hcxpmktool or hcxhashtool should do it offline and hcxdumptool will do it during capturing.
example hashes 2500, 16800 and 22000 taken from here:
https://hashcat.net/wiki/doku.php?id=example_hashes
converted 16800 to hash line 22000 (prepend WPA*01*, append ***):
Code:
$ time hcxpmktool -i WPA*01*2582a8281bf9d4308d6f5731d0e61c61*4604ba734d4e*89acf0e761f4*ed487162465a774bfba60eb603a39f3a*** -p 'hashcat!'
ESSID.............: �HqbFZwK�����:
PSK .............: hashcat!
PMK...............: 5b13d4babb3714ccc62c9f71864bc984efd6a55f237c7a87fc2151e1ca658a9d
PMKID (calculated): 2582a8281bf9d4308d6f5731d0e61c61
PMKID (hash line).: 2582a8281bf9d4308d6f5731d0e61c61 (equal)
real 0m0,006s
user 0m0,006s
sys 0m0,000s
compared to hashcat -m 16800
Code:
$ time hashcat -m 16800 test.16800 -a 3 'hashcat!'
hashcat (v6.1.1-120-g15bf8b730) starting...
CUDA API (CUDA 11.2)
====================
* Device #1: GeForce GTX 1080 Ti, 10899/11175 MB, 28MCU
OpenCL API (OpenCL 1.2 CUDA 11.2.153) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: GeForce GTX 1080 Ti, skipped
4604ba734d4e:89acf0e761f4:$HEX[ed487162465a774bfba60eb603a39f3a]:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Name........: WPA-PMKID-PBKDF2
Hash.Target......: 4604ba734d4e:89acf0e761f4:$HEX[ed487162465a774bfba6...39f3a]
Time.Started.....: Wed Mar 3 21:06:09 2021 (0 secs)
Time.Estimated...: Wed Mar 3 21:06:09 2021 (0 secs)
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 22 H/s (0.43ms) @ Accel:8 Loops:64 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 41c Fan: 32% Util: 74% Core:1657MHz Mem:5005MHz Bus:16
Started: Wed Mar 3 21:06:08 2021
Stopped: Wed Mar 3 21:06:11 2021
real 0m2,930s
user 0m0,667s
sys 0m0,481s
Or use hashmode -22000 (instead of deprecated 16800 hash mode):
Code:
$ time hcxpmktool -i WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964*** -p 'hashcat!'
ESSID.............: hashcat-essid
PSK .............: hashcat!
PMK...............: 88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc
PMKID (calculated): 4d4fe7aac3a2cecab195321ceb99a7d0
PMKID (hash line).: 4d4fe7aac3a2cecab195321ceb99a7d0 (equal)
real 0m0,006s
user 0m0,006s
sys 0m0,000s
compared to hashcat -m 22000:
Code:
hashcat (v6.1.1-120-g15bf8b730) starting...
CUDA API (CUDA 11.2)
====================
* Device #1: GeForce GTX 1080 Ti, 10899/11175 MB, 28MCU
OpenCL API (OpenCL 1.2 CUDA 11.2.153) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: GeForce GTX 1080 Ti, skipped
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: test.22000
Time.Started.....: Wed Mar 3 21:04:07 2021 (0 secs)
Time.Estimated...: Wed Mar 3 21:04:07 2021 (0 secs)
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 28 H/s (0.41ms) @ Accel:8 Loops:64 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 49c Fan: 31% Util: 22% Core:1657MHz Mem:5005MHz Bus:16
Started: Wed Mar 3 21:04:06 2021
Stopped: Wed Mar 3 21:04:08 2021
real 0m2,879s
user 0m0,619s
sys 0m0,508s
It works also on EAPOL message pairs (WPA*02*)
converted hccapx to hash line 22000 (hcxpcapngtool will do that directly from cap/pcap and pcapng files):
Code:
$ time hcxpmktool -i WPA*02*dd380bd54bc9c316dce31562c22c87d1*aef50f22801c*987bdcf9f950*38333831353333343036303033383037363835383831353233*1e33f3eca3a1f2216a52b60c87191e7473ac54ecb023ac5989becf1e3c7e4509*01030077fe010900200000000000000001faf192b205d47b81f43f91f850c81976da019e00722f3958370692ab0562f70b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f202*00 -p 'hashcat!'
ESSID.............: 8381533406003807685881523
PSK .............: hashcat!
PMK...............: 27728647ac66c5edea4d448fd2c1da57cf02e6347b1465a0d43142c6bd6e37b6
PMKID (calculated): c64249a2e8ea4e47cfddb5df6eb39fde
MIC (calculated)..: dd380bd54bc9c316dce31562c22c87d1
MIC (hash line)...: dd380bd54bc9c316dce31562c22c87d1 (equal)
real 0m0,008s
user 0m0,008s
sys 0m0,000s
compared to hashcat -m 2500 (deprecated hccapx)
Code:
$ time hashcat -m 2500 hashcat.hccapx -a 3 'hashcat!'
hashcat (v6.1.1-120-g15bf8b730) starting...
