Hashcat + wlangenpmkocl how to convert back to plaintext ?
#22
(02-23-2021, 01:30 AM)ZerBea Wrote: Running wlangenpmkocl as super user (sudo) is not a good idea and absolutely not necessary.
Option -A is a good idea, because you'll get the PMK and the PSK. In combination with the ESSID you have all parts of the PBKDF2 algo.

Using different kinds of rules and masks (also in hybrid mode) is a very good idea on word lists, but not on a PMK list.

I'm doing this by:
capture traffic -> hcxdumptool
convert hash and data of PROBEREQUESTs -> hcxpcapngtool (-o -E)
get raw word list from hcxpcapngtool -E -> hcxeiutool -s
feeding hashcat with hcxeiutool -s output
sort the list and run hashcat task on hash and wordlist

commands:
Code:
$ sudo hcxdumptool -i interface -o dump.pcapng --enable_status=1
for some hours
$ hcxpcapngtool -E trafficwords -o hash.22000 dump.pcapng
$ hcxeiutool -i trafficwords -s raw.list
$ hashcat --stdout -r "hcxessid.rule" cs.list | sort | uniq > word.list
$ hashcat -m 22000 --nonce-error-corrections=0 hash.22000 word.list

nonce-error-corrections=0 because I trust in hcxdumptool/hcxpcapngtool and expect no packet loss.

NC is explained here:
https://hashcat.net/forum/thread-6361.html
and referenced here, too:
https://github.com/s3inlc/hashtopolis/is...-783516615

BTW:
Here you can find the successor of wifite:
https://github.com/kimocoder/wifite2

In your example above:
$ sudo hcxdumptool -i interface -o dump.pcapng --enable_status=1
for some hours
$ hcxpcapngtool -E trafficwords -o hash.22000 dump.pcapng
$ hcxeiutool -i trafficwords -s raw.list
$ hashcat --stdout -r "hcxessid.rule" cs.list | sort | uniq > word.list
$ hashcat -m 22000 --nonce-error-corrections=0 hash.22000 word.list

Should cs.list be raw.list instead?
Reply


Messages In This Thread
RE: Hashcat + wlangenpmkocl how to convert back to plaintext ? - by walterlacka - 02-24-2021, 06:00 PM