hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Hi sfw10625.

ok, let's answer your questions:
testlist.txt - this list includes all words (1 .. 32 characters) from the SSID field of the management frames
including networknames and passwords (if they are transmitted)

testpmklist.txt - this list includes all words (32 bytes) from the SSID field of the management frames
including networknames and passwords and PMKs (if they are transmitted).
We assume that a 32 byte word could be a PMK (but it could also be a 32 byte networkname - we can't differ this)
You should collect both lists (sort them uniqe) and run them at regular intervals against your caps (sometimes you have a match)

If -O test.hccapx is empty you have all neccessary ESSIDs captured.

If you like to retrieve the plainkey (PSK) from the PMK you need a SALT (normally ESSID for WPA/WPA2) and a possible password (take a look at the hash examples how to do this).

-m 12000 us useless for your purpose (only usefull on the hunt for EAP)

This ones are usefull for you:
-m 2501 network_without_essid.hccapx testpmklist
-m 2500 convertedhashes.hccapx testlist
Reply


Messages In This Thread
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 01-31-2018, 06:39 PM
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM