hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
#13
(06-26-2017, 09:40 PM)ZerBea Wrote: capture:
sudo wlandump-ng -i wlp0s26u1u2 -o test.cap -c 1 -t 3 -d 100 -D 10 -m 512 -b -r -s 20
Options:
-i -> is the name of your wlan device - do not use virtual devices like mon0, mon1, monx
-o -> capture to this cap
-c -> start on channel 1
-t -> stay 3 seconds on this channel
-d -> deauthenticate  clients every 100 received management-packets
(do not use values below this, because this will ap change the anonce lease time - important for hashcat nonce-corr)
-D ->  disassociate clients every 10 received (NULL-, powersave-, m4- packets
(do not use values below this, because this will ap change the anonce lease time - important for hashcat nonce-corr)
-m -> size of internal ringbuffer (if more received, the oldest will be deleted)
-b -> activate beaconing on last ten probed clients
-r -> reset counter if channel 1 reached
-s -> show 20 additional status lines

wlanresponse is the "angry" brother of wlandump-ng !
sudo wlanresponse -b -t 3 -i wlp0s26u1u2 -o test.cap
-i -> is the name of your wlan device - do not use virtual devices like mon0, mon1, monx
-o -> capture to this cap
-b -> activate beaconing on last ten probed clients
-t -> stay 3 seconds on this channel
less options, no status display, but extreme fast!


convert:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
-o -> your hccapx file (new hashes will be appended)
*.cap -> do this from all cap files (or *.pcap from all pcap files or *.pcapng from all pcapng files)

if RADIUS authentications are inside your cap:
-m -> strip this hashes to file - iSCSI CHAP authentication, MD5(CHAP): use hashcat -m 4800
-n -> strip this hashes to file - NetNTLMv1 authentication: use hashcat -m 5500
-u -> extract also user names, domain names or identities

Take a look into the help for more options

I will not give tutorials how to set device to monitor mode or how to disable systemd services that takes access to wlan devices - that's LINUX basic knowledge!
Cheers

thanks <3
Reply


Messages In This Thread
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by Hedotensei - 06-27-2017, 08:14 PM
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM