hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
some results coming finally.. THANKS A LOT.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA-PMKID-PBKDF2
Hash.Target......: test.16800
Time.Started.....: Wed Jun 12 20:33:13 2019 (2 mins, 40 secs)
Time.Estimated...: Wed Jun 12 20:35:53 2019 (0 secs)
Guess.Base.......: File (ESSID.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 6328 H/s (1.52ms) @ Accel:16 Loops:8 Thr:64 Vec:1
Recovered........: 6/458 (1.31%) Digests, 2/195 (1.03%) Salts
Progress.........: 1116570/1116570 (100.00%)
Rejected.........: 104130/1116570 (9.33%)
Restore.Point....: 5726/5726 (100.00%)
Restore.Sub.#1...: Salt:194 Amplifier:0-1 Iteration:2-5
Candidates.#1....: $HEX[21d75fae33100a080ef910] -> $HEX[766f6461666f6e65454136375f3547]

[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => Started: Wed Jun 12 20:33:12 2019
Stopped: Wed Jun 12 20:35:55 2019
Reply
Great. You did it! Next step is to create a database (collect data from -E -I and hashes) and I'm sure, your hit rate will increase:

The environment is not magic. It is a simple loop. Start at step one and if the last step fineshed, start the loop again
It depends on latest hashcat-git, hcxdumptool-g and hcxtools-git

Basic step (must be only done once) - create a working directory (wpa). We need the complete file path. In our example
$HOME/WPA

The cycle:
1) hcxdumptool -i interface -o $HOME/WPA/dumpfile.pcapng --enable_status=1
the default options are ok
run hcxdumptool for a while (at least > 2 hours)
then stop it

2) wlancap2wpasec dumpfile.pcapng
upload the pcpang file to wpa-sec.stanev.org and it will be tested against common wordlists - so there is no need for you to do this

3) hcxpcaptool -o $HOME/WPA/archive.hccapx -k $HOME/WPA/archiv.16800 -E $HOME/WPA/essidlist -I $HOME/WPA/identitylist -U $HOME/WPA/Passwortlisten/usernamelist dumpfile.pcapng
convert all hashes and information to database files. They are appended!!!

4) wait a while..., at least until wpa-sec.stanev.org reached "get works" of 15

5) download cracked.txt.gz and rkg.txt.gz from wpa-sec.stanev.org

6) decompress both files and copy them to your working directoy ($HOME/WPA)

7) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist | sort | uniq | hashcat -m 16800 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.16800
sort the wordlists and run them against your hashes.
we run first 16800, because it is faster
founds are removed

8) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist sort | uniq | hashcat -m 2500 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.hccapx
sort the wordlists and run them against your hashes
results are stored in $HOME/WPA/hashcat.mac
we are working on reuse of PBKDF2 and a crossover hashline for both modes. So we have to pay the price PBKDF2 only once and get MIC and PMKID for the same.

9) move dumpfile.pcapng to an archive folder or delete it, or rename it.

10) start again with step 1.

Keep in mind:
This is a basic loop. hashcat, hcxtools and hcxdumptool provide many options. Unfortunately every option has a price tag. Just play around with the options to improve your procedure.

BTW:
If you like to participate, just run help_crack.py from wpa-sec.stanev.org
Reply
Im looking for a way of disabling WPA_SUPPLICANT all the times, but no success.

Trying with those lines on /etc/dhcpcd.conf
denyinterfaces wlan0
nohook wpa_supplicant

Any other idea that I could try?
Thanks.
Reply
To answer your question - that will help you:
https://raspberrypi.stackexchange.com/qu...t-raspbian

BTW:
"Newbie distros" came pre-configured. Major problem if you are running such a pre-configured distribution is that you have to revert the configurations which are done by the distribution developers. There are also many unneeded and unwanted background services and you likely still have no idea what's going on here.

My advice is to choose a distribution which lets you pick your own components and run only needed services. That means you aren’t saddled with a bunch of software you don’t expect and you aren’t wasting resources on extra system processes.

Read more here:
https://wiki.archlinux.org/index.php/Arc...tributions
https://www.makeuseof.com/tag/reasons-in...rch-linux/
Reply
Finally I installed Arch, but some commands are unknown for me, as for exaple, Arch doesnt find commands as MAKE & MAKE INSTALL. Do you know the commands for installing packages on Arch (like hcxtools)?

