Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

hashcat Forum > Support > hashcat > Does the new method work out of the box with Cali?
Full Version: Does the new method work out of the box with Cali?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Ar76

08-15-2019, 01:07 PM
So there's a new method using hexdumptool, does it work out of the box with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and will it work on windows?

Does it still require your WiFi adapter to be put into monitor mode?

ZerBea

08-15-2019, 01:28 PM
It depend on the WiFi adapter and the driver. If the driver support monitor mode and full packet injection, it will work out of the box, running Linux systems.

Preferred distribution is Arch Linux, but others should work, too. Many distributions develop hcxdumptool via their packet system:
https://www.archlinux.org/packages/commu...xdumptool/
https://packages.debian.org/sid/hcxdumptool
https://packages.ubuntu.com/de/eoan/hcxdumptool
https://pkg.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).org/pkg/hcxdumptool
https://archlinuxarm.org/packages/aarch64/hcxdumptool
https://archlinuxarm.org/packages/armv7h/hcxdumptool
https://archlinuxarm.org/packages/armv6h/hcxdumptool
https://archlinuxarm.org/packages/arm/hcxdumptool


BTW:
hcxdumptool has a new option to test the driver: --check driver. Here we run several tests to determine that driver support all(!) required system calls to run the attacks.
No need to run third party tools to put device into monitor mode. hcxdumptool will do this.

It does not work on Windows. Native Windows drivers doesn't support monitor mode and packet injection.

Ar76

08-15-2019, 01:49 PM
(08-15-2019, 01:28 PM)ZerBea Wrote: [ -> ]It depend on the WiFi adapter and the driver. If the driver support monitor mode and full packet injection, it will work out of the box, running Linux systems.

Preferred distribution is Arch Linux, but others should work, too. Many distributions develop hcxdumptool via their packet system:
https://www.archlinux.org/packages/commu...xdumptool/
https://packages.debian.org/sid/hcxdumptool
https://packages.ubuntu.com/de/eoan/hcxdumptool
https://pkg.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)).org/pkg/hcxdumptool
https://archlinuxarm.org/packages/aarch64/hcxdumptool
https://archlinuxarm.org/packages/armv7h/hcxdumptool
https://archlinuxarm.org/packages/armv6h/hcxdumptool
https://archlinuxarm.org/packages/arm/hcxdumptool


BTW:
hcxdumptool has a new option to test the driver: --check driver. Here we run several tests to determine that driver support all(!) required system calls to run the attacks.
No need to run third party tools to put device into monitor mode. hcxdumptool will do this.

It does not work on Windows. Native Windows drivers dosn't support monitor mode and packet injection.

Wireshark manages monitor mode i think?

Also there's wlanhelper?

ZerBea

08-15-2019, 02:05 PM
Of course, Wireshark is able to capture packets in monitor mode:
https://wiki.wireshark.org/CaptureSetup/WLAN
but it will put them into monitor mode, running libpcap:
https://wiki.wireshark.org/CaptureSetup/...nitor_mode

hcxdumptool will put the device into monitor mode running ioctl() system calls. No third party tool needed.

iw use ioctl() system calls (like hcxdumptool does it) and libnl (Netlink).

iwconfig is deprecated and should not be used any longer.
https://dougvitale.wordpress.com/2011/12...lacements/

airmon-ng runs iw internally.


But keep in mind:
Nearly everything depend on the driver and its capabilites. Also many, many drivers doesn't support monitor mode and full packet injection:
https://wikidevi.com/wiki/Main_Page

Some examples:
It is possible that a version of a driver works nearly perfect:
rtl8812au v5.2.20
https://github.com/aircrack-ng/rtl8812au/issues/376
while newer versions (5.3.4) failed to run monitor mode and/or packet injection:
https://github.com/aircrack-ng/rtl8812au...-520844406

Also it is a long way to make a driver (nearly) perfect:
https://github.com/openwrt/mt76/issues/2...-500999516

But you can't be sure, that this (nearly) perfect driver will work in future times, if a new issue occured:
https://bugzilla.kernel.org/show_bug.cgi?id=202541
https://bugzilla.kernel.org/show_bug.cgi?id=202243
until it will be finally fixed.

Ar76

08-15-2019, 05:30 PM
Are you saying that libpcap is secret and nobody else has worked out how to code monitor mode for windows, no open source?

slyexe

08-15-2019, 10:17 PM
(08-15-2019, 05:30 PM)Ar76 Wrote: [ -> ]Are you saying that libpcap is secret and nobody else has worked out how to code monitor mode for windows, no open source?
Libpcap is extra overhead and requires additional resources. When you're using a wifi device with 32mb of memory, every bit counts. 

You should really do some google searches before posting on this forum.

ZerBea

08-15-2019, 10:52 PM
@ Ar76
No, libpcap is open source. You can get every information here:
https://github.com/the-tcpdump-group/libpcap

Additionally you need a driver. This driver must support monitor mode and full packet injection! You can find information how to code it here:
https://github.com/microsoft/Windows-dri...k/wlan/WDI

How to capture traffic can be read here:
https://wiki.wireshark.org/CaptureSetup/WLAN

I suggest to read the part starting at "WinPcap"

Supported adapters can be found here:
https://secwiki.org/w/Npcap/WiFi_adapters

And again:
To perform an active attack vector the driver must support full packet injection, too!
hashcat Forum > Support > hashcat > Does the new method work out of the box with Cali?