtools
added new option -O to wlancap2hcx:
-O <file> : output hccapx file without ESSIDs (WPA/WPA2/WPA2 AES-128-CMAC: use hashcat -m 2501 only)
All handshakes without ESSID went into this file, mainly handshakes from the second part of an expanded EAPOL authentication (like RADIUS / ENTERPRISE). This handshakes are crackable using captured plainmasterkeys from wlan-traffic (wlancap2hcx option -f) or pre-computed plainmasterkeys.
example:
$ wlancap2hcx -O noessid.hccapx test.cap
start reading from test.cap
12089037 packets processed (12089037 wlan, 0 lan, 0 loopback)
total 286811 usefull wpa handshakes
found 85 handshakes with zeroed plainmasterkeys (use hashcat -m 2501 with a zeroed plainmasterkey)
found 2467 handshakes without ESSIDs (use hashcat -m 2501)
$ hashcat -m 2501 --logfile-disable --potfile-path=hashcat.2501.pot --outfile-format=2 -o foundhashcat.2501 noessid.hccapx pmklist
hashcat (4.0.0-rc1) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA/WPA2 PMK
Hash.Target......: noessid.hccapx
Time.Started.....: Mon Oct 2 13:22:05 2017 (0 secs)
Time.Estimated...: Mon Oct 2 13:22:05 2017 (0 secs)
Guess.Base.......: File (pmklist)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 288.1 kH/s (0.00ms)
Recovered........: 25/252 (9.92%) Digests, 0/1 (0.00%) Salts
Progress.........: 48164/48164 (100.00%)
Rejected.........: 0/48164 (0.00%)
Restore.Point....: 48164/48164 (100.00%)
Candidates.#1....: 00.... -> ff....
HWMon.Dev.#1.....: Temp: 34c Fan: 33% Util: 62% Core:1911MHz Mem:5005MHz Bus:16
Do not wonder about this 2 values:
wlancap2hcx: found 2467 handshakes without ESSIDs
hashcat: Recovered........: 25/252 (9.92%) Digests, 0/1 (0.00%) Salts
In this case wlancap2hcx doesn't test dupes, because hashcat makes it better.
added new option -O to wlancap2hcx:
-O <file> : output hccapx file without ESSIDs (WPA/WPA2/WPA2 AES-128-CMAC: use hashcat -m 2501 only)
All handshakes without ESSID went into this file, mainly handshakes from the second part of an expanded EAPOL authentication (like RADIUS / ENTERPRISE). This handshakes are crackable using captured plainmasterkeys from wlan-traffic (wlancap2hcx option -f) or pre-computed plainmasterkeys.
example:
$ wlancap2hcx -O noessid.hccapx test.cap
start reading from test.cap
12089037 packets processed (12089037 wlan, 0 lan, 0 loopback)
total 286811 usefull wpa handshakes
found 85 handshakes with zeroed plainmasterkeys (use hashcat -m 2501 with a zeroed plainmasterkey)
found 2467 handshakes without ESSIDs (use hashcat -m 2501)
$ hashcat -m 2501 --logfile-disable --potfile-path=hashcat.2501.pot --outfile-format=2 -o foundhashcat.2501 noessid.hccapx pmklist
hashcat (4.0.0-rc1) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA/WPA2 PMK
Hash.Target......: noessid.hccapx
Time.Started.....: Mon Oct 2 13:22:05 2017 (0 secs)
Time.Estimated...: Mon Oct 2 13:22:05 2017 (0 secs)
Guess.Base.......: File (pmklist)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 288.1 kH/s (0.00ms)
Recovered........: 25/252 (9.92%) Digests, 0/1 (0.00%) Salts
Progress.........: 48164/48164 (100.00%)
Rejected.........: 0/48164 (0.00%)
Restore.Point....: 48164/48164 (100.00%)
Candidates.#1....: 00.... -> ff....
HWMon.Dev.#1.....: Temp: 34c Fan: 33% Util: 62% Core:1911MHz Mem:5005MHz Bus:16
Do not wonder about this 2 values:
wlancap2hcx: found 2467 handshakes without ESSIDs
hashcat: Recovered........: 25/252 (9.92%) Digests, 0/1 (0.00%) Salts
In this case wlancap2hcx doesn't test dupes, because hashcat makes it better.