(02-24-2021, 10:57 AM)ZerBea Wrote: I fully agree. It is mandatory to acquire new knowledge.
2005 is ok to acquire knowledge about 802.11 because there are no big changes in protocol.
BTW:
I'm running Arch on all my systems (also for daily use). Build from scratch:
XFCE, because I don't need an oversized desktop environment (no desktop environment on RPI's - a terminal is more than enough here)
Only services enabled that I really need.
Only tools installed that I really need (that include gcc suite).
No third party drivers (I don't buy hardware that require a third party driver. if you have some time, DuckDuckGo for this: "K A L I and rtl8812au issue" and you know what I mean).
I'm only interested in radio transmission systems, methods (that include the all types of modulation) and protocols (that include all protocols used on radio frequencies as well as the whole crypto part).
(02-24-2021, 06:00 PM)walterlacka Wrote:(02-23-2021, 01:30 AM)ZerBea Wrote: Running wlangenpmkocl as super user (sudo) is not a good idea and absolutely not necessary.
Option -A is a good idea, because you'll get the PMK and the PSK. In combination with the ESSID you have all parts of the PBKDF2 algo.
Using different kinds of rules and masks (also in hybrid mode) is a very good idea on word lists, but not on a PMK list.
I'm doing this by:
capture traffic -> hcxdumptool
convert hash and data of PROBEREQUESTs -> hcxpcapngtool (-o -E)
get raw word list from hcxpcapngtool -E -> hcxeiutool -s
feeding hashcat with hcxeiutool -s output
sort the list and run hashcat task on hash and wordlist
commands:
Code:$ sudo hcxdumptool -i interface -o dump.pcapng --enable_status=1
for some hours
$ hcxpcapngtool -E trafficwords -o hash.22000 dump.pcapng
$ hcxeiutool -i trafficwords -s raw.list
$ hashcat --stdout -r "hcxessid.rule" cs.list | sort | uniq > word.list
$ hashcat -m 22000 --nonce-error-corrections=0 hash.22000 word.list
nonce-error-corrections=0 because I trust in hcxdumptool/hcxpcapngtool and expect no packet loss.
NC is explained here:
https://hashcat.net/forum/thread-6361.html
and referenced here, too:
https://github.com/s3inlc/hashtopolis/is...-783516615
BTW:
Here you can find the successor of wifite:
https://github.com/kimocoder/wifite2
In your example above:
$ sudo hcxdumptool -i interface -o dump.pcapng --enable_status=1
for some hours
$ hcxpcapngtool -E trafficwords -o hash.22000 dump.pcapng
$ hcxeiutool -i trafficwords -s raw.list
$ hashcat --stdout -r "hcxessid.rule" cs.list | sort | uniq > word.list
$ hashcat -m 22000 --nonce-error-corrections=0 hash.22000 word.list
Should cs.list be raw.list instead?
Interesting, no I dedicated my laptop to ka li so wanted to fancify a little hehe. I got a HackRF I'm learning how to play with. GNU/Radio and GQRX are awesome. Can't seem to hear VHF and UHF frequencies though but I do see the signals. I think it's a modulation issue perhaps ? Anyway that's a totally separate problem, one massive headache at a time haha
Ok so I've re-read everything and I understand much better now, going to integrate your method in my experiment tonight. I'm wondering what Walter said though is line 5 cs.list supposed to be raw.list ?
I'm going to re-read your post again in case I'm missing a clue
EDIT: Oh wait. No it is NOT because I want the RAW at the end to compare so I don't have to re-brute force ? Also why is it bad to run something as sudo when you're not supposed to ? Sometimes I run sudo just in case.
EDIT2: I just realized something. I actually need mode 22001 because I'm using PMKs no ? How does this affect your capture ?