please help me i am a newbie
#1
hello guys,

i need some help ,i am a newbie.and i want to learn how to use hashcat,my friends.
my problem is,I don't know what command to give to get a single pmkid.

i use The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux Live 64-bit version 2020.2
i give this commands to get a wpa pmkid

sudo hcxdumptool -I

sudo kill

sudo hcxdumptool -o test.pcapng -i wlp0s20f0u1 --enable_status 15

with this commands by default all APs are attacked,
but i want to attack only some or only one AP,not all APs my friends.

can someone please help me with the right commands,to attack only some or only one AP.
this would be really great.
thanks a lot for the help.
Reply
#2
Not related with hashcat.

hcxdumptool support is at https://github.com/ZerBea/hcxdumptool
Reply
#3
According to the help menu, you have to use either
--filtermode=2 in combination with --filterlist_ap=yourtargetmaclist
or create a Berkeley Packet Filter (attack MAC)
Code:
--filterlist_ap=<file>             : ACCESS POINT MAC filter list
                                     format: 112233445566, 11:22:33:44:55:66, 11-22-33-44-55-66 # comment
                                     maximum entries 256
                                     run first --do_rcascan to retrieve information about the target
--filterlist_client=<file>         : CLIENT MAC filter list
                                     format: 112233445566, 11:22:33:44:55:66, 11-22-33-44-55-66 # comment
                                     maximum entries 256
                                     due to MAC randomization of the CLIENT, it does not always work!
--filtermode=<digit>               : mode for filter list
                                     mandatory in combination with --filterlist_ap and/or --filterlist_client
                                     affected: only outgoing traffic
                                     notice: hcxdumptool act as passive dumper and it will capture the whole traffic on the channel
                                     0: ignore filter list (default)
                                     1: use filter list as protection list
                                        do not interact with ACCESS POINTs and CLIENTs from this list
                                     2: use filter list as target list
                                        only interact with ACCESS POINTs and CLIENTs from this list
                                        not recommended, because some useful frames could be filtered out

--bpfc=<file>                      : input Berkeley Packet Filter (BPF) code
                                     affected: incoming and outgoing traffic
                                     steps to create a BPF (it only has to be done once):
                                      set hcxdumptool monitormode
                                       $ hcxumptool -m <interface>
                                      create BPF to protect a MAC
                                       $ tcpdump -i <interface> not wlan addr1 11:22:33:44:55:66 and not wlan addr2 11:22:33:44:55:66 -ddd > protect.bpf
                                       recommended to protect own devices
                                      or create BPF to attack a MAC
                                       $ tcpdump -i <interface> wlan addr1 11:22:33:44:55:66 or wlan addr2 11:22:33:44:55:66 -ddd > attack.bpf
                                       not recommended, because important pre-authentication frames will be lost due to MAC randomization of the CLIENTs
                                      use the BPF code
                                       $ hcxumptool -i <interface> --bpfc=attack.bpf ...
                                     see man pcap-filter for a list of all filter options

In addition to that, hashcat forum contain a complete thread how to use hcxdumptool/hcxtools (inclusive older versions of the tools):
https://hashcat.net/forum/thread-6661.html
and the PMKID attack vector, too:
https://hashcat.net/forum/thread-7717.html
Reply
#4
You can filter mac address or chose the pmkid by checking it's ssid and work on that one spesific hash.

Sample pmkid
aaaaaaaaaaaaaa*aaaaaaaaaaaa*aaaaaaaaaaaa*496c6f76654475636b73
You will copy the last part "496c6f76654475636b73" and convert it to ascii to read.
https://www.rapidtables.com/convert/numb...ascii.html
Reply
#5
One of the major advantages of the new hash format (-m 22000) is, that it is not binary (hccapx) and every bash tool will work in it.
To get the ESSID in ASCII you can use hcxtools (whoismac):
Code:
$ whoismac -x 496c6f76654475636b73
IloveDucks
or hcxtools (hcxhashtool) an a -m 22000 has file:
Code:
$ hcxhashtool -i test.22000 --info=stdout
SSID.......: IloveDucks
MAC_AP.....: aaaaaaaaaaaa (unknown)
MAC_CLIENT.: aaaaaaaaaaaa (unknown)
PMKID......: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
HASHLINE...: WPA*01*aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa*aaaaaaaaaaaa*aaaaaaaaaaaa*496c6f76654475636b73***

OUI information file...: /home/zerobeat/.hcxtools/oui.txt
OUI entires............: 27383
total lines read.......: 1
valid hash lines.......: 1
PMKID hash lines.......: 1
PMKID written..........: 1
or perl
Code:
$ echo "aaaaaaaaaaaaaa*aaaaaaaaaaaa*aaaaaaaaaaaa*496c6f76654475636b73" | awk 'BEGIN { FS = "*" } ; { print $4 }' | perl -pe 's/(..)/chr(hex($1))/ge'
IloveDucks
or whatever you like...

BTW:
Nearly everything is explained in this two threads:
https://hashcat.net/forum/thread-6661.html
https://hashcat.net/forum/thread-7717.html
Reply