05-13-2020, 10:17 PM
MACs
Thank you for your explanation. I will experiment with "hcxpcapngtool -all" following your advice. Good idea to also filter PMKID's and authenticated handshakes as they obviously are real MAC's.
WPS
I was not asking that you incorporate a WPS attack into hcxdumptool I just wanted a test for auditing routers, not to carry out a full WPS attack, just test if the router responds to PIN attempts.
hcxdumptool could try a few PIN's to see if the router is actually responding then for hcxdumptool to move on. The user can then use reaver or bully if they wish to pursue a WPS attack.
If you are concerned about the time taken on each AP perhaps this WPS vulnerability test could be an optional switch for the user?
I was hoping for a result in the hcxhashtool --info output something like...
WPS Version: 1 (or) 2
WPS Vulnerable: Yes (or) Not responding to PINs
If you still don't like the request I promise to stop going on about it
Thank you
Thank you for your explanation. I will experiment with "hcxpcapngtool -all" following your advice. Good idea to also filter PMKID's and authenticated handshakes as they obviously are real MAC's.
WPS
I was not asking that you incorporate a WPS attack into hcxdumptool I just wanted a test for auditing routers, not to carry out a full WPS attack, just test if the router responds to PIN attempts.
hcxdumptool could try a few PIN's to see if the router is actually responding then for hcxdumptool to move on. The user can then use reaver or bully if they wish to pursue a WPS attack.
If you are concerned about the time taken on each AP perhaps this WPS vulnerability test could be an optional switch for the user?
I was hoping for a result in the hcxhashtool --info output something like...
WPS Version: 1 (or) 2
WPS Vulnerable: Yes (or) Not responding to PINs
If you still don't like the request I promise to stop going on about it
Thank you