NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - AP-less attack with hcxtools


59 Results - Page 2 of 2 -
1 2
Author Message
Avatar
meso

Status: Banned
Joined: Wed, 19 Sep 2018
Posts: 25
Team:
Reputation: 0 Reputation
Offline
Sat, 29 Sep 2018 @ 14:08:50

WARNING! User is BANNED and maybe a SCAMMER.

freeroute said:

meso said:

This is great, so we can use AP-less attack to get handshake by
using different BSSID to one from true AP?

Yes. This is correct.

cool!
this will help those who want to test on gpuhash and then post here for free
with different BSSID that cannot be checked


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Sat, 29 Sep 2018 @ 14:13:17

I don't think so.
Ask @gpuhash_me...


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
payknight

Status: Cracker
Joined: Wed, 13 Apr 2016
Posts: 610
Team: just4fun
Reputation: 361 Reputation
Offline
Sat, 29 Sep 2018 @ 14:21:51

freeroute said:

I don't think so.
Ask @gpuhash_me...

when using -O does pkmid will convert to hccapx ?

cuz -o will output only hccapx formart, and -z will output only pkmid hash.


+rep if i helped
BTC : 1PAyKniGHt7yyCb8HdsziTHBEFX6zkGSHz

Avatar
meso

Status: Banned
Joined: Wed, 19 Sep 2018
Posts: 25
Team:
Reputation: 0 Reputation
Offline
Sat, 29 Sep 2018 @ 14:33:39

WARNING! User is BANNED and maybe a SCAMMER.

freeroute said:

I don't think so.
Ask @gpuhash_me...

their database is key with BSSID and AP-less allow use any BSSID


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Sat, 29 Sep 2018 @ 14:49:32

payknight said:

freeroute said:

I don't think so.
Ask @gpuhash_me...

when using -O does pkmid will convert to hccapx ?

cuz -o will output only hccapx formart, and -z will output only pkmid hash.

It is not possible to convert a PMKID back to a hccapx.

-O is an option to do analysis. It calculates all(!) message_pairs. 99% of this hashes will lead to uncrackable results.
Developers/coders use this mode to find issues in the detection of the handshakes!

-O is not a mode for a normal user.Do not use this mode, if you are not an analyst or a coder!

Use "-o" option.


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Sat, 29 Sep 2018 @ 17:54:54

@meso

I received an answer from @gpuhash_me for your question:

"The BSSID is not the only key in the database, we could check also PMKID hash or handshake MIC fields (which is inconvenient but possible), but if average user is smart enough to perform AP-less attack, change the BSSID, upload the handshake to gpuhash.me then ask for free password (with different BSSID) on the forum ....
The main purpose of the rule is to prevent script kiddies from vasting our GPU resources then ask for free passwords..."


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
meso

Status: Banned
Joined: Wed, 19 Sep 2018
Posts: 25
Team:
Reputation: 0 Reputation
Offline
Sat, 29 Sep 2018 @ 18:07:10

WARNING! User is BANNED and maybe a SCAMMER.

freeroute said:

@meso

I received an answer from @gpuhash_me for your question:

"The BSSID is not the only key in the database, we could check also PMKID hash or handshake MIC fields (which is inconvenient but possible), but if average user is smart enough to perform AP-less attack, change the BSSID, upload the handshake to gpuhash.me then ask for free password (with different BSSID) on the forum ....
The main purpose of the rule is to prevent script kiddies from vasting our GPU resources then ask for free passwords..."

all proposed checks are trivial to bypass so not worth bothering with
each handshake has different MIC due to random nonces so bypass with two different handshakes
PMKID depends on BSSID so is no better to check than BSSID
agree u will be safe while forum is full of script kiddies


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Wed, 31 Oct 2018 @ 08:02:56

UPDATE hcxtools are in sync with hashcat --30.10.2018
==========
hcxtools moved to version 5.0.0
hcxpsktool: added NETGEARxx list
--netgear : include NETGEAR candidates


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Wed, 07 Nov 2018 @ 10:32:50

UPDATE -- 07.10.2018
==========

hcxdumptool - added new option filter mode 3:
--filterlist=file                : mac filter list
                                     format: 112233445566 + comment
                                     maximum line lenght 255, maximum entries 64
--filtermode=digit          : mode for filter list
                                     1: use filter list as protection list (default) in transmission branch
                                        receive everything, interact with all APs and CLIENTs in range,
                                        except(!) the ones from the filter list
                                     2: use filter list as target list in transmission branch
                                        receive everything, only interact with APs and CLIENTs in range,
                                        from the filter list
                                     3: use filter list as target list in receiving branch
                                        only receive APs and CLIENTs in range,
                                        from the filter list


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
pasnger57

Status: Member
Joined: Tue, 11 Sep 2018
Posts: 356
Team:
Reputation: 181 Reputation
Offline
Mon, 12 Nov 2018 @ 17:31:38

my bad i wrong page


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Mon, 26 Nov 2018 @ 11:02:44

26.11.2018 -- hcxtools and hcxdumptool update
==========
several big endian fixes
switched to version 5.0.1


