-E, -I and -U collecting data from the WLAN traffic and store them as ASCII text files. The idea is to use this lists as wordlists for hashcat.
For example, if a user confused something when he types password and ESSID the password will be transmitted in the clear. -I will give us some IMEIs (many mobile router use part of the IMEI as password) and -U some usernames. There are many, many examples like this...
New results will be added to existing ones. So it's a good idea to run this lists (they will grow, soon and your results are going to get better and better) against you latest captures from time to time.
... but how do you feed hashcat with the essidlist?
simply run this commands:
$ hcxpcaptool -E prlist -o test.hccapx test.cap
$ hashcat -m 2500 test.hccapx prlist
....ok it isn't so simple:
hcxdumptool requests identities and usernames and forces a client to probe and to do many things he doesn't want to do.
It acts as an access point for a client (ap-less attack vector to force probes and to do authentications, associations and request M2 EAPOL frames) and as a client for an access point (client less attack vector to request M1 EAPOL frames - they contain the PMKID).
You can improve the lists, running hcxwltool on them and feed this result to hashcat.
Or find out if password is part of the ESSID, running hcxpsktool and feed the result to hashcat.
For example, if a user confused something when he types password and ESSID the password will be transmitted in the clear. -I will give us some IMEIs (many mobile router use part of the IMEI as password) and -U some usernames. There are many, many examples like this...
New results will be added to existing ones. So it's a good idea to run this lists (they will grow, soon and your results are going to get better and better) against you latest captures from time to time.
... but how do you feed hashcat with the essidlist?
simply run this commands:
$ hcxpcaptool -E prlist -o test.hccapx test.cap
$ hashcat -m 2500 test.hccapx prlist
....ok it isn't so simple:
hcxdumptool requests identities and usernames and forces a client to probe and to do many things he doesn't want to do.
It acts as an access point for a client (ap-less attack vector to force probes and to do authentications, associations and request M2 EAPOL frames) and as a client for an access point (client less attack vector to request M1 EAPOL frames - they contain the PMKID).
You can improve the lists, running hcxwltool on them and feed this result to hashcat.
Or find out if password is part of the ESSID, running hcxpsktool and feed the result to hashcat.