hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
(09-01-2022, 08:46 AM)ZerBea Wrote: @CyberPentester, I really want to answer your question, received by PM

But you disabled private messaging!
Whoops, did not know that was a thing. I enabled it now. Thanks for letting me know and answering here.

(09-01-2022, 08:46 AM)ZerBea Wrote: In the second part, PMKID calculation (PMKID) is much faster:

If you only want to recover the PSK just use the PMKID hash line (WPA*01*) and remove the EAPOL 4way hash lines (WPA*02*) for that ESSID.
Yes, understood the part of the complexity between PMKID and EAPOL 4way, thank you for the explanation into how the algorithm works. My question was a bit confusing, so let me change it to this: If I had multiple PMKID hashes from the same ESSID and put them all into hashcat, it does not make the PSK crack faster, correct? In fact it would take longer?

(09-01-2022, 08:46 AM)ZerBea Wrote: The second question is not easy to answer, because it depend on the target.

If the default password algo is known, routerkeygen (RKG) should be the first choice.


The manufacturer is not there, but I do know the keyspace. I would have to take some time to figure out this tool. If I choose one of manufacturers in that tool that has the same keyspace as the router I know, will the generated wordlist be optimized or does it also do a simple bruteforce mask without taking into account probability?

(09-01-2022, 08:46 AM)ZerBea Wrote: If the default key space is know, hcxpsktool could be a choice.

I do know the keyspace. Does hcxpsktool take into account probability of same characters appearing multiple times in the PSK candidates? Also may you please provide an example of hcxpsktool for a keyspace of 10 digits?

Thanks again for answering!

Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by CyberPentester - 09-01-2022, 04:56 PM