hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
hcxhashtool will do the job:

get example hash (22000) from here:
https://hashcat.net/wiki/doku.php?id=example_hashes

and run hcxhashtool to retrieve information
Code:
$ hcxhashtool -i example.22000 --info=stdout
SSID.......: hashcat-essid
MAC_AP.....: fc690c158264 (unknown)
MAC_CLIENT.: f4747f87f9f4 (unknown)
PMKID......: 4d4fe7aac3a2cecab195321ceb99a7d0
HASHLINE...: WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***


OUI information file...: /home/zerobeat/.hcxtools/oui.txt
OUI entires............: 27383
total lines read.......: 1
valid hash lines.......: 1
PMKID hash lines.......: 1
PMKID written..........: 1
MAC_AP and MAC_CLIENT are marked as unknown, because example hash is synthetic

The same applies to EAPOL hash lines
Get example (2500) from here:
https://hashcat.net/wiki/doku.php?id=example_hashes
and convert it from 2500 to 22000
$ hcxmactool --hccapxin=hashcat.hccapx --pmkideapolout=example2.22000

now run hcxhastool to retrieve information about the hash
Code:
$ hcxhashtool -i example2.22000 --info=stdout
SSID.......: 8381533406003807685881523
MAC_AP.....: aef50f22801c (unknown)
MAC_CLIENT.: 987bdcf9f950 (unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA1
REPLAYCOUNT: 1
RC INFO....: replycount checked
MP M1M2 E2.: not authorized
MIC........: dd380bd54bc9c316dce31562c22c87d1
HASHLINE...: WPA*02*dd380bd54bc9c316dce31562c22c87d1*aef50f22801c*987bdcf9f950*38333831353333343036303033383037363835383831353233*1e33f3eca3a1f2216a52b60c87191e7473ac54ecb023ac5989becf1e3c7e4509*01030077fe010900200000000000000001faf192b205d47b81f43f91f850c81976da019e00722f3958370692ab0562f70b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f202*00


OUI information file...: /home/zerobeat/.hcxtools/oui.txt
OUI entires............: 27383
total lines read.......: 1
valid hash lines.......: 1
EAPOL hash lines.......: 1
EAPOL written..........: 1
MAC_AP and MAC_CLIENT are marked as unknown, because example hash is synthetic

Addditional you you have several options to manage the records of the hasfile:
Code:
$ hcxhashtool -h
hcxhashtool 6.0.0 (C) 2020 ZeroBeat
usage:
hcxhashtool <options>

options:
-i <file>   : input PMKID/EAPOL hash file
-o <file>   : output PMKID/EAPOL hash file
-E <file>   : output ESSID list (autohex enabled)
-d          : download http://standards-oui.ieee.org/oui.txt
            : and save to ~/.hcxtools/oui.txt
            : internet connection required
-h          : show this help
-v          : show version

--essid-group                : convert to ESSID groups in working directory
                               full advantage of reuse of PBKDF2
                               not on old hash formats
--oui-group                  : convert to OUI groups in working directory
                               not on old hash formats
--mac-group-ap               : convert APs to MAC groups in working directory
                               not on old hash formats
--mac-group-client           : convert CLIENTs to MAC groups in working directory
                               not on old hash formats
--type                       : filter by hash type
                             : default PMKID (1) and EAPOL (2)
--essid-len                  : filter by ESSID length
                             : default ESSID length: 0...32
--essid-min                  : filter by ESSID minimum length
                             : default ESSID minimum length: 0
--essid-max                  : filter by ESSID maximum length
                             : default ESSID maximum length: 32
--essid=<ESSID>              : filter by ESSID
--essid-part=<part of ESSID> : filter by part of ESSID
--mac-ap=<MAC>               : filter AP by MAC
                             : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)
--mac-client=<MAC>           : filter CLIENT by MAC
                             : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)
--oui-ap=<OUI>               : filter AP by OUI
                             : format: 001122, 00:11:22, 00-11-22 (hex)
--oui-client=<OUI>           : filter CLIENT by OUI
                             : format: 001122, 00:11:22, 00-11-22 (hex)
--vendor=<VENDOR>            : filter by (part of) VENDOR name
--authorized                 : filter EAPOL pairs by status authorized
--notauthorized              : filter EAPOL pairs by status not authorized
--rc                         : filter EAPOL pairs by replaycount status checked
--apless                     : filter EAPOL pairs by status M1M2ROGUE (M2 requested from CLIENT)
--info=<file>                : output detailed information about content of hash file
--info=stdout                : stdout output detailed information about content of hash file
--vendorlist                 : stdout output VENDOR list sorted by OUI
--psk=<PSK>                  : pre-shared key to test
                             : due to PBKDF2 calculation this is a very slow process
                             : no nonce error corrections
--pmk=<PMK>                  : plain master key to test
                             : no nonce error corrections
--hccapx=<file>              : output to deprecated hccapx file
--hccap=<file>               : output to ancient hccap file
--hccap-single               : output to ancient hccap single files (MAC + count)
--john=<file>                : output to deprecated john file
--help                       : show this help
--version                    : show version
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 03-27-2020, 07:41 PM