Coder Social home page Coder Social logo

Comments (6)

ZerBea avatar ZerBea commented on June 9, 2024

Please comment some additional information, too:

$ lsusb (if the adapter is an USB adapter)
$ lspci (if the adapter is a PCIe card)
$ hcxdumptool -L
$ hcxdumptool -I YOUR_INTERFACE_NAME
$ hcxdumptool -v
$ hcxpcapngtool -v
and the entire command line you have used to start hcxdumptool

To figure out what's going on, please run hcxdumptool and hcxpcapngtool outside of wifite.

First we test hcxpcapngtool
Download dump file from here;
https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/wpa-Induction.pcap

convert it to a hc22000 file hashcat can work on:

$ hcxpcapngtool -o test.hc22000 wpa-Induction.pcap
hcxpcapngtool 6.3.1-108-g2f974b8 reading from wpa-Induction.pcap...

summary capture file
--------------------
file name................................: wpa-Induction.pcap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 04.01.2007 07:14:45
timestamp maximum (GMT)..................: 04.01.2007 07:15:26
duartion of the dump tool (seconds)......: 40
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianness (capture system)..............: little endian
packets inside...........................: 1093
frames with correct FCS..................: 1080
packets received on 2.4 GHz..............: 1093
WIRELESS DISTRIBUTION SYSTEM.............: 1
ESSID (total unique).....................: 2
BEACON (total)...........................: 398
BEACON on 2.4 GHz channel (from IE_TAG)..: 1 
PROBEREQUEST (undirected)................: 12
PROBEREQUEST (directed)..................: 1
PROBERESPONSE (total)....................: 26
DISASSOCIATION (total)...................: 1
AUTHENTICATION (total)...................: 2
AUTHENTICATION (OPEN SYSTEM).............: 2
ASSOCIATIONREQUEST (total)...............: 1
ASSOCIATIONREQUEST (PSK).................: 1
RESERVED MANAGEMENT frame................: 4
WPA encrypted............................: 280
EAPOL messages (total)...................: 4
EAPOL RSN messages.......................: 4
EAPOLTIME gap (measured maximum msec)....: 4
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 1
EAPOL M2 messages (total)................: 1
EAPOL M3 messages (total)................: 1
EAPOL M4 messages (total)................: 1
EAPOL M4 messages (zeroed NONCE).........: 1
EAPOL pairs (total)......................: 2
EAPOL pairs (best).......................: 1
EAPOL pairs written to 22000 hash file...: 1 (RC checked)
EAPOL M32E2 (authorized).................: 1
RSN PMKID (total)........................: 1
RSN PMKID (from zeroed PMK)..............: 1 (not converted by default options - use --all if needed)

frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
 2412: 1093	

Information: limited dump file format detected!
This file format is a very basic format to save captured network data.
It is recommended to use PCAP Next Generation dump file format (or pcapng for short) instead.
The PCAP Next Generation dump file format is an attempt to overcome the limitations
of the currently widely used (but very limited) libpcap (cap, pcap) format.
https://www.wireshark.org/docs/wsug_html_chunked/AppFiles.html#ChAppFilesCaptureFilesSection
https://github.com/pcapng/pcapng

Information: missing frames!
This dump file does not contain enough EAPOL M1 frames.
It always happens if the capture file was cleaned or
it could happen if filter options are used during capturing.
That makes it impossible to calculate nonce-error-correction values.
Duration of the dump tool was a way too short to capture enough additional information.


session summary
---------------
processed cap files...................: 1

Check the converted hash file:

$ cat test.hc22000
WPA*02*a462a7029ad5ba30b6af0df391988e45*000c4182b255*000d9382363a*436f6865726572*3e8e967dacd960324cac5b6aa721235bf57b949771c867989f49d04ed47c6933*0203007502010a00100000000000000000cdf405ceb9d889ef3dec42609828fae546b7add7baecbb1a394eac5214b1d386000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac020100000fac040100000fac020000*82

run hashcat to recover the PSK:

$ hashcat -m 22000 test.hc22000 -a 3 Induction
hashcat (v6.2.6-796-g632504d1b) starting

CUDA API (CUDA 12.2)
====================
* Device #1: NVIDIA GeForce GTX 1650, 3841/3903 MB, 16MCU

OpenCL API (OpenCL 3.0 CUDA 12.2.146) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce GTX 1650, skipped

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 1080 MB

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.           

a462a7029ad5ba30b6af0df391988e45:000c4182b255:000d9382363a:Coherer:Induction
                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: test.hc22000
Time.Started.....: Fri Oct 13 07:35:02 2023 (0 secs)
Time.Estimated...: Fri Oct 13 07:35:02 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: Induction [9]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:       41 H/s (0.63ms) @ Accel:64 Loops:256 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: Induction -> Induction
Hardware.Mon.#1..: Temp: 44c Util: 34% Core:1920MHz Mem:4001MHz Bus:8

Started: Fri Oct 13 07:35:00 2023
Stopped: Fri Oct 13 07:35:02 2023

If you got the PSK, hcxtools are working as expected:
a462a7029ad5ba30b6af0df391988e45:000c4182b255:000d9382363a:Coherer:Induction

Now test hcxdumptool:
stop all services that take access to the device
run hcxdumptool:
$ hcxdumptool -i YOUR_INTERFACENAME -F --rds=1 -w test.pcapng
Do you see APs on top split screen? Does a "+" appear in R or P or S or 1 or 3 column?
Do you see CLIENTs on bottom split screen? Does a "+" appear in E or 2 column?

If a "+" appeared in P, 3 or 2 column, stop hcxdumptool and convert the dump file:
$ hcxpcapngtool -o test.hc22000 test.pcapng

Please notice:
If wifite is running into a loop, it is neither a hcxdumptool nor a hcxtools problem.
It is more likely that wifite misinterprets the status of hcxpcapngtool and/or hcxdumptool.

I suggest to report wifite related problems to:
https://github.com/kimocoder/wifite2/issues

from hcxtools.

ZerBea avatar ZerBea commented on June 9, 2024

BTW:
If you start to learn wireless attacks it is not helpful to do this by an "all-in-one script".
I recommend to use all tools stand alone. Also I recommend to use tshark and/or Wireshark to discover how the tools acting with a target.

from hcxtools.

ZerBea avatar ZerBea commented on June 9, 2024

@kimocoder
Hi Christian. Added you, because it looks like wifite2 is involved, too.

from hcxtools.

kimocoder avatar kimocoder commented on June 9, 2024

Im looking

from hcxtools.

ZerBea avatar ZerBea commented on June 9, 2024

Great, thanks.

from hcxtools.

ZerBea avatar ZerBea commented on June 9, 2024

I ran several tests.
All hcxtools and hcxdumptool start as expected.
All hcxtools and hcxdumptool are working as expected.
Neither hcxtools nor hcxdumptool ends in an infinite loop.

Closed this report, because it is not a hcxtools bug.

from hcxtools.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.