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Thu, 29 Nov 2018 @ 10:57:39

27.11.2018 -- hcxdumptool update
==========
added new option:
--poweroff : once hcxdumptool finished, power off system


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Tue, 04 Dec 2018 @ 12:39:02

Added a new option -C to hcxdumptool:

usage:
sudo hcxdumptool -i interface -C

Now hcxdumptool tries to set all wlan channels and reports
success:

$ sudo hcxdumptool -I
wlan interfaces:
7cdd908c166a wlp39s0f3u4u4 (rt2800usb)

$ sudo hcxdumptool -i wlp39s0f3u4u4 -C
available channels:
1,2,3,4,5,6,7,8,9,10,11,12,13,14


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Fri, 07 Dec 2018 @ 06:41:07

Due to this post, there is an update (hcxdumptool).
Now we have additional informations in the help menu:

-C : show available channels and quit if no channels are available, interface is pobably in use or doesn't support monitor mode

--do_rcascan : show radio channel assignment (scan for target access points) this can be used to test if packet injection is working if no access point responds, packet injection is probably not working


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Sat, 15 Dec 2018 @ 08:41:16

13.12.2018 - hcxtools update
==========

hcxpcaptool: removed options -x and -X (old hccap format)
hcxpcaptool: added options --hccap-out and --hccap-raw-out (old hccap format)

--hccap-out= file : output old hccap file (hashcat -m 2500)
--hccap-raw-out= file : output raw old hccap file (hashcat -m 2500)


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Tue, 18 Dec 2018 @ 08:08:03

15.12.2018 - hcxdumptool update
==========

improved random generator (now seeded with and adapter mac address)
Raspberry Pi: improved handling of GPIO switch


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Fri, 21 Dec 2018 @ 01:26:43

20.12.2018 - hcxdumptool update
==========

improved detection of broken driver
from now on GPIO LED blinks twice
- every 5 seconds if a possbile driver issue is detected
- if no packets received during the last past 5 seconds

another indicator is that the incomming packetcounter (rx=xxxx)
doesn't increase

or dmesg show this error:
[65786.808078] ieee80211 phy2: rt2x00queue_flush_queue: Warning - Queue 14 failed to flush
[65824.174119] ieee80211 phy2: rt2x00queue_flush_queue: Warning - Queue 14 failed to flush
[67801.029527] ------------[ cut here ]------------

it seems to be a kernel issue that hcxdumptool isn't able to handle, automaticly:
https://bbs.archlinux.org/viewtopic.php?id=237028
https://bugs.openwrt.org/index.php?do=details&task_id=929&opened=169&status%5B0%5D=
https://community.spiceworks.com/topic/2132263-ubuntu-16-04-wifi-disconnects-randomly
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1750226
https://www.raspberrypi.org/forums/viewtopic.php?t=206815

workaround:
1) get driver information
$ hcxdumptool -I
wlan interfaces:
7cdd90xxxxxx wlp3s0f0u2 (rt2800usb)

2) remove module
$ modprobe -r rt2800usb

3) load module
$ modprobe rt2800usb


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Wed, 09 Jan 2019 @ 16:22:16

08.01.2019 - hcxdumptool update
==========

hcxdudmptool and mac80211_hwsim
mac80211_hwsim is a Linux kernel module that can be used to simulate arbitrary number of IEEE 802.11 radios for mac80211. It can be used to test hcxdumptool:

load module:
$ sudo modprobe mac80211_hwsim

run hcxdumptool to retrieve informations about the interface:
$ hcxdumptool -I
wlan interfaces:
020000000000 wlan0 (mac80211_hwsim)
020000000100 wlan1 (mac80211_hwsim)

bring monitor interface up:
$ sudo sudo ip link set hwsim0 up

run hcxdumptool:
$ sudo hcxdumptool -i wlan0
initialization...

start capturing (stop with ctrl+c)
INTERFACE:...............: wlan0
ERRORMAX.................: 100 errors
FILTERLIST...............: 0 entries
MAC CLIENT...............: c8aacc9c01ec
MAC ACCESS POINT.........: 580943000000 (incremented on every new client)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 62263
ANONCE...................: 513282ebb604e6e10c450d6c3eaa6428d118b54abeef4672be3ef700052305d5

INFO: cha=11, rx=0, rx(dropped)=0, tx=120, powned=0, err=0

run wireshark on wlan0 or hwsim0 to monitor hcxdumptool output.

read more here:
https://www.kernel.org/doc/readme/Documentation-networking-mac80211_hwsim-README


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Sun, 03 Feb 2019 @ 10:09:52

02.02.2019
==========

release hcxtools v 5.1.1
removed....: wlanhcx2psk
replaced by: hcxpsktool

removed....: wlanhcx2cap
replaced by: hcxhash2cap
no more libcap dependency!


