02-24-2021, 06:00 PM
(02-23-2021, 01:30 AM)ZerBea Wrote: Running wlangenpmkocl as super user (sudo) is not a good idea and absolutely not necessary.
Option -A is a good idea, because you'll get the PMK and the PSK. In combination with the ESSID you have all parts of the PBKDF2 algo.
Using different kinds of rules and masks (also in hybrid mode) is a very good idea on word lists, but not on a PMK list.
I'm doing this by:
capture traffic -> hcxdumptool
convert hash and data of PROBEREQUESTs -> hcxpcapngtool (-o -E)
get raw word list from hcxpcapngtool -E -> hcxeiutool -s
feeding hashcat with hcxeiutool -s output
sort the list and run hashcat task on hash and wordlist
commands:
Code:$ sudo hcxdumptool -i interface -o dump.pcapng --enable_status=1
for some hours
$ hcxpcapngtool -E trafficwords -o hash.22000 dump.pcapng
$ hcxeiutool -i trafficwords -s raw.list
$ hashcat --stdout -r "hcxessid.rule" cs.list | sort | uniq > word.list
$ hashcat -m 22000 --nonce-error-corrections=0 hash.22000 word.list
nonce-error-corrections=0 because I trust in hcxdumptool/hcxpcapngtool and expect no packet loss.
NC is explained here:
https://hashcat.net/forum/thread-6361.html
and referenced here, too:
https://github.com/s3inlc/hashtopolis/is...-783516615
BTW:
Here you can find the successor of wifite:
https://github.com/kimocoder/wifite2
In your example above:
$ sudo hcxdumptool -i interface -o dump.pcapng --enable_status=1
for some hours
$ hcxpcapngtool -E trafficwords -o hash.22000 dump.pcapng
$ hcxeiutool -i trafficwords -s raw.list
$ hashcat --stdout -r "hcxessid.rule" cs.list | sort | uniq > word.list
$ hashcat -m 22000 --nonce-error-corrections=0 hash.22000 word.list
Should cs.list be raw.list instead?