hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
hashcat changed potfile format and out file format on 2500 and 16800. Both hashmodes now using the same potfile format and the same outfile format. For example:
hashcat -m 16800 --remove --potfile-path="hashcat.pmk.pot" -o hashcat.psk.out" hash.16800 wordlist
hashcat -m 2500 --remove --potfile-path="hashcat.pmk.pot" -o hashcat.psk.out" hash.hccapx wordlist
will give you the same output on both lists! Already recovered PSKs from hashmode 16800 are detected and not calculated again on hashmode 2500.
new potfile format:
PMK : ESSID(in HEX-ASCII) : PSK
new out file format:
MAC_AP : MAC : STA : ESSID : PSK

This was necessary because an EAPOL handshake and/or a PMKID is not unique for a WPA1, WPA2, WPA2 keyver 3 network, while a PMK is unique! Now we identify a network by the PMK! That keep the potfile small and we can remove allready cracked networks in a fast way.
Also you can run simple bash scripts to get/extract all the information from this files you need.

For example to get the PSK from a potfile:
cat hashcat.pmk.pot | awk 'BEGIN { FS = ":" } ; { print $NF }' >> wordlist
the same script works on the outfile
cat hashcat.psk.out | awk 'BEGIN { FS = ":" } ; { print $NF }' >> wordlist

or to get the PMKs:
cut -c -64 hashcat.pmk.pot >> pmklist

I recommend to use the same potfile/outfile for 2500 and 16800. Do not use this files on other hashmodes! I use this methods to clean my data base, because it is extrem fast on big hash lists:
$ hcxcleanpmkiddb
hashcat (v5.1.0-1186-g07915692) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PMK
Hash.Target......: archiv.16800
Time.Started.....: Tue Jul 9 09:32:32 2019 (46 secs)
Time.Estimated...: Tue Jul 9 09:33:18 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........: 180.8 MH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:64 Vec:1
Recovered........: 63430/64658 (98.10%) Digests, 61923/63151 (98.06%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:83134,4988093,119714233 (Min,Hour,Day)
Progress.........: 8217460724
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:63150 Amplifier:0-1 Iteration:0-1
Candidates.#1....: removed -> removed
Hardware.Mon.#1..: Temp: 62c Fan: 44% Util: 67% Core:1885MHz Mem:5005MHz Bus:16
Started: Tue Jul 9 09:32:30 2019
Stopped: Tue Jul 9 09:33:18 2019


$ hcxcleaneapoldb
hashcat (v5.1.0-1186-g07915692) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PMK
Hash.Target......: archiv.hccapx
Time.Started.....: Tue Jul 9 09:36:32 2019 (16 mins, 21 secs)
Time.Estimated...: Tue Jul 9 09:52:53 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........: 12806.0 kH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:64 Vec:1
Recovered........: 239521/245611 (97.52%) Digests, 88814/92027 (96.51%) Salts
Recovered/Time...: CUR:15113,N/A,N/A AVG:14642,878549,21085176 (Min,Hour,Day)
Progress.........: 11979338644
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:92026 Amplifier:0-1 Iteration:0-1
Candidates.#1....: removed -> removed
Hardware.Mon.#1..: Temp: 73c Fan: 57% Util: 88% Core:1860MHz Mem:5005MHz Bus:16
Started: Tue Jul 9 09:36:29 2019
Stopped: Tue Jul 9 09:52:54 2019

WPA-EAPOL-PMK took a little bit more time, because I'm running a high nonce error correction!
potfile and outfile working like expected.
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 07-09-2019, 09:08 AM