Search Results
|
Post |
Author |
Forum
[asc]
|
Replies |
Views |
Posted |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Please keep in mind: hcxdumptool/hcxtools are designed as analysis tools. They are not designed to attack a single network!
Example:
For a penetration tester, it is important to be able to estimate ... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-01-2020, 11:32 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
I'm working on this feature
https://github.com/ZerBea/hcxtools/blob/master/hcxpcapngtool.c#L1664
but it has very low priority, because tshark and/or Wireshark can do it much better:
$ tshark -r te... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-05-2020, 09:02 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
If you got more information on how many VENDORs still using this fields, please keep us in the loop, here.
BTW:
tshark is a powerfull tool to perform several kinds of analysis and to receive the r... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-05-2020, 09:10 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
That is another amazing feature.
$ hcxpcapngtool -o test.22000 -E wordlist test.pcap
$ hashcat -m 22000 test.22000 wordlist
hcxdumptool attack vector against weak client, converted to pcap by ts... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-06-2020, 01:57 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Now, I'm a little bit confused:
Hello ZerBea, how to convert potfile 16800 and hccapx to 22000 mode.
Do you want to convert your 5.1.0 potfile format to new potfile format?
$ hcxhashcattool -p ol... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-06-2020, 03:28 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
linux-firmware installed?
Files list for linux-firmware:
usr/lib/firmware/mediatek/
usr/lib/firmware/mediatek/mt7610e.bin
usr/lib/firmware/mediatek/mt7610u.bin
usr/lib/firmware/mediatek/mt7615_... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-08-2020, 02:55 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
This information is only available in an original(!) and uncleaned(!) dump file (cap/pcap/pcapng format).
A single BEACON and a single M1 (with PMKID) or a single message pair (M1M2, M2M3, M3M4 not ... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-10-2020, 04:15 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
The TP-LINK Archer T2UH is working out of the box running kernel >= 4.19 and there are no additional driver necessary.
$ lsusb
ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer T2U" 2.4G+5G W... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-08-2020, 12:56 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
We are using a bitmask:
Code:
--
--enable_status= : enable real-time display (waterfall)
some messages are shown only once at the first occur... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-11-2020, 02:17 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
I'll do my very best.
BTW:
Feedback appreciated regarding this commit:
https://github.com/ZerBea/hcxdumptool/commit/6c98258c437b205810fd496d37495e2d48e02cc5
Target: AP with activated Managem... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-12-2020, 01:25 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
There are no(!) errors:
INFO ERROR:0 INCOMING:5831 OUTGOING:3445 PMKID:21 MP:1 GPS:0 RINGBUFFER:17
INFO ERROR:0 that means no device ERROR
INCOMING:5831 received packets
OUTGOING:3445 transmitte... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-15-2020, 09:25 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
The format of a 22000 hashline is:
Code:
--
SIGNATURE*TYPE*PMKID/MIC*MACAP*MACSTA*ESSID*ANONCE*EAPOL*MESSAGEPAIR
SIGNATURE = "WPA"
TYPE = 01 for PMKID, 02 for EAPOL, others to foll... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
03-15-2020, 11:51 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Yes, you are right.
The BPF is a nice and fast kernel feature to filter out unwanted packets. You can combine everything (MAC_AP, MAC_CLIENT, rx branch, tx branch). The best way to use BPFC is to p... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
03-17-2020, 11:13 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Hi ciccio17. Thanks, I'm fine. You too?
This is my test environment:
Arch Linux x86 (archlinux-2020.02.01-x86_64) hcxdumptool, hcxtools, hashcat, JtR
$ uname -r
5.5.5-arch1-1
Arch Linux Arm (... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
02-23-2020, 11:06 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
can be done by bash scripts, too.
Quick and dirty solution:
Code:
--
#!/bin/bash
while read -r line;
do
printf $line | awk 'BEGIN { FS = "*" } ; { printf $4 ":" }'
printf $line | awk '... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
03-27-2020, 09:53 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
hcxhashtool will do the job:
get example hash (22000) from here:
https://hashcat.net/wiki/doku.php?id=example_hashes
and run hcxhashtool to retrieve information
Code:
--
$ hcxhashtool -i ex... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
03-27-2020, 07:41 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
I changed naming from AP-LESS to ROGUE ATTACK, because the attack vector isn't AP-LESS or CLIENT-LESS. Instead hcxdumptool will act as a "ROGUE" ACCESS POINT for a CLIENT and as a ROGUE CLIENT for an ... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
05-12-2020, 04:56 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
We have an initial start value for MAC_AP and MAC_STA:
Code:
--
$ sudo hcxdumptool -i wlp39s0f3u3u1u2
initialization...
start capturing (stop with ctrl+c)
NMEA 0183 SENTENCE........: N/A
INTERFACE... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
05-13-2020, 08:42 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
No, because we have to stay much longer on the channel do do this.
Besides:
AUTHENTICATION REQUEST, AUTHENTICATION RESPONSE,
ASSOCIATION REQUEST, ASSOCIATIONREPONSE
(each of them followed by an AC... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
05-14-2020, 08:15 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Very well observed.
We don't want to flood the terminal with duplicated messages. So every combination AP - ESSID is only displayed once on first occurrence. Some CLIENTs randomize their MACs - that... |
|
ZerBea |
User Contributions
|
648 |
487,315 |
05-19-2020, 07:54 PM |