hcxtools - solution for capturing wlan traffic and conversion to hashcat formats

Linear Mode

hcxtools - solution for capturing wlan traffic and conversion to hashcat formats

ZerBea Offline

Moderator

Posts: 1,013
Threads: 2
Joined: Jun 2017

#621

03-27-2020, 07:41 PM (This post was last modified: 03-27-2020, 07:48 PM by ZerBea.)

hcxhashtool will do the job:

get example hash (22000) from here:
https://hashcat.net/wiki/doku.php?id=example_hashes

and run hcxhashtool to retrieve information

Code:
$ hcxhashtool -i example.22000 --info=stdout

SSID.......: hashcat-essid

MAC_AP.....: fc690c158264 (unknown)

MAC_CLIENT.: f4747f87f9f4 (unknown)

PMKID......: 4d4fe7aac3a2cecab195321ceb99a7d0

HASHLINE...: WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***

OUI information file...: /home/zerobeat/.hcxtools/oui.txt

OUI entires............: 27383

total lines read.......: 1

valid hash lines.......: 1

PMKID hash lines.......: 1

PMKID written..........: 1

MAC_AP and MAC_CLIENT are marked as unknown, because example hash is synthetic

The same applies to EAPOL hash lines
Get example (2500) from here:
https://hashcat.net/wiki/doku.php?id=example_hashes
and convert it from 2500 to 22000
$ hcxmactool --hccapxin=hashcat.hccapx --pmkideapolout=example2.22000

now run hcxhastool to retrieve information about the hash

Code:
$ hcxhashtool -i example2.22000 --info=stdout

SSID.......: 8381533406003807685881523

MAC_AP.....: aef50f22801c (unknown)

MAC_CLIENT.: 987bdcf9f950 (unknown)

VERSION....: 802.1X-2001 (1)

KEY VERSION: WPA1

REPLAYCOUNT: 1

RC INFO....: replycount checked

MP M1M2 E2.: not authorized

MIC........: dd380bd54bc9c316dce31562c22c87d1

HASHLINE...: WPA*02*dd380bd54bc9c316dce31562c22c87d1*aef50f22801c*987bdcf9f950*38333831353333343036303033383037363835383831353233*1e33f3eca3a1f2216a52b60c87191e7473ac54ecb023ac5989becf1e3c7e4509*01030077fe010900200000000000000001faf192b205d47b81f43f91f850c81976da019e00722f3958370692ab0562f70b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f202*00

OUI information file...: /home/zerobeat/.hcxtools/oui.txt

OUI entires............: 27383

total lines read.......: 1

valid hash lines.......: 1

EAPOL hash lines.......: 1

EAPOL written..........: 1

MAC_AP and MAC_CLIENT are marked as unknown, because example hash is synthetic

Addditional you you have several options to manage the records of the hasfile:

Code:
$ hcxhashtool -h

hcxhashtool 6.0.0 (C) 2020 ZeroBeat

usage:

hcxhashtool <options>

options:

-i <file>   : input PMKID/EAPOL hash file

-o <file>   : output PMKID/EAPOL hash file

-E <file>   : output ESSID list (autohex enabled)

-d          : download http://standards-oui.ieee.org/oui.txt

            : and save to ~/.hcxtools/oui.txt

            : internet connection required

-h          : show this help

-v          : show version

--essid-group                : convert to ESSID groups in working directory

                               full advantage of reuse of PBKDF2

                               not on old hash formats

--oui-group                  : convert to OUI groups in working directory

                               not on old hash formats

--mac-group-ap               : convert APs to MAC groups in working directory

                               not on old hash formats

--mac-group-client           : convert CLIENTs to MAC groups in working directory

                               not on old hash formats

--type                       : filter by hash type

                             : default PMKID (1) and EAPOL (2)

--essid-len                  : filter by ESSID length

                             : default ESSID length: 0...32

--essid-min                  : filter by ESSID minimum length

                             : default ESSID minimum length: 0

--essid-max                  : filter by ESSID maximum length

                             : default ESSID maximum length: 32

--essid=<ESSID>              : filter by ESSID

--essid-part=<part of ESSID> : filter by part of ESSID

--mac-ap=<MAC>               : filter AP by MAC

                             : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)

--mac-client=<MAC>           : filter CLIENT by MAC

                             : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)

--oui-ap=<OUI>               : filter AP by OUI

                             : format: 001122, 00:11:22, 00-11-22 (hex)

--oui-client=<OUI>           : filter CLIENT by OUI

                             : format: 001122, 00:11:22, 00-11-22 (hex)

--vendor=<VENDOR>            : filter by (part of) VENDOR name

--authorized                 : filter EAPOL pairs by status authorized

--notauthorized              : filter EAPOL pairs by status not authorized

--rc                         : filter EAPOL pairs by replaycount status checked

--apless                     : filter EAPOL pairs by status M1M2ROGUE (M2 requested from CLIENT)

--info=<file>                : output detailed information about content of hash file

--info=stdout                : stdout output detailed information about content of hash file

--vendorlist                 : stdout output VENDOR list sorted by OUI

--psk=<PSK>                  : pre-shared key to test

                             : due to PBKDF2 calculation this is a very slow process

                             : no nonce error corrections

--pmk=<PMK>                  : plain master key to test

                             : no nonce error corrections

--hccapx=<file>              : output to deprecated hccapx file

--hccap=<file>               : output to ancient hccap file

--hccap-single               : output to ancient hccap single files (MAC + count)

--john=<file>                : output to deprecated john file

--help                       : show this help

--version                    : show version