Comments (8)
Nevermind, grabbed a test pcap from Aircrack, no problems with that. Something is up with my pcap file. Thanks!
from hcxtools.
ok
from hcxtools.
Same issue with pcap file from bettercap.
from hcxtools.
Please attach pcap file (compressed as zip - git will accept this).
from hcxtools.
To use hashcat mode 16800 you need an ESSID and a PMKID!
If you take a look at #92 (comment)
you see that we have 2 good PMKIDs, but no(!) ESSID.
hashcat can't run this hash in hashmode 16800, so there is no need for hcxpcaptool to convert it.
BTW:
hcxdumptool will do that (make sure we got all information) during capturing process. If you run other tools to capture traffic, make sure that they really capture all(!) required packets to recover the PSK. Not all tools will do this!
If you really need to "clean/convert" a cap/pcap/pcapng file, run
$ tshark -r "inputfile" -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcapng -w "outputfile"
or, if you prefer ancient formats:
$ tshark -r "inputfile" -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcap -w "outputfile
from hcxtools.
Nevertheless: the PMKIDs are good and we can convert them to run hashmode 16801 on them.
Added 2 new options to hcxpcaptool to convert raw PMKIDs
-K : output raw PMKID file (hashcat hashmode -m 16801 new format)
-Z : output raw PMKID file (hashcat hashmode -m 16801 old format and john)
use this option(s) if you would like to verify a PMKID and you don't have an ESSID
$ hcxpcaptool -K raw.16801 test.pcapng
reading from test.pcapng
summary:
file name....................: test.pcapng
file type....................: pcapng 1.0
file hardware information....: armv6l
file os information..........: Linux 4.19.42-1-ARCH
file application information.: hcxdumptool 5.1.4
network type.................: DLT_IEEE802_11_RADIO (127)
endianness...................: little endian
read errors..................: flawless
packets inside...............: 1
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 0
EAPOL packets (total)........: 1
EAPOL packets (WPA2).........: 1
EAPOL PMKIDs (total).........: 1
EAPOL PMKIDs (WPA2)..........: 1
best PMKIDs..................: 1
1 raw PMKID(s) written to raw.16801
keep in mind:
hashcat hash modes 16801 and 2501 are verification modes (verify EAPOL and/or PMKID by existing PMK).
from hcxtools.
Please attach pcap file (compressed as zip - git will accept this).
Unfortunately i cannot attach file with sensitive data, but you can try with bettercap.
Thanks for your answer about "ESSID and a PMKID". "-Z" option works.
from hcxtools.
Unfortunately I don't use bettercap (depend on deprecated tools: https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/)
But output of hcxpcaptool -V doesn't contain sensitive data, so you can add them here:
$ hcxpcaptool -V your_pcap_file
It looks like bettercap doesn't capture/store required packets (-Z convert hashes and -z doesn't).
Also there are many, many important informations within WiFi traffic, which are ingnored. It is really a good idea to capture them, too.
For example a typical hcxdumptool pcapng file (captured by https://github.com/ZerBea/hcxdumptool/wiki/Penetration-testing-system-2)
$ hcxpcaptool -V capture.pcapng.gz
decompressing capture.pcapng.gz to /tmp/capture.pcapng.gz.tmp
reading from capture.pcapng.gz.tmp
summary:
file name....................: capture.pcapng.gz.tmp
file type....................: pcapng 1.0
file hardware information....: armv6l
file os information..........: Linux 4.19.37-2-ARCH
file application information.: hcxdumptool 5.1.4
network type.................: DLT_IEEE802_11_RADIO (127)
endianness...................: little endian
read errors..................: flawless
packets inside...............: 19017
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 0
WDS packets..................: 116
beacons (with ESSID inside)..: 5258
beacons (with MESH-ID inside): 17
probe requests...............: 1097
probe responses..............: 1287
association requests.........: 662
association responses........: 604
reassociation requests.......: 183
reassociation responses......: 167
authentications (OPEN SYSTEM): 2499
authentications (BROADCOM)...: 2369
authentications (SONOS)......: 77
authentications (APPLE)......: 30
EAPOL packets (total)........: 6142
EAPOL packets (WPA1).........: 33
EAPOL packets (WPA2).........: 6109
EAPOL PMKIDs (total).........: 2552
EAPOL PMKIDs (WPA1)..........: 17
EAPOL PMKIDs (WPA2)..........: 2535
EAP packets..................: 726
EAP START packets............: 1
found........................: EAP type ID
found........................: PEAP Authentication
best handshakes..............: 448 (ap-less: 297)
best PMKIDs..................: 740
Running options -k and -o this hashes are witten:
446 handshake(s) written to eapol.hccapx
739 PMKID(s) written to pmkid.16800
You should consider to run hcxdumptool instead of bettercap, if hcxpaptool shows less on your pcap file than that .
And if you run -E option of hcxpcaptool on a hcxdumptool pcapng and feed it to hashcat:
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: eapol.hccapx
Time.Started.....: Fri May 31 09:36:17 2019 (6 secs)
Time.Estimated...: Fri May 31 09:36:23 2019 (0 secs)
Guess.Base.......: File (prlist)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 183.2 kH/s (2.39ms) @ Accel:16 Loops:512 Thr:64 Vec:1
Recovered........: 25/446 (5.61%) Digests, 19/302 (6.29%) Salts
Progress.........: 1320344/1320344 (100.00%)
Rejected.........: 146772/1320344 (11.12%)
Restore.Point....: 4372/4372 (100.00%)
Restore.Sub.#1...: Salt:301 Amplifier:0-1 Iteration:0-1
you can imagine what you are missing, when you don't run hcxdumptool!
from hcxtools.
Related Issues (20)
- hcxtools 6.3.1 regression test failure (format WPA*01*: additional PMKID MESSAGEPAIR field) HOT 6
- Error = hcxpcapngtool.c:27:10: fatal error: openssl/core.h: No such file or directory due to missing dependency (openssl >= 3.0) HOT 2
- Nothing find with EWSA when converts hash file hccapx to cap with hcxhash2cap. HOT 4
- fatal error: openssl/core.h: No such file or directory HOT 4
- Short, greppable outputs
- Windows/MSYS Make support HOT 2
- handshake detection HOT 40
- NO
- No
- wifite ends in an infinite loop HOT 6
- About using - o some questions HOT 17
- atal error: openssl/core.h: No such file or directory HOT 3
- valid message pairs and nonce-error-corrections HOT 29
- hcxhash2cap not working on some files HOT 18
- feature request: hcxhashtool - add import function of deprecatred hccapx hash files HOT 1
- feature request: hcxhashtool - add import function of ancient hccap hash file HOT 1
- please help me in this issue HOT 1
- Maximum of supported interfaces reached HOT 3
- fatal error: openssl/sha.h: No such file or directory (misconfigured KALI distribution) HOT 9
- Issue with cap2hccapx.bin not producing readable hash HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hcxtools.