07-26-2023, 09:25 AM
hcxdumptool, hcxpcapngtool and hashcat options are highly dependent on the expected result (e.g. discover weak points).
I'll say, for me as an analyst and coder, I prefer EAPOL M1M2ROGUE challenges (CLIENT connect attempt to hcxdumptool).
To identify weak points, unencrypted EAPOL M2's especially in combination with undirected PROBEREQUESTs and EAP identities are very, very useful. NC is not required (hashcat -m 22000 --nonce-error-corrections=0) which speed up the analysis).
bitmask: 0xx10000 (BE/LE router doesn't matter)
I'll say, for me as an analyst and coder, I prefer EAPOL M1M2ROGUE challenges (CLIENT connect attempt to hcxdumptool).
To identify weak points, unencrypted EAPOL M2's especially in combination with undirected PROBEREQUESTs and EAP identities are very, very useful. NC is not required (hashcat -m 22000 --nonce-error-corrections=0) which speed up the analysis).
bitmask: 0xx10000 (BE/LE router doesn't matter)
Code:
000 = M1+M2, EAPOL from M2 (challenge)
4: ap-less attack (set to 1) - nonce-error-corrections not required