01-11-2020, 05:36 PM
(This post was last modified: 01-11-2020, 05:37 PM by WPA_Catcher.)
Hi ZerBea
I really like the idea of the hashes being exported from hcxpcapngtool as text (.22000). As you are currently designing the format could I make a request that, assuming I understand autohex to mean write in ASCII unless the output would crash you system if so then use Hex, would it be possible to have autohex on ESSID names written to each text line?
Example:
Netgear123:WPA*01*2f5c05d6ad2070743...etc or if the AP name is bad then "Hex...:WPA*01*2f5c05d6ad2070743...etc"
When using hcxpcapngtool if a user outputs the entire contents of their .pcapng file to hccap each network is merged into a single .hccap. This is no use to the user as hccap's have to only contain a single network per hccap.
As it seems possible to make hccapx and hccap files directly from the new text format (.22000) I am not sure why hcxpcapngtool has the --hccap option. Perhaps the conversion should be left solely to hcxhashtool? Hopefully this will be easier for you to maintain as only one tool converts to hccap and hccapx.
If the user directly converts the .22000 text output to hccap using hcxhashtool how will the resulting hccap be crackable? I ask because when converting to hccap using hcxpcapngtool it requires --ignore-ie.
hcxhashtool
Could hcxhashtool please have the features wlanhcx2ssid has but for the text hash and not wifi? The -a option in wlanhcx2ssid allows the user to recursively and automatically output each network to it's own file named by the AP mac. As mentioned before the following options in hcxhashtool (copied from wlanhcx2ssid) would be very useful to have in hcxhashtool.
-a : output file by mac_ap's
-s : output file by mac_sta's
-o : output file by vendor's (oui)
-e : output file by essid's
The option --hccap= or --hccapx= would ideally allow the user to select a folder to send the individual conversions to not a specific file as currently is.
To explain what I am trying to say above.
Say my capture file (.pcapng) contains the following:
1 x PMKID of Network1
1 x AP and client handshake Network2
1 x AP-Less capture hcxdumptool to target client Network3
(In reality there could be 30 or 40 valid networks)
I would like to be able to output these in an automated way.
I use:
hcxdumptool to capture
hcxpcapngtool to convert to .22000 (what about the --ignore-ie option if I know I will later be converting the text hash to hccap?)
hcxhashtool to convert .22000 to hccap(x) or hccap
Obviously it would be time consuming for the user to have to manually alter each filter for every valid handshake which is why I ask for the same options available in wlanhcx2ssid to be in hcxhashtool so I can create a folder containing converted versions of the PMKID, AP and client handshake and AP-Less capture to a specified folder.
The result would be a folder containing the following.
Network1.hccap
Network2.hccap
Network3.hccap
Just a side question.
I assume setting --authorized in hcxhashtool will only output more reliable hashes as in more likely to be correct and crackable?
Thank you for reading this far!
I really like the idea of the hashes being exported from hcxpcapngtool as text (.22000). As you are currently designing the format could I make a request that, assuming I understand autohex to mean write in ASCII unless the output would crash you system if so then use Hex, would it be possible to have autohex on ESSID names written to each text line?
Example:
Netgear123:WPA*01*2f5c05d6ad2070743...etc or if the AP name is bad then "Hex...:WPA*01*2f5c05d6ad2070743...etc"
When using hcxpcapngtool if a user outputs the entire contents of their .pcapng file to hccap each network is merged into a single .hccap. This is no use to the user as hccap's have to only contain a single network per hccap.
As it seems possible to make hccapx and hccap files directly from the new text format (.22000) I am not sure why hcxpcapngtool has the --hccap option. Perhaps the conversion should be left solely to hcxhashtool? Hopefully this will be easier for you to maintain as only one tool converts to hccap and hccapx.
If the user directly converts the .22000 text output to hccap using hcxhashtool how will the resulting hccap be crackable? I ask because when converting to hccap using hcxpcapngtool it requires --ignore-ie.
hcxhashtool
Could hcxhashtool please have the features wlanhcx2ssid has but for the text hash and not wifi? The -a option in wlanhcx2ssid allows the user to recursively and automatically output each network to it's own file named by the AP mac. As mentioned before the following options in hcxhashtool (copied from wlanhcx2ssid) would be very useful to have in hcxhashtool.
-a : output file by mac_ap's
-s : output file by mac_sta's
-o : output file by vendor's (oui)
-e : output file by essid's
The option --hccap= or --hccapx= would ideally allow the user to select a folder to send the individual conversions to not a specific file as currently is.
To explain what I am trying to say above.
Say my capture file (.pcapng) contains the following:
1 x PMKID of Network1
1 x AP and client handshake Network2
1 x AP-Less capture hcxdumptool to target client Network3
(In reality there could be 30 or 40 valid networks)
I would like to be able to output these in an automated way.
I use:
hcxdumptool to capture
hcxpcapngtool to convert to .22000 (what about the --ignore-ie option if I know I will later be converting the text hash to hccap?)
hcxhashtool to convert .22000 to hccap(x) or hccap
Obviously it would be time consuming for the user to have to manually alter each filter for every valid handshake which is why I ask for the same options available in wlanhcx2ssid to be in hcxhashtool so I can create a folder containing converted versions of the PMKID, AP and client handshake and AP-Less capture to a specified folder.
The result would be a folder containing the following.
Network1.hccap
Network2.hccap
Network3.hccap
Just a side question.
I assume setting --authorized in hcxhashtool will only output more reliable hashes as in more likely to be correct and crackable?
Thank you for reading this far!