hcxdumptool install problem
#1
Code:
sudo make install
cc -O3 -Wall -Wextra -std=gnu99  -o hcxpioff hcxpioff.c  -DVERSION_TAG=\"6.0.5-4-gb2adde8\" -DVERSION_YEAR=\"2020\"
cc -O3 -Wall -Wextra -std=gnu99  -o hcxdumptool hcxdumptool.c  -lcrypto -lssl -DVERSION_TAG=\"6.0.5-4-gb2adde8\" -DVERSION_YEAR=\"2020\"
install -m 0755 -D hcxpioff /usr/local/bin/hcxpioff
install -m 0755 -D hcxdumptool /usr/local/bin/hcxdumptool
rm -f hcxpioff
rm -f hcxdumptool
rm -f *.o *~


how can i solve this problem

another problem with capture pmkids

Code:
hcxdumptool -o hash -i wlan0mon --filterlist=filter.txt --filtermode=2 --enable_status
hcxdumptool: option '--filterlist=filter.txt' is ambiguous; possibilities: '--filterlist_ap' '--filterlist_client'
hcxdumptool 6.0.5-4-gb2adde8 (C) 2020 by ZeroBeat
usage: hcxdumptool -h for help





Thanks
Reply
#2
$ hcxdumptool --help will show you the correct syntax
add target AP_MC to filterlist.txt (format 112233445566)
replace --filterlist with --filterlist_ap
replace --enable_status with --enable_status=31
replace -o hash with -o dump.pcapng

Do not(!) use hcxdumptool in combination with airmon-ng. You should have received many warnings during start up of hcxdumptool that it isn't a good idea.
hcxdumptool uses an own monitor mode and will show you the services that take access to the interface. You have to stop them by hand!

The complete command line should look like this:
Code:
$ hcxdumptool -i <interface> -o dump.pcapng --filterlist_ap=filter.txt --filtermode=2 --enable_status=31

To convert the traffic to hashcat format, run hcxpcapngtool (latest git head):
Code:
$ hcxpcapngtool -o test.22000 *.pcapng

Get a good wordlist:
https://3wifi.stascorp.com/3wifi-dic-2020-03-02.7z

To recover the PSK run hashcat (latest git head):
Code:
$ hashcat -m 22000 test.22000 3WiFi_WiFiKey.txt

Alternative (some CLIENTs transmit PSK in plain/clear):
run hcxdumptool 24/7

convert to hashcat format:
Code:
$ hcxpcapngtool -o test.22000 -E wordlist *.pcapng

run hashcat
Code:
$ hashcat -m 22000 test.22000 wordlist

To get driver type and to test that your interface/driver is suitable, run:
Code:
$ hcxdumptool -I
$ hcxdumptool -i <interface> --check_driver
$ hcxdumptool -i <interface> --check_injection

BTW:
If you understand Spanish (WiFislax forum: search for hcx):
https://foro.seguridadwireless.net/

If you understand Russian (something about wordlists):
https://antichat.com/threads/281655/page-179
Reply
#3
(04-06-2020, 05:50 PM)ZerBea Wrote: $ hcxdumptool --help will show you the correct syntax
add target AP_MC to filterlist.txt (format 112233445566)
replace --filterlist with --filterlist_ap
replace --enable_status with --enable_status=31
replace -o hash with -o dump.pcapng

Do not(!) use hcxdumptool in combination with airmon-ng. You should have received many warnings during start up of hcxdumptool that it isn't a good idea.
hcxdumptool uses an own monitor mode and will show you the services that take access to the interface. You have to stop them by hand!

The complete command line should look like this:
Code:
$ hcxdumptool -i <interface> -o dump.pcapng --filterlist_ap=filter.txt --filtermode=2 --enable_status=31

To convert the traffic to hashcat format, run hcxpcapngtool (latest git head):
Code:
$ hcxpcapngtool -o test.22000 *.pcapng

Get a good wordlist:
https://3wifi.stascorp.com/3wifi-dic-2020-03-02.7z

To recover the PSK run hashcat (latest git head):
Code:
$ hashcat -m 22000 test.22000 3WiFi_WiFiKey.txt

Alternative (some CLIENTs transmit PSK in plain/clear):
run hcxdumptool 24/7

convert to hashcat format:
Code:
$ hcxpcapngtool -o test.22000 -E wordlist *.pcapng

run hashcat
Code:
$ hashcat -m 22000 test.22000 wordlist

To get driver type and to test that your interface/driver is suitable, run:
Code:
$ hcxdumptool -I
$ hcxdumptool -i <interface> --check_driver
$ hcxdumptool -i <interface> --check_injection

BTW:
If you understand Spanish (WiFislax forum: search for hcx):
https://foro.seguridadwireless.net/

If you understand Russian (something about wordlists):
https://antichat.com/threads/281655/page-179

thanks for your replies
i successed but i tried one more time

i got this error

Code:
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~# hcxdumptool -o test.pcapng -i wlan0mon --enable_status 3
initialization...
warning: NetworkManager is running with pid 533
(possible interfering hcxdumptool)
warning: wpa_supplicant is running with pid 845
(possible interfering hcxdumptool)
warning: wlan0mon is probably a virtual monitor interface
interface is already in monitor mode
warning: interface is not up
warning: failed to init socket
try to use iw to set monitor mode
try to use ip link to bring interface up

terminating...

how can i fix this
Reply
#4
Do not(!) run airmon-ng! The script (1540 lines to do such a simple thing as setting monitor mode) is designed to be used by aircrack-ng suite and not by hcxdumptool. It will create a virtual monitor interface by NETLINK command.

To solve the warnings:
warning: NetworkManager is running with pid 533
Code:
sudo systemctl stop NetworkManager.service

warning: wpa_supplicant is running with pid 845
Code:
sudo systemctl stop wpa_supplicant.service

warning: wlan0mon is probably a virtual monitor interface
A virtual monitor interface created by NETLINK is good if you like to stream nice videos from cute little kittens. It is not the first choice to perform high speed layer two WiFi attacks.

interface is already in monitor mode
warning: interface is not up
if the interface is already in monitor mode, hcxdumptool expect a full operational interface. It will warn you if that isn't the case.

Notice: Not all drivers/interfaces are suitable to run monitor mode and full packet injection. We need both!
Please post output of
Code:
$ hcxdumptool -I

Please post output of
Code:
$ hcxdumptool -i <your_interface> --check_driver

Please post output of
Code:
$ hcxdumptool -i <your_interface> --check_injection

And some words about "K*A*L*I, because I noticed several issue reports and comments from people with hardly any knowledge of Linux or anything related to computer security who are now trying to use K*A*L*I as their main "cracking" Linux distribution. You don’t have to use K*A*L*I. It is just a special distribution that makes the tasks it’s specifically designed for easier, while consequently making many, many other tasks more difficult.
First get familiar with Linux environment - Ubuntu (recommended by hashcat developer) gives you a better opportunity.
Reply