NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - AP-less attack with hcxtools

WARNING!
Due to the number of SCAMS going on in the PAID forum, PLEASE ask an ADMIN or MODERATOR to verify ALL found passwords to ensure you are not being SCAMMED.
DO NOT PAY until an ADMIN or MOD has verified them for you!


49 Results - Page 2 of 2 -
1 2
Author Message
Avatar
meso

Status: Banned
Joined: Wed, 19 Sep 2018
Posts: 25
Team:
Reputation: 0 Reputation
Offline
Sat, 29 Sep 2018 @ 14:08:50

WARNING! User is BANNED and maybe a SCAMMER.

freeroute said:

meso said:

This is great, so we can use AP-less attack to get handshake by
using different BSSID to one from true AP?

Yes. This is correct.

cool!
this will help those who want to test on gpuhash and then post here for free
with different BSSID that cannot be checked


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Sat, 29 Sep 2018 @ 14:13:17

I don't think so.
Ask @gpuhash_me...


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
payknight

Status: Cracker
Joined: Wed, 13 Apr 2016
Posts: 527
Team: just4fun
Reputation: 360 Reputation
Offline
Sat, 29 Sep 2018 @ 14:21:51

freeroute said:

I don't think so.
Ask @gpuhash_me...

when using -O does pkmid will convert to hccapx ?

cuz -o will output only hccapx formart, and -z will output only pkmid hash.


+rep if i helped
BTC : 1PAyKniGHt7yyCb8HdsziTHBEFX6zkGSHz

Avatar
meso

Status: Banned
Joined: Wed, 19 Sep 2018
Posts: 25
Team:
Reputation: 0 Reputation
Offline
Sat, 29 Sep 2018 @ 14:33:39

WARNING! User is BANNED and maybe a SCAMMER.

freeroute said:

I don't think so.
Ask @gpuhash_me...

their database is key with BSSID and AP-less allow use any BSSID


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Sat, 29 Sep 2018 @ 14:49:32

payknight said:

freeroute said:

I don't think so.
Ask @gpuhash_me...

when using -O does pkmid will convert to hccapx ?

cuz -o will output only hccapx formart, and -z will output only pkmid hash.

It is not possible to convert a PMKID back to a hccapx.

-O is an option to do analysis. It calculates all(!) message_pairs. 99% of this hashes will lead to uncrackable results.
Developers/coders use this mode to find issues in the detection of the handshakes!

-O is not a mode for a normal user.Do not use this mode, if you are not an analyst or a coder!

Use "-o" option.


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Sat, 29 Sep 2018 @ 17:54:54

@meso

I received an answer from @gpuhash_me for your question:

"The BSSID is not the only key in the database, we could check also PMKID hash or handshake MIC fields (which is inconvenient but possible), but if average user is smart enough to perform AP-less attack, change the BSSID, upload the handshake to gpuhash.me then ask for free password (with different BSSID) on the forum ....
The main purpose of the rule is to prevent script kiddies from vasting our GPU resources then ask for free passwords..."


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
meso

Status: Banned
Joined: Wed, 19 Sep 2018
Posts: 25
Team:
Reputation: 0 Reputation
Offline
Sat, 29 Sep 2018 @ 18:07:10

WARNING! User is BANNED and maybe a SCAMMER.

freeroute said:

@meso

I received an answer from @gpuhash_me for your question:

"The BSSID is not the only key in the database, we could check also PMKID hash or handshake MIC fields (which is inconvenient but possible), but if average user is smart enough to perform AP-less attack, change the BSSID, upload the handshake to gpuhash.me then ask for free password (with different BSSID) on the forum ....
The main purpose of the rule is to prevent script kiddies from vasting our GPU resources then ask for free passwords..."

all proposed checks are trivial to bypass so not worth bothering with
each handshake has different MIC due to random nonces so bypass with two different handshakes
PMKID depends on BSSID so is no better to check than BSSID
agree u will be safe while forum is full of script kiddies


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Wed, 31 Oct 2018 @ 08:02:56

UPDATE hcxtools are in sync with hashcat --30.10.2018
==========
hcxtools moved to version 5.0.0
hcxpsktool: added NETGEARxx list
--netgear : include NETGEAR candidates


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Wed, 07 Nov 2018 @ 10:32:50

UPDATE -- 07.10.2018
==========

hcxdumptool - added new option filter mode 3:
--filterlist=file                : mac filter list
                                     format: 112233445566 + comment
                                     maximum line lenght 255, maximum entries 64
--filtermode=digit          : mode for filter list
                                     1: use filter list as protection list (default) in transmission branch
                                        receive everything, interact with all APs and CLIENTs in range,
                                        except(!) the ones from the filter list
                                     2: use filter list as target list in transmission branch
                                        receive everything, only interact with APs and CLIENTs in range,
                                        from the filter list
                                     3: use filter list as target list in receiving branch
                                        only receive APs and CLIENTs in range,
                                        from the filter list


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
pasnger57

Status: n/a
Joined: Tue, 11 Sep 2018
Posts: 132
Team:
Reputation: 88 Reputation
Offline
Mon, 12 Nov 2018 @ 17:31:38

my bad i wrong page


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Mon, 26 Nov 2018 @ 11:02:44

26.11.2018 -- hcxtools and hcxdumptool update
==========
several big endian fixes
switched to version 5.0.1


