03-20-2022, 03:36 AM
(03-17-2022, 07:50 PM)ZerBea Wrote: No problem, you're welcome.I’ve been using hcxhashtool to filter my hash files by authorised EAPOL message pairs but sometimes when I use the tool I am unable to create an output file filtered by authorised. Any ideas as to why this may be the case?
BTW:
To test this weak point you can do this steps:
Take a look at your stored WiFi NETWORKs of your smart phone.
Add them to an essid.list.
Look for a free WiFi channel (for the example we assume channel 9 is free).
Run hcxdumptool with option essidlist and active_beacon:
Disable WiFi and enable WiFi on your smart phone.Code:$ sudo hcxdumptool -i YOUR_INTERFACE -c 9 --enable_status=31 -o dump.pcapng --essidlist=essid.list --active_beacon --stop_client_m2_attacks=1000
Wait a while (as long as the CLIENT respond, > 10 min).
You should retrieve valid handshakes (M1M2 challenge) for every stored NETWORK of your smart phone's NETWORK list. In that case, the smart phone is vulnerable to this attack vector.