hashcat Forum Misc General Talk v
hcxdumptool

Threaded Mode
hcxdumptool
mrwho'sHE Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Apr 2024
#1
Question  04-16-2024, 11:28 AM
Hello folks,
can somebody tell me how we can find hcxdumptool capture any handshake?
does it have any identifire or something?
for example in this:

  CHA    LAST  R 1 3 P S    MAC-AP    ESSID (last seen on top)  SCAN-FREQUENCY:  2437
-----------------------------------------------------------------------------------------
[ 11] 12:53:47        + 46a58d4560dd Mi 10T Lite
[ 11] 12:53:46          b6e7d329466d Electropack
[  6] 12:53:46 +      + d4a456ab46c4 camera_46c4
[  2] 12:53:46        + 763d432151c0 POCO X5 Pro 5G
[  1] 12:53:45 +      + 46a2208ab29b MobinNet_E29A
Find
Reply
ZerBea Offline
Moderator
*****
Posts: 1,013
Threads: 2
Joined: Jun 2017
#2
04-16-2024, 02:15 PM (This post was last modified: 04-16-2024, 02:25 PM by ZerBea.)
Explanation:
Code:
[ 11] 12:53:47        + 46a58d4560dd Mi 10T Lite -> AP not in range
[ 11] 12:53:46          b6e7d329466d Electropack -> AP doesn't use a PSK
[  6] 12:53:46 +      + d4a456ab46c4 camera_46c4 -> AP does not respond to hcxdumptool's ASSOCIATIONREQUEST
[  2] 12:53:46        + 763d432151c0 POCO X5 Pro 5G -> AP not in Range
[  1] 12:53:45 +      + 46a2208ab29b MobinNet_E29A -> AP does not respond to hcxdumptool's ASSOCIATIONREQUEST

Solution:
Improve your antenna or get closer to the targets.

The columns are explained in help menu:
Code:
$ hcxdumptool -h

--rds=<digit>             : sort real time display
                             attack mode:
                              default: sort by time (last seen on top)
                               1 = sort by status (last PMKID/EAPOL on top)
                             scan mode:
                               1 = sort by PROBERESPONSE count
                             Columns:
                              R = + AP display     : AP is in TX range or under attack
                              S = + AP display     : AUTHENTICATION KEY MANAGEMENT PSK
                              P = + AP display     : got PMKID hashcat / JtR can work on
                              1 = + AP display     : got EAPOL M1 (CHALLENGE)
                              3 = + AP display     : got EAPOL M1M2M3 or EAPOL M1M2M3M4 (AUTHORIZATION) hashcat / JtR can work on
                              E = + CLIENT display : got EAP-START MESSAGE
                              2 = + CLIENT display : got EAPOL M1M2 (ROGUE CHALLENGE) hashcat / JtR can work on
Find
Reply
mrwho'sHE Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Apr 2024
#3
04-17-2024, 11:21 AM
(04-16-2024, 02:15 PM)ZerBea Wrote:

Thank you.
Find
Reply
ZerBea Offline
Moderator
*****
Posts: 1,013
Threads: 2
Joined: Jun 2017
#4
04-17-2024, 11:56 AM (This post was last modified: 04-17-2024, 11:57 AM by ZerBea.)
You're welcome.

BTW:
Some more information is here:
https://github.com/ZerBea/hcxdumptool/discussions/432

To monitor the entire traffic, you can always run tshark or Wireshark in parallel with hcxdumptool.
e.g. monitor outgoing packets:
https://github.com/ZerBea/hcxdumptool/discussions/395

Some systems are described here:
https://github.com/ZerBea/hcxdumptool/wiki

Some adapters are tested here:
https://github.com/ZerBea/hcxdumptool/discussions/361
Find
Reply