airodump-ng is a passive dumper (like tcpdump) that doesn't include any active attack vector.
hcxdumptool is an interactive tool that respond to the target and request missing frames.
By default hcxdumptool will retrieve all(!) ASSOCIATION attempts of a CLIENT (EAPOL M2 frames = CHALLENGE). That will include all attempts (PSKs) that the USER tried to get access to the NETWORK or that are stored in the CLIENTs wpa-supplicant.conf.
This are the options related to this attack vector:
By option --all hcxpcapngtool will convert all this tries to a hc22000 hash file accepted by hashcat.
e.g.: If the PSK of the target is rosebud2021 and the user tried rosebud1, rosebud2, rosebud1900, rosebud2022, ... all this hashes are converted to the hash file.
This attack will only work if the target is a CLIENT.
If the target is an AP, hcxdumptool will request the PMKID (if this mode is activated on the AP).
hcxmactool (deprecated and will be removed, soon, because I have good reasons to remove it) will do the conversion from hccapx to hc22000 but I do not recommend this. The quality of the hccapx file depend on the quality of the attack tool and the conversion tool. If one of this tools failed, you will waste your time.
It is much better restart the attack and to re-capture the traffic.
Please notice:
A successful WPA attack always starts on the RF channel. Everything that is filtered out, is gone forever:
https://github.com/aircrack-ng/aircrack-ng/issues/2290
https://github.com/evilsocket/pwnagotchi...-598597214
Please try the example mentioned above, and you'll know what you're missing if you filter something out.
By default, hcxdumptool is aggressive as hell and nothing is filtered: "Take what you can, give nothing back! (Jack Sparrow)"
Filtering must be done by additional options and/or later on, offline by hcxhashtool (which provide various filter options) after conversion to a hc22000 by hcxpcapngtool (--all).
Please also notice that in principle, hcxdumptool/hcxtools do the same thing as the other WiFi tools, but the philosophy and the underlying engine is totally different.
This tools are designed to be analysis tools and it takes a lot of experience (much more than running a simple script) to use them.
The basics are explained here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
hcxdumptool is an interactive tool that respond to the target and request missing frames.
By default hcxdumptool will retrieve all(!) ASSOCIATION attempts of a CLIENT (EAPOL M2 frames = CHALLENGE). That will include all attempts (PSKs) that the USER tried to get access to the NETWORK or that are stored in the CLIENTs wpa-supplicant.conf.
This are the options related to this attack vector:
Code:
--essidlist=<file> : transmit beacons from this ESSID list
maximum total entries: 256 ESSIDs
--active_beacon : transmit beacon from collected ESSIDs and from essidlist once every 10000000 nsec
affected: ap-less
--stop_client_m2_attacks=<digit> : stop attacks against CLIENTS after 10 M2 frames received
affected: ap-less (EAPOL 2/4 - M2) attack
require hcxpcangtool --all option
or
--all_m2 : accept all connection attempts from a CLIENT
affected: CLIENTs
warning: that can prevent that a CLIENT can establish a connection to an assigned ACCESS POINTBy option --all hcxpcapngtool will convert all this tries to a hc22000 hash file accepted by hashcat.
e.g.: If the PSK of the target is rosebud2021 and the user tried rosebud1, rosebud2, rosebud1900, rosebud2022, ... all this hashes are converted to the hash file.
This attack will only work if the target is a CLIENT.
If the target is an AP, hcxdumptool will request the PMKID (if this mode is activated on the AP).
hcxmactool (deprecated and will be removed, soon, because I have good reasons to remove it) will do the conversion from hccapx to hc22000 but I do not recommend this. The quality of the hccapx file depend on the quality of the attack tool and the conversion tool. If one of this tools failed, you will waste your time.
It is much better restart the attack and to re-capture the traffic.
Please notice:
A successful WPA attack always starts on the RF channel. Everything that is filtered out, is gone forever:
https://github.com/aircrack-ng/aircrack-ng/issues/2290
https://github.com/evilsocket/pwnagotchi...-598597214
Please try the example mentioned above, and you'll know what you're missing if you filter something out.
By default, hcxdumptool is aggressive as hell and nothing is filtered: "Take what you can, give nothing back! (Jack Sparrow)"
Filtering must be done by additional options and/or later on, offline by hcxhashtool (which provide various filter options) after conversion to a hc22000 by hcxpcapngtool (--all).
Please also notice that in principle, hcxdumptool/hcxtools do the same thing as the other WiFi tools, but the philosophy and the underlying engine is totally different.
This tools are designed to be analysis tools and it takes a lot of experience (much more than running a simple script) to use them.
The basics are explained here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2