CUDA API (CUDA 11.2)
====================
* Device #1: GeForce GTX 1080 Ti, 10883/11175 MB, 28MCU
OpenCL API (OpenCL 1.2 CUDA 11.2.153) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: GeForce GTX 1080 Ti, skipped
aef50f22801c:987bdcf9f950:8381533406003807685881523:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: 8381533406003807685881523 (AP:ae:f5:0f:22:80:1c STA:98:7b:dc:f9:f9:50)
Time.Started.....: Wed Mar 3 21:17:13 2021 (0 secs)
Time.Estimated...: Wed Mar 3 21:17:13 2021 (0 secs)
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 31 H/s (0.41ms) @ Accel:8 Loops:64 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 50c Fan: 33% Util: 35% Core:1657MHz Mem:5005MHz Bus:16
Started: Wed Mar 3 21:17:12 2021
Stopped: Wed Mar 3 21:17:15 2021
real 0m2,899s
user 0m0,652s
sys 0m0,478s
or use hcxhashtool with option on a 22000 hash file:
Code:
-i <file> : input PMKID/EAPOL hash file
--psk=<PSK> : pre-shared key to test
due to PBKDF2 calculation this is a very slow process
no nonce error corrections
--pmk=<PMK> : plain master key to test
no nonce error corrections
test2.22000 contain all 3 example hashes in a single file:
Code:
WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***
WPA*01*2582a8281bf9d4308d6f5731d0e61c61*4604ba734d4e*89acf0e761f4*ed487162465a774bfba60eb603a39f3a***
WPA*02*dd380bd54bc9c316dce31562c22c87d1*aef50f22801c*987bdcf9f950*38333831353333343036303033383037363835383831353233*1e33f3eca3a1f2216a52b60c87191e7473ac54ecb023ac5989becf1e3c7e4509*01030077fe010900200000000000000001faf192b205d47b81f43f91f850c81976da019e00722f3958370692ab0562f70b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f202*00
To test a complete hashfile (new hashcat mode -m 22000) against a single PSK or PMK:
Code:
$ time hcxhashtool -i testall3.22000 --psk='hashcat!'
f4747f87f9f4:fc690c158264:hashcat-essid:88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc:hashcat!
89acf0e761f4:4604ba734d4e:$HEX[ed487162465a774bfba60eb603a39f3a]:5b13d4babb3714ccc62c9f71864bc984efd6a55f237c7a87fc2151e1ca658a9d:hashcat!
987bdcf9f950:aef50f22801c:8381533406003807685881523:27728647ac66c5edea4d448fd2c1da57cf02e6347b1465a0d43142c6bd6e37b6:hashcat!
OUI information file...: /home/zerobeat/.hcxtools/oui.txt
OUI entires............: 29508
total lines read.......: 3
valid hash lines.......: 3
PMKID hash lines.......: 2
EAPOL hash lines.......: 1
real 0m0,128s
user 0m0,122s
sys 0m0,007s
compared to hashcat hash mode -m 22000:
Code:
$ time hashcat -m 22000 testall3.22000 -a 3 'hashcat!'
hashcat (v6.1.1-120-g15bf8b730) starting...
CUDA API (CUDA 11.2)
====================
* Device #1: GeForce GTX 1080 Ti, 10879/11175 MB, 28MCU
OpenCL API (OpenCL 1.2 CUDA 11.2.153) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: GeForce GTX 1080 Ti, skipped
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
2582a8281bf9d4308d6f5731d0e61c61:4604ba734d4e:89acf0e761f4:$HEX[ed487162465a774bfba60eb603a39f3a]:hashcat!
dd380bd54bc9c316dce31562c22c87d1:aef50f22801c:987bdcf9f950:8381533406003807685881523:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: testall3.22000
Time.Started.....: Wed Mar 3 21:34:27 2021 (0 secs)
Time.Estimated...: Wed Mar 3 21:34:27 2021 (0 secs)
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 27 H/s (0.41ms) @ Accel:8 Loops:64 Thr:1024 Vec:1
Recovered........: 3/3 (100.00%) Digests, 3/3 (100.00%) Salts
Progress.........: 3/3 (100.00%)
Rejected.........: 0/3 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:2 Amplifier:0-1 Iteration:0-1
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 46c Fan: 36% Util: 76% Core:1657MHz Mem:5005MHz Bus:16
Started: Wed Mar 3 21:34:26 2021
Stopped: Wed Mar 3 21:34:28 2021
real 0m2,277s
user 0m0,627s
sys 0m0,579s
Fast enough?
Or use hcxdumptool with option weakcandidate to verify PSK during capturing:
Code:
--weakcandidate=<password> : use this pre shared key (8...63 characters) for weak candidate alert
will be saved to pcapng to inform hcxpcaptool
default: 12345678
BTW:
hcxdumptool/hcxtools are designed to run on small systems like a Raspberry Pi.