hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
24h is good, but you should do that on different days and or different month, too.

Let me say a few words about hcx-suite:
The suite is designed as an analysis suite. All attack vectors run on raw packet level, usually against machines. If there is no weak machine (client) in range, you don't get a PSK or a PMK.
The suite doesn't perform higher lever attacks like running a fake AP using a patched hostapd. From my point of view that is phishing!

And some words about the goal for a new hash line from the perspective of a penetration tester:
The task is to test a network of a company (ESSID: "network", PSK: networkkey1, and some clients)
hcxdumptool got the following result:
... FOUND PMKID CLIENT-LESS
... FOUND PMKID
... FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT
... FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT
... FOUND HANDSHAKE AP-LESS, EAPOL TIMEOUT

hcxpcaptool convert the hashes.
hashcat -m 16800 recoverd 2/2 and the correct networkkey1
Unfortunately, we have to to the same on hashmode -2500.
Running latest hashcat (new potfile line, hashcat detects allready cracked networks by PMK and remove them - you will see, the potfile line is different to the olde version) and we got the message that 2 hashes are removed. They belong to the company network.
The left handshake is somebody who tries to get access to the companies network running a false key.
...and we will get this false PSK, too - (reason, why we must run 16800 and 2500).

hashcat's recovering process of a WPA key is divided into 2 parts:
PBKDF2 calculation of the PMK (very slow)
PMK verification (fast) by EAPOL (250x) or(!) PMKID (1680x)
Unfortunately, if we have both, a PMKID and an EAPOL, we must run our wordlist twice. That will cost much time.

Goal of the new hashline is to run PBKDF2 once and to verify the PMK against EAPOL and(!) PMKID in one step (instead of running 2500 and 16800 on the same wordlist). That will save 50% GPU time, because the wordlist is running only once.
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 04-10-2019, 11:55 AM