hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Some websites convert control characters. In that case a posted hash become useless.
Reply
Please, can you give me hcxcleanpmkiddb and hcxcleaneapoldb
Reply
Both scripts are very simple. They are part of the environment to clean up the database in a fast way. Therefore I use the PMKs from the potfile as rainbowtable:
cut -c -64 hashcat.archiv.pmk >> $HOME/WLAN/Passwortlisten/foundhashcat.pmk
hashcat.archiv.pmk is the potfile for hashmode 2500 and 16800

hashcat option -o "/tmp/hashcat.pmk" is used to prevent that hashcat flooding my terminal with founds. I don't need them here, because I only want to --remove already recovered networks from the archive hashfiles.

hcxcleanpmkiddb:

#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 16801 --logfile-disable -w 3 --remove --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.16800" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"


hcxcleaneapoldb:

#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 2501 --logfile-disable -w 3 --remove --nonce-error-corrections=2 --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.hccapx" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"

More scripts are here:
https://hashcat.net/forum/attachment.php?aid=660
read more here:
https://hashcat.net/forum/thread-6661-po...l#pid44824
Reply
(07-09-2019, 11:40 PM)ZerBea Wrote: Both scripts are very simple. They are part of the environment to clean up the database in a fast way. Therefore I use the PMKs from the potfile as rainbowtable:
cut -c -64 hashcat.archiv.pmk >> $HOME/WLAN/Passwortlisten/foundhashcat.pmk
hashcat.archiv.pmk  is the potfile for hashmode 2500 and 16800

hashcat option -o "/tmp/hashcat.pmk" is used to prevent that hashcat flooding my terminal with founds. I don't need them here, because I only want to --remove already recovered networks from the archive hashfiles.

hcxcleanpmkiddb:

#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 16801 --self-test-disable --advice-disable --logfile-disable -w 3 --remove --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.16800" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"


hcxcleaneapoldb:

#!/bin/bash
export CUDA_CACHE_DISABLE=0
hashcat -m 2501 --self-test-disable --advice-disable --logfile-disable -w 3 --remove --nonce-error-corrections=2 --potfile-disable -o "/tmp/hashcat.pmk" "$HOME/WLAN/Hash/archiv/archiv.hccapx" "$HOME/WLAN/Passwortlisten/foundhashcat.pmk"

More scripts are here:
https://hashcat.net/forum/attachment.php?aid=660
read more here:
https://hashcat.net/forum/thread-6661-po...l#pid44824


Sorry,  thank you
Reply
BTW:
All command line options (in the scripts) are advanced(!) options to perform deep analyses or test/improve hashcat code. As a non-coder or a non-analyst, I recommend to run hashcat with default options!
Reply
(06-09-2019, 07:49 PM)ZerBea Wrote: Edimax EW-7811UAC
ID 7392:a812 Edimax Technology Co., Ltd

$ hcxdumptool -I
wlan interfaces:
74da380645e7 wlp0s20f0u1 (rtl88xxau)

$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
  1 / 2412MHz (18 dBm)
  2 / 2417MHz (18 dBm)
  3 / 2422MHz (18 dBm)
  4 / 2427MHz (18 dBm)
  5 / 2432MHz (18 dBm)
  6 / 2437MHz (18 dBm)
  7 / 2442MHz (18 dBm)
  8 / 2447MHz (18 dBm)
  9 / 2452MHz (18 dBm)
10 / 2457MHz (18 dBm)
11 / 2462MHz (18 dBm)
12 / 2467MHz (18 dBm)
13 / 2472MHz (18 dBm)
14 / 2484MHz (18 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
144 / 5720MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)
169 / 5845MHz (18 dBm)
173 / 5865MHz (18 dBm)

$ uname -r
5.1.7-arch1-1-ARCH

Running not out of the box. Get driver from here:
https://github.com/aircrack-ng/rtl8812au

aircrack-ng team is doing a really good job here!


Hi, how can I make it work in ubuntu 18.04
Reply
$ git clone https://github.com/aircrack-ng/rtl8812au
$ cd rtl8812au
$ make
$ sudo insmod 88XXau.ko
The plug in the adapter and run hcxdumptool.

This is not persistent. If you need it persistent, use dkms as described here:
https://github.com/aircrack-ng/rtl8812au
Reply
Thank you very much for your reply. In my case it does not capture me.
Reply
We have 2 issues that can cause your trouble:

You choose the wrong version (only 5.2.20 is working - $ git branch will show you this):
https://github.com/aircrack-ng/rtl8812au...-455573400

You are hit by this (still unfixed) kernel bug:
https://bugzilla.kernel.org/show_bug.cgi?id=202541
Several devices (WiFi adapters Bluetooth adapters, .... - the list is long) are not working or only partly working
Reply
By latest commit, I added several new attack modes to hcxdumptool:
--disable_internal_beacons        : do not transmit beacons using received ESSIDs
                                    default: transmit this kind of beacon once on channel change or every five seconds
                                    affected: ap-less and reactive_beacon, flood_beacon
--use_external_beaconlist=<file>  : transmit beacons from this list
                                    maximum ESSID length 32, maximum entries 4095
                                    default: transmit this kind of beacon once on channel change or every five seconds
                                    affected: ap-less and reactive_beacon, flood_beacon
--reactive_beacon                  : transmit internal/external beacon on every received proberequest
                                    affected: ap-less
--flood_beacon=<digit>            : transmit internal/external beacon after n received management packet
                                    warning: this will spam a channel
                                    affected: ap-less and whole traffic on a channel

and a weak candidate detection:
-weak_candidate=<password>        : use this password (8...63 characters) for weak candidate alert
                                    default: 12345678

--enable-status=1 will inform you when a weak candidate (access point running password 12345678) is in range.

hcxtools got several improvemts, too:
hcxpcaptool received better detection of damaged frames
wlanhcx2essid replaced by hcxessidtool

hcxessidtool 5.2.2 (C) 2019 ZeroBeat
usage:
hcxessidtool <options>

options:
-e <essid>  : filter by ESSID
-E <essid>  : filter by part of ESSID
-l <essid>  : filter by ESSID length
-h          : show this help
-v          : show version

--pmkid1=<file>        : input PMKID file 1
--pmkid2=<file>        : input PMKID file 2
--pmkidout12=<file>    : output only lines present in both PMKID file 1 and PMKID file 2
--pmkidout1=<file>    : output only lines present in PMKID file 1
--pmkidout2=<file>    : output only lines present in PMKID file 2
--pmkidout=<file>      : output only ESSID filtered lines present in PMKID file 1
--hccapx1=<file>      : input HCCAPX file 1
--hccapx2=<file>      : input HCCAPX file 2
--hccapxout12=<file>  : output only lines present in both HCCAPX file 1 and HCCAPX file 2
--hccapxout1=<file>    : output only lines present in HCCAPX file1
--hccapxout2=<file>    : output only lines present in HCCAPX file 2
--hccapxout=<file>    : output only ESSID filtered lines present in HCCAPX file 1
--essidout=<file>      : output ESSID list
--essidmacapout=<file> : output MAC_AP:ESSID list
--help                : show this help
--version              : show version

Main purpose is to get full advantage of reuse of PBKDF2
while merging (only) the same ESSIDs from different hash files
examples:
hcxessidtool --pmkid1=file1.16800 --pmkid2=file2.16800 --pmkidout12=joint.16800
hcxessidtool --pmkid1=file1.16800 -l 10 --pmkidout=filtered.16800
Reply