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Sun, 10 Mar 2019 @ 11:45:50

09.03.2019 -- UPDATE
==========

hcxdumptool moved to v 5.1.4

https://paste.hashkiller.co.uk/GKa5ztOW


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Tue, 19 Mar 2019 @ 07:54:35

18.03.2019
==========

wlancap2wpasec: added man 1 page
hcxpcaptool: added new option -M to collect IMSI numbers
-M file : output unsorted IMSI number list


Added new option -M to hcxpcaptool to collect IMSI numbers:
https://github.com/ZerBea/hcxtools/commit/e1ca41601f635076b824fffc722004bb7890c767


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
dydrax1

Status: n/a
Joined: Tue, 01 Nov 2016
Posts: 41
Team:
Reputation: 0 Reputation
Offline
Wed, 27 Mar 2019 @ 08:40:19

Hi i'm using raspberry pi zero W wifi chip,
but when i use hcxdumptool its say

wlan0mon already in monitor mode
interface is not up

I'm using Kali.2019.1.nexmon.p0w


Avatar
vtar

Status: Banned
Joined: Wed, 07 Mar 2018
Posts: 284
Team:
Reputation: 126 Reputation
Offline
Wed, 27 Mar 2019 @ 09:52:05

WARNING! User is BANNED and maybe a SCAMMER.

dydrax1 said:

Hi i'm using raspberry pi zero W wifi chip,
but when i use hcxdumptool its say

wlan0mon already in monitor mode
interface is not up

I'm using Kali.2019.1.nexmon.p0w

Can I know are you using CD or live boot


Avatar
dydrax1

Status: n/a
Joined: Tue, 01 Nov 2016
Posts: 41
Team:
Reputation: 0 Reputation
Offline
Wed, 27 Mar 2019 @ 11:48:51

vtar said:

dydrax1 said:

Hi i'm using raspberry pi zero W wifi chip,
but when i use hcxdumptool its say

wlan0mon already in monitor mode
interface is not up

I'm using Kali.2019.1.nexmon.p0w

Can I know are you using CD or live boot

i'm using that image installed in my sdcard


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Wed, 27 Mar 2019 @ 12:52:06

dydrax1 said:

Hi i'm using raspberry pi zero W wifi chip,
but when i use hcxdumptool its say

wlan0mon already in monitor mode
interface is not up

I'm using Kali.2019.1.nexmon.p0w


I recommend to read the README file.
"* Do not use a logical interface and leave the physical interface in managed mode.
* Do not use hcxdumptool in combination with aircrack-ng, reaver, bully or other tools which takes access to the interface

* Stop all services which takes access to the physical interface (NetworkManager, wpa_supplicant,...)"

do not run hcxdumptool on logical interfaces (monx, wlanxmon)
do not use hcxdumptool in combination with other 3rd party tools, which take access to the interface


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Fri, 29 Mar 2019 @ 07:53:03

Support from the developer of hcxtools:

The user should read this here:
https://github.com/Bal33p/HCXDumpTool-on-RasberryPi-Zero-W-Using-Onboard-Broadcom-Chip-HowTo

So, running an unmodified KALI immage is not enough!

The user should also read this:
https://github.com/ZerBea/hcxdumptool/issues/42#issuecomment-477475676


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Wed, 03 Apr 2019 @ 10:41:01

02.04.2019 - hcxtools update
==========

Due to hashcat changes: "WPA/WPA2 cracking: In the potfile, replace password with PMK in order to detect already cracked networks across all WPA modes"

https://github.com/hashcat/hashcat/commit/b8d609ba1604f4fed62198ae5000e205dcc87f70

hcxpcaptool: added new option -k to convert dumpfile to new hashcat PMKID format

-k file : output PMKID file (hashcat hashmode -m 16800 new format)
-z file : output PMKID file (hashcat hashmode -m 16800 old format and john)

use hcxhashcattool to convert old 2500 and old 16800 potfile to new hashcat potfile format:

-p file : input old hashcat potfile, accepted potfiles: 2500 or 16800
-P file : output new potfile file (PMK:ESSID:PSK)

hcxhashcattool -p oldhashcat.2500.pot -P newhashcat.potfile
hcxhashcattool -p oldhashcat.16800.pot -P newhashcat.potfile

hcxdumptool: added new option --silent
--silent : do not transmit! hcxdumptool is acting like a passive dumper

added cflag DEBUG
if compiled with DEBUG, hcxdumptool show raw packets and raw GSP data, directly received from the device

removed ALFA AWUS036NH from the "known as workinging list", because the device doesn't work any longer, running kernel 5.0.


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Sat, 08 Jun 2019 @ 10:43:36

07.06.2019
==========

hcxpcaptool: detect and convert PMKIDs from clients

From now on we also retrieve PMKIDs from some clients!

PMKIDs (WPA2)................: 49
PMKIDs from access points....: 49
PMKIDs from stations.........: 6
...
best PMKIDs..................: 19

Technical background: https://hashcat.net/forum/thread-6661-post-44869.html#pid44869


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3375
Team:
Reputation: 10313 Reputation
Offline
Wed, 26 Jun 2019 @ 13:54:50

23.06.2019 -- UPDATE
==========

https://paste.hashkiller.co.uk/LTna2Pjm


BTC: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp
General rules | Paid section rules


59 Results - Page 2 of 2 -
1 2

We have a total of 197586 messages in 24439 topics.
We have a total of 21713 registered users.
Our newest registered member is hayamaPrs.