10-27-2018, 06:29 PM
(10-27-2018, 05:04 PM)elidell Wrote: Hey super exciting post.. but i just tested this against three APs to which i know the password. I made a very small word list that contained those passwords and each time hashcat exhausted and yielded 0 recoveries. I am with @Rit here.. doesn't seem to work.. I don't know if i am missing something.. I wait of course until HCXDUMPTOOL yields a PMKID FOUND! running a command like so:
`hcxdumptool -i wlan1mon --filterlist=homewifi.txt --filtermode=2 --enable_status=3 -c 1 -o clownhouse.pcapng `
(which takes a while! I'd almost rather do a de-auth / capture 4way attack)
where homewifi.txt has my routers mac address minus the ":"
I then ran:
`hcxpcaptool -z hc_ready_clownhouse clownhouse.pcapng
summary:
--------
file name....................: clownhouse.pcapng
file type....................: pcapng 1.0
file hardware information....: x86_64
file os information..........: Linux 4.18.0-kali1-amd64
file application information.: hcxdumptool 4.2.1
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 81
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 0
beacons (with ESSID inside)..: 12
probe requests...............: 7
probe responses..............: 3
association responses........: 1
reassociation responses......: 1
authentications (OPEN SYSTEM): 1
authentications (BROADCOM)...: 1
EAPOL packets................: 52
EAPOL PMKIDs.................: 1
'
anything im missing? or does it just not work? maybe im late to the game and its already patched on all three routers? doubt that.