05-23-2018, 10:27 PM
So the problem is that if cap contains a lot of garbage packets, cap2hccapx cant convert it? How to determine which packets are not needed and I can delete them from .cap file?
You can do a cleaning by hand with wireshark.
just keep the following packets:
associationrequest and/or reassociationrequest (if you have no request look for a beacon and/or a proberesponse from the AP)
M1 from AP
M2 from client (replaycount must be the same as M1)
M3 from AP (replaycount -1 must be the same as M1 or M2)
M4 from client (snonce must not be zeroed, replaycount must be the same as M3 or replaycount -1 must be the same as M1 and/or M2)
this combinations are valid:
(M1 and/or M3) + (M2 and/or M4 - if M4 snonce isn't zeroed)
replycount must match!
Check also the timestamp for the interval (EAPOL timer) between WPA/WPA2 Key Messages (default = 1000 msec). In other words, if you have an M1 from yesterday and an M2 from today the handshake might be not valid (perhaps nonce-error-corrections is working. To determine if nonce-error-corrections is possible you need more than one M1 or M3).
You can retrieve EAPOL timer default values from here (but the might change from vendor to vendor):
https://supportforums.cisco.com/t5/wirel...-p/3122477
Please, how is this "possible list with passwords" generated?
wlandump-ng and/or hcxpcaptool annoying clients. In that case, some of them will send their password in the clear (as proberequests or identityresponses). hcxpcaptool writes this passwords into a file.
Unfortunately we can't distinguish between an ESSID and a password. So, booth of them are written using option -E
By the way, according to this, hcxtools are preinstalled on KaliLinux, but I couldnt run any of the hcxtools (wlandump-ng, hcxpcaptool) in default state. Is is still valid? Or am I doing sth wrong?
That is a question to ask the maintainer of that distro.
According to this:
https://en.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).tools/all/
and that
https://en.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).tools/all/?tool=1779
they are inside the distro.
You can do a cleaning by hand with wireshark.
just keep the following packets:
associationrequest and/or reassociationrequest (if you have no request look for a beacon and/or a proberesponse from the AP)
M1 from AP
M2 from client (replaycount must be the same as M1)
M3 from AP (replaycount -1 must be the same as M1 or M2)
M4 from client (snonce must not be zeroed, replaycount must be the same as M3 or replaycount -1 must be the same as M1 and/or M2)
this combinations are valid:
(M1 and/or M3) + (M2 and/or M4 - if M4 snonce isn't zeroed)
replycount must match!
Check also the timestamp for the interval (EAPOL timer) between WPA/WPA2 Key Messages (default = 1000 msec). In other words, if you have an M1 from yesterday and an M2 from today the handshake might be not valid (perhaps nonce-error-corrections is working. To determine if nonce-error-corrections is possible you need more than one M1 or M3).
You can retrieve EAPOL timer default values from here (but the might change from vendor to vendor):
https://supportforums.cisco.com/t5/wirel...-p/3122477
Please, how is this "possible list with passwords" generated?
wlandump-ng and/or hcxpcaptool annoying clients. In that case, some of them will send their password in the clear (as proberequests or identityresponses). hcxpcaptool writes this passwords into a file.
Unfortunately we can't distinguish between an ESSID and a password. So, booth of them are written using option -E
By the way, according to this, hcxtools are preinstalled on KaliLinux, but I couldnt run any of the hcxtools (wlandump-ng, hcxpcaptool) in default state. Is is still valid? Or am I doing sth wrong?
That is a question to ask the maintainer of that distro.
According to this:
https://en.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).tools/all/
and that
https://en.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).tools/all/?tool=1779
they are inside the distro.