hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
There ara several ways to do this. But keep in mind, that there isn't a 100% solution to create a 100% crackable hccapx file. A big problem is a packetloss during capturing. This will not happen on ap-less handshakes, because hcxtools requests missing packets.
So it's a good idea to create a hccapx file only from clients:
wlanhcx2ssid -i all.hccapx -w apless.hccapx
wlanhcx2ssid -i apless.hccapx -N aplesscleaned.hccapx

aplesscleaned.hccapx now contains one handshake each mac_ap,mac_sta, ESSID combination from clients
you can run nonce-error-corrections=0 on that file.
all handshakes are 100% crackable, but may not contain the correct PSK for a network
- a clients typed 12345678 to get acces to a networks which isn't his own
- a clients made a typo passwore instead of password

or if you want also handshakes from regular APs:
wlanhcx2ssid -i all.hccapx -r rcchecked.hccapx
wlanhcx2ssid -i rcchecked.hccapx -N rccheckedcleaned.hccapx

merged caps can lead to unwanted results or uncrackable handshakes (using a PSK) in that case if the AP changed his ESSID. Nevertheless this handshakes are crackable using a PMK.

I prefer 2 hccapx files:
archiv_best.hccapx (created by hcxpcaptool -o for usage with hashmode -m 2500 only)
archiv_raw.hccapx (created by hcxpcaptool -O for usage with hashmode -m 2501 only)
Now it's time to strip the ones to be checked:
for example:
wlanhcx2ssid -i archiv_best.hccapx -X Home
hashcat -m 2500 Home.hccapx hashes.org-2018.txt

So, it doesn't make sense to run hashcat on "one big hccapx". You will wast GPU time. But it's a good idea to create some big hccapx files and use them as archive.
The retrieve the ones you like to crack from that archiv and run hashcat on them.

It's also a good idea to use separate potfiles for 2500 and 2501 and analyze this potfiles. You will get many infos about the used keyspace and weak points from this 2 files.
It also make sense to create ESSID, USERNAME and IDENTITY files (hcxpcaptool -E -U -I).
Cat them together with your founds and run princeproccessor against you hccapx files.

BTW:
wpa-sec (https://wpa-sec.stanev.org/?stats) retrieved several hundred PSKs a day using this method (as of today):
Last 24h founds: 307

Please note, that hcxtools are not designed to crack single networks. Goal is to break the system by running massiv attacks against all(!) reachable clients (prefered, because clients are much much more vulnerable than ap's) and ap's.
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 05-03-2018, 12:57 PM