Both of the GPU recovery tools (hashcat and JtR) doesn't have an own WiFi parser. That was the major reason for me to code one.
JtR is a nice tool. Using it, will help understanding how things are working. The same applies to hashcat.
"I will follow your advices and learn hcxtools, but just to be sure, was I doing things correctly ?"
Are you successful doing this workflow?
If not, you should try a new approach.
You should now that running too many deauthentications will destroy authentication sequences (aireplay-ng doesn't take care about this).
Running your workflow, you should also know that you will not retrieve a PMKID!
Please notice:
hcxdumptool/hcxtools are analysis tools - so you're right, when you say you have to learn how to use them.
Nearly everything you should know (inclusive examples) is explained in this thread:
https://hashcat.net/forum/thread-6661-page-69.html
Additional I recommend to read the issue reports (open and closed) here:
https://github.com/aircrack-ng/aircrack-ng/issues
and here:
https://github.com/ZerBea/hcxtools/issues
https://github.com/ZerBea/hcxdumptool/issues
You'll get some good information about limitations and issues.
To verify the dump files, I recommend tshark and/or Wireshark.
To see how hcxpcapngtool works read more here:
https://wpa-sec.stanev.org/?
To get an overview of the complexity of the recovered PSKs, download C-nets from here:
https://wpa-sec.stanev.org/?dicts
decompress and show results (you mentioned length 18):
BTW:
Discovering a weak point (and retrieving the PSK) start with a successful attack vector against the target (first step). Running hashcat is the last step in the chain. If the first step failed, the last step will fail, too. That isn't an issue of hashcat!
Please notice:
The target is not a single ACCESS POINT (old school). The target is the whole NETWORK. That include the ACCESS POINT and all(!) CLIENTs. Also, it include PROBEREQUEST frames, AUTHENTICATION frames, ASSOCIATION frames, REASSOCIATION frames and of course EAPOL/EAP frames. All this frames contain useful information you can feed to hashcat.
Capturing a single BEACON and an EAPOL handshake (old school) is not enough.
JtR is a nice tool. Using it, will help understanding how things are working. The same applies to hashcat.
"I will follow your advices and learn hcxtools, but just to be sure, was I doing things correctly ?"
Are you successful doing this workflow?
Code:
airmon-ng -> airodump-ng -> aireplay-ng -> cap2hccapx -> hashcat
You should now that running too many deauthentications will destroy authentication sequences (aireplay-ng doesn't take care about this).
Running your workflow, you should also know that you will not retrieve a PMKID!
Please notice:
hcxdumptool/hcxtools are analysis tools - so you're right, when you say you have to learn how to use them.
Nearly everything you should know (inclusive examples) is explained in this thread:
https://hashcat.net/forum/thread-6661-page-69.html
Additional I recommend to read the issue reports (open and closed) here:
https://github.com/aircrack-ng/aircrack-ng/issues
and here:
https://github.com/ZerBea/hcxtools/issues
https://github.com/ZerBea/hcxdumptool/issues
You'll get some good information about limitations and issues.
To verify the dump files, I recommend tshark and/or Wireshark.
To see how hcxpcapngtool works read more here:
https://wpa-sec.stanev.org/?
To get an overview of the complexity of the recovered PSKs, download C-nets from here:
https://wpa-sec.stanev.org/?dicts
decompress and show results (you mentioned length 18):
Code:
$ gunzip cracked.txt.gz
$ cat cracked.txt | awk 'length($1)>=18'
BTW:
Discovering a weak point (and retrieving the PSK) start with a successful attack vector against the target (first step). Running hashcat is the last step in the chain. If the first step failed, the last step will fail, too. That isn't an issue of hashcat!
Please notice:
The target is not a single ACCESS POINT (old school). The target is the whole NETWORK. That include the ACCESS POINT and all(!) CLIENTs. Also, it include PROBEREQUEST frames, AUTHENTICATION frames, ASSOCIATION frames, REASSOCIATION frames and of course EAPOL/EAP frames. All this frames contain useful information you can feed to hashcat.
Capturing a single BEACON and an EAPOL handshake (old school) is not enough.