hashcat Forum Support hashcat v
please help me i am a newbie

Linear Mode
please help me i am a newbie
ZerBea Offline
Moderator
*****
Posts: 1,042
Threads: 2
Joined: Jun 2017
#3
07-20-2020, 09:17 AM (This post was last modified: 07-20-2020, 09:24 AM by ZerBea.)
According to the help menu, you have to use either
--filtermode=2 in combination with --filterlist_ap=yourtargetmaclist
or create a Berkeley Packet Filter (attack MAC)
Code:
--filterlist_ap=<file>             : ACCESS POINT MAC filter list
                                     format: 112233445566, 11:22:33:44:55:66, 11-22-33-44-55-66 # comment
                                     maximum entries 256
                                     run first --do_rcascan to retrieve information about the target
--filterlist_client=<file>         : CLIENT MAC filter list
                                     format: 112233445566, 11:22:33:44:55:66, 11-22-33-44-55-66 # comment
                                     maximum entries 256
                                     due to MAC randomization of the CLIENT, it does not always work!
--filtermode=<digit>               : mode for filter list
                                     mandatory in combination with --filterlist_ap and/or --filterlist_client
                                     affected: only outgoing traffic
                                     notice: hcxdumptool act as passive dumper and it will capture the whole traffic on the channel
                                     0: ignore filter list (default)
                                     1: use filter list as protection list
                                        do not interact with ACCESS POINTs and CLIENTs from this list
                                     2: use filter list as target list
                                        only interact with ACCESS POINTs and CLIENTs from this list
                                        not recommended, because some useful frames could be filtered out

--bpfc=<file>                      : input Berkeley Packet Filter (BPF) code
                                     affected: incoming and outgoing traffic
                                     steps to create a BPF (it only has to be done once):
                                      set hcxdumptool monitormode
                                       $ hcxumptool -m <interface>
                                      create BPF to protect a MAC
                                       $ tcpdump -i <interface> not wlan addr1 11:22:33:44:55:66 and not wlan addr2 11:22:33:44:55:66 -ddd > protect.bpf
                                       recommended to protect own devices
                                      or create BPF to attack a MAC
                                       $ tcpdump -i <interface> wlan addr1 11:22:33:44:55:66 or wlan addr2 11:22:33:44:55:66 -ddd > attack.bpf
                                       not recommended, because important pre-authentication frames will be lost due to MAC randomization of the CLIENTs
                                      use the BPF code
                                       $ hcxumptool -i <interface> --bpfc=attack.bpf ...
                                     see man pcap-filter for a list of all filter options

In addition to that, hashcat forum contain a complete thread how to use hcxdumptool/hcxtools (inclusive older versions of the tools):
https://hashcat.net/forum/thread-6661.html
and the PMKID attack vector, too:
https://hashcat.net/forum/thread-7717.html
Find
Reply


Messages In This Thread
please help me i am a newbie - by mike21 - 07-18-2020, 07:18 PM
RE: please help me i am a newbie - by Mem5 - 07-19-2020, 01:18 PM
RE: please help me i am a newbie - by ZerBea - 07-20-2020, 09:17 AM
RE: please help me i am a newbie - by Talented1 - 07-22-2020, 05:39 AM
RE: please help me i am a newbie - by ZerBea - 07-22-2020, 11:41 AM