Learning hashcat

[ZerBea]

Just to be clear, how is hcxtools better than aircrack-ng (since it's just for packet capturing) ?

hcxdumptool/hcxtools is designed to work with hashcat and JtR. It control hashcat behavior via pcapng comment fields and message_pair field.

Code:

hcxdumptool -> hcxpcapngtool -> hcxhashtool/hcxpsktool -> hashcat

you can use hashcat hash mode 22000 to get full advantage of reuse of PBKDF2 on PMKID and EAPOL. There is no need to run deprecated hash modes 2500 or 16800 any longer.

Code:

$ hashcat --help | grep 2200
  22000 | WPA-PBKDF2-PMKID+EAPOL                           | Network Protocols
  22001 | WPA-PMK-PMKID+EAPOL                              | Network Protocols

read more about the PMKID attack here:
https://hashcat.net/forum/thread-7717.html

while aircrack-ng suite use its own cracker:

Code:

aireplay-ng + airodump-ng -> aircrack-ng

but running this "mixed" combination is not a good idea:

Code:

aireplay-ng + airodump-ng -> aircrack-ng -> hashcat

as well as

Code:

hcxdumptool -> aircrack-ng

BTW:
In attack mode, hcxdumptool control AP and CLIENT behavior, too. That include the request of a PMKID if target AP and/or target CLIENT support this.
If the AP is not in your range, but the CLIENT is, hcxdudmptool will request all information from the CLIENT only. You don't to need to receive the AP.
There is no need to run an additional deauthentication tool (like mdk3/mdk4 or aireplay-ng).

All important frames are stored into the pcapng file as well as additional hash values.
A nice example is here:
https://github.com/evilsocket/pwnagotchi...-598597214