Not every router is configured to use PMKIDs. Your TP-Link Archer A5 is among them.
iwconfig is deprecated and should not be used any longer. It has been replaced by iw!
There is no need ro run third party tools to set monitor mode because hcxdumptool/hcxlabtool do this. Just stop all services that take access to the device. That is mentioned in --help:
Use hcxhashtool to filter authorized handshakes only (as mentioned in --help):
That prevent that hashcat is running on challenges (possible wrong PSK by CLIENT).
More information about filtering is here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
If you know the operating channel of the target (e.g. from --rcascan) it doesn't make sense to scan the entire frequency range by option -F.
The attack is faster if you set the operating channel/band by option -c
More information is here:
https://github.com/ZerBea/hcxdumptool/discussions/492
and here:
https://github.com/ZerBea/hcxdumptool/discussions/485
Run tshark (on hcxdumptool's pcapng file) to show PMKIDs:
Or run tshark in parallel (second terminal) with hcxdumptool to show PMKIDs on the fly:
More information is here:
https://github.com/ZerBea/hcxdumptool/discussions/495
iwconfig is deprecated and should not be used any longer. It has been replaced by iw!
There is no need ro run third party tools to set monitor mode because hcxdumptool/hcxlabtool do this. Just stop all services that take access to the device. That is mentioned in --help:
Code:
Important recommendation:
-------------------------
Do not set monitor mode by third party tools or third party scripts!
Do not use virtual interfaces (monx, wlanxmon, prismx, ...)!
Do not use virtual machines or emulators!
Do not run other tools that take access to the interface in parallel (except: tshark, wireshark, tcpdump)!
Do not use tools to change the virtual MAC (like macchanger)!
Do not merge (pcapng) dump files, because this destroys assigned hash values!Use hcxhashtool to filter authorized handshakes only (as mentioned in --help):
Code:
--authorized : filter EAPOL pairs by status authorized (M2M3, M3M4, M1M4)More information about filtering is here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
If you know the operating channel of the target (e.g. from --rcascan) it doesn't make sense to scan the entire frequency range by option -F.
The attack is faster if you set the operating channel/band by option -c
More information is here:
https://github.com/ZerBea/hcxdumptool/discussions/492
and here:
https://github.com/ZerBea/hcxdumptool/discussions/485
Run tshark (on hcxdumptool's pcapng file) to show PMKIDs:
Code:
$ tshark -r dumpfile.pcapng -Y "wlan.rsn.ie.pmkid" -T fields -E header=y -e wlan.bssid -e wlan.rsn.ie.pmkid | sort -uOr run tshark in parallel (second terminal) with hcxdumptool to show PMKIDs on the fly:
Code:
$ tshark -i INTERFACENAME -f "wlan type data" -T fields -E header=y -e wlan.bssid -e wlan.rsn.ie.pmkidhttps://github.com/ZerBea/hcxdumptool/discussions/495