Search Results
|
Post |
Author
[asc]
|
Forum |
Replies |
Views |
Posted |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Running hcxpcaptool to convert EAPOL (-o) and PMKID (-k or -z) is fine.
The content of -E is very interesting, because we can find several passwords (PSK) inside. You should know, that
hcxdumptool... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-04-2019, 08:18 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
hcxpcaptool doing hexify in the same way like hashcat. If we have non ASCII characters inside the traffic, we do a conversion to HEX-ASCII, too. hashcat understand this and will try this values as PSK... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-04-2019, 06:03 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
It is important to collect the -E and -I lists to an archive list!
It is important to add collect PMKIDs (.16800) and EAPOLs (hccapx) to archive hash lists!
And it is important to run .16800 archive... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-04-2019, 06:42 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
You should do both (convert to .2500 and .16800) and run -E and -I list on them.
But, yes, it make more sense to run -E and -I against .2500
It also depends on what you want. Let's run through the... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-04-2019, 08:15 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
hcxpsktool is a powerful tool in combination with hashcat. To improve speed on large hash files, it should be wrapped by a script:
hash mode 2500:
wlanhcx2ssid -i "$HOME/.....path_to your hashfile... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-05-2019, 09:39 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
hcxwltool is also a powerful tool in combination with hashcat. It is designed to run on -E and -I output of hcxpcaptool and can be wrapped by a script, too:
In this example we also expect PSKs of l... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-05-2019, 09:53 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
1) capture traffic:
new area:
hcxdumptool --gpio_button=4 --gpio_statusled=17 -i $WLANDEV -o $ARCHIVNAME.pcapng --poweroff --filterlist=blacklistown --filtermode=1 --give_up_ap_attacks=100000 --give... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-05-2019, 10:21 PM |
|
|
Thread: Hashcat not cracking even though dictionary has the password (wifi wpa)
Post: RE: Hashcat not cracking even though dictionary ha...
Yes, cap file and hccapx is ok:
$ hcxpcaptool -o test.hccapx test.cap
reading from test.cap
summary:
file name........................: test.cap
file typ... |
|
ZerBea |
hashcat
|
7 |
3,672 |
06-22-2019, 05:32 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
If you're only interested to run the Raspberry as capture / conversion engine, I recommend to install Arch.
Do not install "K*A*L*I", because it is substantially oversized!
Attached a small howto:... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-06-2019, 08:38 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
-z old hashcat separator * (also used by JtR)
-k new hashcat separator :
hashcat accept both, because it has a build in fallback to the old format.
The new one is used in potfile and outfile... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-06-2019, 06:29 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
By this hcxtools commit
https://github.com/ZerBea/hcxtools/commit/4eabcc01ed607f8b2a16d4948170ca0da23ddbcb
we detect and convert PMKIDs from clients, too. Therefore we use the RSN information field... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-08-2019, 09:57 AM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Here is an example running hcxdumptool-> hcxtools -> hashcat:
1) run hcxdumptool
2) get info about pcapng file
$ hcxpcaptool -o test.hccapx -k test.16800 hcxdumptool_dump.pcapng.gz
decompressi... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-08-2019, 12:11 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
Do not clean hcxdumptool pcapng files, otherwise you will loose important information.
This is a complete run on all hash files: hcxdumptool -> hcxtools -> hashcat
Session..........: hashcat
... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-08-2019, 12:17 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
That depend on your technics, tactics and procedures and a lot of experience.
You must establish an environment and a good database:
$ wc essidliste
5504870 7164072 73826553 essidliste
$ wc ... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-08-2019, 01:12 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
No, wrong attempt:
-M = IMSIs of clients within your range - usful to set up an IMSI catcher
-X = useful to track the client
-T = only statistic purpose
-g = useful in combination with a GPS dev... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-08-2019, 02:27 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
After getting a pmkid file from a capture with -k, should I depure It and erase repeated ESSIDs ?
Yes you can do it, if ESSID and MAC_AP is the same - that will speed up hashcat a little bit
Do yo... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-08-2019, 03:47 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
I saw people using Wlandump instead hcxdumptool.. any difference on the output?
wlandump-ng is the predecessor of hcxdumptool. It has less functions and it depend on libpcap. That make it slow.
hcxd... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-08-2019, 04:12 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
run it as background task
$ hcxdumptool -i interface ..... & |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-08-2019, 05:23 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
TP-LINK Archer T2UH
ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer T2U" 2.4G+5G WLAN Adapter)
$ hcxdumptool -I
wlan interfaces:
503eaaa08f6f wlp3s0f0u10u2 (mt76x0u)
$ hcxdumptool -i w... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-08-2019, 09:11 PM |
|
|
Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Post: RE: hcxtools - solution for capturing wlan traffic...
If you take a look at this photo:
https://github.com/ZerBea/hcxdumptool/wiki/Penetration-testing-system-1
You'll see a "push button" and a LED.
Both are used to control the RPI.
The push button ... |
|
ZerBea |
User Contributions
|
648 |
487,343 |
06-09-2019, 09:43 AM |