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Thu, 29 Nov 2018 @ 10:57:39

27.11.2018 -- hcxdumptool update
==========
added new option:
--poweroff : once hcxdumptool finished, power off system


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Tue, 04 Dec 2018 @ 12:39:02

Added a new option -C to hcxdumptool:

usage:
sudo hcxdumptool -i interface -C

Now hcxdumptool tries to set all wlan channels and reports
success:

$ sudo hcxdumptool -I
wlan interfaces:
7cdd908c166a wlp39s0f3u4u4 (rt2800usb)

$ sudo hcxdumptool -i wlp39s0f3u4u4 -C
available channels:
1,2,3,4,5,6,7,8,9,10,11,12,13,14


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Fri, 07 Dec 2018 @ 06:41:07

Due to this post, there is an update (hcxdumptool).
Now we have additional informations in the help menu:

-C : show available channels and quit if no channels are available, interface is pobably in use or doesn't support monitor mode

--do_rcascan : show radio channel assignment (scan for target access points) this can be used to test if packet injection is working if no access point responds, packet injection is probably not working


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Sat, 15 Dec 2018 @ 08:41:16

13.12.2018 - hcxtools update
==========

hcxpcaptool: removed options -x and -X (old hccap format)
hcxpcaptool: added options --hccap-out and --hccap-raw-out (old hccap format)

--hccap-out= file : output old hccap file (hashcat -m 2500)
--hccap-raw-out= file : output raw old hccap file (hashcat -m 2500)


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Tue, 18 Dec 2018 @ 08:08:03

15.12.2018 - hcxdumptool update
==========

improved random generator (now seeded with and adapter mac address)
Raspberry Pi: improved handling of GPIO switch


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Fri, 21 Dec 2018 @ 01:26:43

20.12.2018 - hcxdumptool update
==========

improved detection of broken driver
from now on GPIO LED blinks twice
- every 5 seconds if a possbile driver issue is detected
- if no packets received during the last past 5 seconds

another indicator is that the incomming packetcounter (rx=xxxx)
doesn't increase

or dmesg show this error:
[65786.808078] ieee80211 phy2: rt2x00queue_flush_queue: Warning - Queue 14 failed to flush
[65824.174119] ieee80211 phy2: rt2x00queue_flush_queue: Warning - Queue 14 failed to flush
[67801.029527] ------------[ cut here ]------------

it seems to be a kernel issue that hcxdumptool isn't able to handle, automaticly:
https://bbs.archlinux.org/viewtopic.php?id=237028
https://bugs.openwrt.org/index.php?do=details&task_id=929&opened=169&status%5B0%5D=
https://community.spiceworks.com/topic/2132263-ubuntu-16-04-wifi-disconnects-randomly
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1750226
https://www.raspberrypi.org/forums/viewtopic.php?t=206815

workaround:
1) get driver information
$ hcxdumptool -I
wlan interfaces:
7cdd90xxxxxx wlp3s0f0u2 (rt2800usb)

2) remove module
$ modprobe -r rt2800usb

3) load module
$ modprobe rt2800usb


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Wed, 09 Jan 2019 @ 16:22:16

08.01.2019 - hcxdumptool update
==========

hcxdudmptool and mac80211_hwsim
mac80211_hwsim is a Linux kernel module that can be used to simulate arbitrary number of IEEE 802.11 radios for mac80211. It can be used to test hcxdumptool:

load module:
$ sudo modprobe mac80211_hwsim

run hcxdumptool to retrieve informations about the interface:
$ hcxdumptool -I
wlan interfaces:
020000000000 wlan0 (mac80211_hwsim)
020000000100 wlan1 (mac80211_hwsim)

bring monitor interface up:
$ sudo sudo ip link set hwsim0 up

run hcxdumptool:
$ sudo hcxdumptool -i wlan0
initialization...

start capturing (stop with ctrl+c)
INTERFACE:...............: wlan0
ERRORMAX.................: 100 errors
FILTERLIST...............: 0 entries
MAC CLIENT...............: c8aacc9c01ec
MAC ACCESS POINT.........: 580943000000 (incremented on every new client)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 62263
ANONCE...................: 513282ebb604e6e10c450d6c3eaa6428d118b54abeef4672be3ef700052305d5

INFO: cha=11, rx=0, rx(dropped)=0, tx=120, powned=0, err=0

run wireshark on wlan0 or hwsim0 to monitor hcxdumptool output.

read more here:
https://www.kernel.org/doc/readme/Documentation-networking-mac80211_hwsim-README


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 2620
Team:
Reputation: 8686 Reputation
Online
Sun, 03 Feb 2019 @ 10:09:52

02.02.2019
==========

release hcxtools v 5.1.1
removed....: wlanhcx2psk
replaced by: hcxpsktool

removed....: wlanhcx2cap
replaced by: hcxhash2cap
no more libcap dependency!


If I helped a +rep is appreciated!

: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules


49 Results - Page 2 of 2 -
1 2

We have a total of 170577 messages in 21367 topics.
We have a total of 19407 registered users.
Our newest registered member is Goshaufaetece.