hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
#52
advanced wpa cracking - weak point analyse (1)

After a while it's time to do a weak point analyse.

Take a look into hashcat.pot.2500 and search for networks
using simliar default passwords.
You can do this with simple bash commands:
sort by ESSID:
cat hashcat.2500.pot | sort -t ':' -k 4
sort by pw:
cat hashcat.2500.pot | sort -t ':' -k 5
sort by mac_ap:
cat hashcat.2500.pot | sort -t ':' -k 2
or by networkname
cat hashcat.2500.pot | grep <networkname>

then search for similar networks in your database
wlanhcxinfo -i database.hccapx -a -e | grep <networkname>

If you find something, search www or forum for default pw's or a keygen

create a wordlist using the default pw's and step into your loop, using this passwordlist.

If the wordlist is small, run it against your complete database
(some vendors using the same pw).

If the wordlist is big (like from this thread https://hashcat.net/forum/thread-6170.html)
extract the nets from your database using wlanhcx2ssid -i database.hccapx -X <exactnetworkname>

If the wordlist is smaller or usefull for a complete group of ESSID'S
extract the groups from your database using wlanhcx2ssid -i database.hccapx -E <partofnetworkname>

Do not add new passwords or pmks from unknown sources to your found lists.
This list should contain only your founds!
Reply


Messages In This Thread
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 08-18-2017, 12:59 PM
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM