hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
hcxhashtool: added hccap output
All filteroptions (except essid groups - old hascat doesn't support reuse PBKDF2) are working on hccap, now.

workflow:
hcxdumptool (-o x.pcapng) -> hcxpcapngtool (-o test.22000) -> hcxhashtool (--hccap=test.hccap)
for your attached example:

$ hcxpcapngtool -o test1.22000 hashcat.cap --ignore-ie
reading from hashcat.cap...
summary capture file
file name..............................: hashcat.cap
version (pcap/cap).....................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)................: 01.01.1970 01:00:00
timestamp maximum (GMT)................: 01.01.1970 01:00:00
link layer header type.................: DLT_IEEE802_11 (105)
endianess (capture system).............: little endian
packets inside.........................: 3
packets with zeroed timestamps.........: 3 (warning: this prevents EAPOL time calculation)
BEACON.................................: 1
EAPOL messages (total).................: 2
EAPOLTIME (measured maximum usec)......: 9999998
EAPOL M1 messages......................: 1
EAPOL M2 messages......................: 1
EAPOL pairs............................: 1
EAPOL pairs written to combi hash file.: 1
EAPOL M12E2............................: 1

$ hcxhashtool -i test.22000 --hccap=test.hccap --info=stdout
SSID......: hashcat.net
MAC_AP....: b0487ad676e2 (TP-LINK TECHNOLOGIES CO.,LTD.)
MAC_CLIENT: 0025cf2db489 (Nokia Danmark A/S)
MP M1M2 E2: not authorized
RC INFO...: replycount checked
MIC.......: d9f3b5b6f744c662518458ac6cc79f11
HASHLINE..: WPA*02*d9f3b5b6f744c662518458ac6cc79f11*b0487ad676e2*0025cf2db489*686173686361742e6e6574*2f0f764c6632d5579c57c3a9fe067a845e22d6435941c1843845db34a2f80dde*0103007502010a0000000000000000000170003e0ad11bc0a9e48679459ebcbffd7ee75697628c371365d7a05e1b35d7d8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000*00

OUI information file...: .hcxtools/oui.txt
OUI entires............: 27383
total lines read.......: 1
valid hash lines.......: 1
EAPOL hash lines.......: 1
filter by ESSID len min: 0
filter by ESSID len max: 32
EAPOL written..........: 1
EAPOL written to hccap.: 1

$ ls
hashcat.cap test.22000 test.hccap

No need for conversion to hash format 1680x. That can be done by simple bash commands.

BTW:
You're right, I like a challenge.
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 01-08-2020, 11:34 AM