Found.. makepkg -si
Reply
For a rspberry pi capturing system:

$ pacman -Syu
$ pacman -S make gcc watchdog openssl rsync fake-hwclock zlib crda
$ pacman -Rs netctl wpa_supplicant

Thats all.
first cmd will update package lists
second cmd will install required tools
third cmd will remove unwanted tools.

How to is here:
https://hashcat.net/forum/thread-6661-po...l#pid44827
Reply
(06-15-2019, 11:07 AM)powermi Wrote: Finally I installed Arch, but some commands are unknown for me, as for exaple, Arch doesnt find commands as MAKE & MAKE INSTALL. Do you know the commands for installing packages on Arch (like hcxtools)?

Found.. makepkg -si

Seems that the command to install hcxtools doesnt work as root, any other way, as it says I dont have permissions as regular user.
Reply
(06-15-2019, 12:16 PM)ZerBea Wrote: For a rspberry pi capturing system:

$ pacman -Syu
$ pacman -S make gcc watchdog openssl rsync fake-hwclock zlib crda
$ pacman -Rs netctl wpa_supplicant

Thats all.
first cmd  will update package lists
second cmd will install required tools
third cmd will remove unwanted tools.

How to is here:
https://hashcat.net/forum/thread-6661-po...l#pid44827

Great, thanks a lot.
Reply
From git:
make install

or from Arch default package list
$ pacman -S hcxtools hcxdumptool

search for hcxtools and/or hcxdumptool here:
https://archlinuxarm.org/packages
Reply
(06-12-2019, 09:43 PM)ZerBea Wrote: Great. You did it! Next step is to create a database (collect data from -E -I and hashes) and I'm sure, your hit rate will increase:

The environment is not magic. It is a simple loop. Start at step one and if the last step fineshed, start the loop again
It depends on latest hashcat-git, hcxdumptool-g and hcxtools-git

Basic step (must be only done once) - create a working directory (wpa). We need the complete file path. In our example
$HOME/WPA

The cycle:
1) hcxdumptool -i interface -o $HOME/WPA/dumpfile.pcapng --enable_status=1
the default options are ok
run hcxdumptool for a while (at least > 2 hours)
then stop it

2) wlancap2wpasec dumpfile.pcapng
upload the pcpang file to wpa-sec.stanev.org and it will be tested against common wordlists - so there is no need for you to do this

3) hcxpcaptool -o $HOME/WPA/archive.hccapx -k $HOME/WPA/archiv.16800 -E $HOME/WPA/essidlist -I $HOME/WPA/identitylist -U $HOME/WPA/Passwortlisten/usernamelist dumpfile.pcapng
convert all hashes and information to database files. They are appended!!!

4) wait a while..., at least until wpa-sec.stanev.org reached "get works" of 15

5) download cracked.txt.gz and rkg.txt.gz from wpa-sec.stanev.org

6) decompress both files and copy them to your working directoy ($HOME/WPA)

7) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist | sort | uniq | hashcat -m 16800 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.16800
sort the wordlists and run them against your hashes.
we run first 16800, because it is faster
founds are removed

8) cat $HOME/WPA/cracked.txt $HOME/WPA/rkg.txt $HOME/WPA/essidlist $HOME/WPA/identitylist $HOME/WPA/usernamelist sort | uniq | hashcat -m 2500 --remove --nonce-error-corrections=2 --potfile-path=$HOME/WPA/hashcat.pmk -o $HOME/WPA/hashcat.mac archive.hccapx
sort the wordlists and run them against your hashes
results are stored in $HOME/WPA/hashcat.mac
we are working on reuse of PBKDF2 and a crossover hashline for both modes. So we have to pay the price PBKDF2 only once and get MIC and PMKID for the same.

9) move dumpfile.pcapng to an archive folder or delete it, or rename it.

10) start again with step 1.

Keep in mind:
This is a basic loop. hashcat, hcxtools and hcxdumptool provide many options. Unfortunately every option has a price tag. Just play around with the options to improve your procedure.

BTW:
If you like to participate, just run help_crack.py from wpa-sec.stanev.org
Reply