hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
(07-09-2019, 09:08 AM)ZerBea Wrote: hashcat changed potfile format and out file format on 2500 and 16800. Both hashmodes now using the same potfile format and the same outfile format. For example:
hashcat -m 16800 --remove --potfile-path="hashcat.pmk.pot" -o hashcat.psk.out" hash.16800 wordlist
hashcat -m 2500 --remove --potfile-path="hashcat.pmk.pot" -o hashcat.psk.out" hash.hccapx wordlist
will give you the same output on both lists! Already recovered PSKs from hashmode 16800 are detected and not calculated again on hashmode 2500.
new potfile format:
PMK : ESSID(in HEX-ASCII) : PSK
new out file format:
MAC_AP : MAC : STA : ESSID : PSK

This was necessary because an EAPOL handshake and/or a PMKID is not unique for a WPA1, WPA2, WPA2 keyver 3 network, while a PMK is unique! Now we identify a network on the PMK! That keep the potfile small and we can remove allready cracked networks in a fast way.
Also you can run simple bash scripts to get/extract all the information from this files you need.

For example to get the PSK from a potfile:
cat hashcat.pmk.pot | awk 'BEGIN { FS = ":" } ; { print $NF }' >> wordlist
the same script  works on the outfile
cat hashcat.psk.out | awk 'BEGIN { FS = ":" } ; { print $NF }' >> wordlist

or to get the PMKs:
cut -c -64 hashcat.pmk.pot >> pmklist

I recommend to use the same potfile/outfile for 2500 and 16800. Do not use this files on other hashmodes! I use this methods to clean my data base, because it is extrem fast on big hash lists:
$ hcxcleanpmkiddb
hashcat (v5.1.0-1186-g07915692) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PMK
Hash.Target......: archiv.16800
Time.Started.....: Tue Jul  9 09:32:32 2019 (46 secs)
Time.Estimated...: Tue Jul  9 09:33:18 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........:  180.8 MH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:64 Vec:1
Recovered........: 63430/64658 (98.10%) Digests, 61923/63151 (98.06%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:83134,4988093,119714233 (Min,Hour,Day)
Progress.........: 8217460724
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:63150 Amplifier:0-1 Iteration:0-1
Candidates.#1....: removed -> removed
Hardware.Mon.#1..: Temp: 62c Fan: 44% Util: 67% Core:1885MHz Mem:5005MHz Bus:16
Started: Tue Jul  9 09:32:30 2019
Stopped: Tue Jul  9 09:33:18 2019


$ hcxcleaneapoldb
hashcat (v5.1.0-1186-g07915692) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PMK
Hash.Target......: archiv.hccapx
Time.Started.....: Tue Jul  9 09:36:32 2019 (16 mins, 21 secs)
Time.Estimated...: Tue Jul  9 09:52:53 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........: 12806.0 kH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:64 Vec:1
Recovered........: 239521/245611 (97.52%) Digests, 88814/92027 (96.51%) Salts
Recovered/Time...: CUR:15113,N/A,N/A AVG:14642,878549,21085176 (Min,Hour,Day)
Progress.........: 11979338644
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:92026 Amplifier:0-1 Iteration:0-1
Candidates.#1....: removed -> removed
Hardware.Mon.#1..: Temp: 73c Fan: 57% Util: 88% Core:1860MHz Mem:5005MHz Bus:16
Started: Tue Jul  9 09:36:29 2019
Stopped: Tue Jul  9 09:52:54 2019

WPA-EAPOL-PMK took a little bit more time, because I'm running a high nonce error correction!
potfile and outfile working like expected.

Perfect, very clear. Please, can you give me hcxcleanpmkiddb and hcxcleaneapoldb
Thank you
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by strike1953 - 07-09-2019, 04:55 PM