Posts: 2
Threads: 1
Joined: Apr 2024
04-16-2024, 11:28 AM
Hello folks,
can somebody tell me how we can find hcxdumptool capture any handshake?
does it have any identifire or something?
for example in this:
CHA LAST R 1 3 P S MAC-AP ESSID (last seen on top) SCAN-FREQUENCY: 2437
-----------------------------------------------------------------------------------------
[ 11] 12:53:47 + 46a58d4560dd Mi 10T Lite
[ 11] 12:53:46 b6e7d329466d Electropack
[ 6] 12:53:46 + + d4a456ab46c4 camera_46c4
[ 2] 12:53:46 + 763d432151c0 POCO X5 Pro 5G
[ 1] 12:53:45 + + 46a2208ab29b MobinNet_E29A
Posts: 1,014
Threads: 2
Joined: Jun 2017
04-16-2024, 02:15 PM
(This post was last modified: 04-16-2024, 02:25 PM by ZerBea.)
Explanation:
Code:
[ 11] 12:53:47 + 46a58d4560dd Mi 10T Lite -> AP not in range
[ 11] 12:53:46 b6e7d329466d Electropack -> AP doesn't use a PSK
[ 6] 12:53:46 + + d4a456ab46c4 camera_46c4 -> AP does not respond to hcxdumptool's ASSOCIATIONREQUEST
[ 2] 12:53:46 + 763d432151c0 POCO X5 Pro 5G -> AP not in Range
[ 1] 12:53:45 + + 46a2208ab29b MobinNet_E29A -> AP does not respond to hcxdumptool's ASSOCIATIONREQUEST
Solution:
Improve your antenna or get closer to the targets.
The columns are explained in help menu:
Code:
$ hcxdumptool -h
--rds=<digit> : sort real time display
attack mode:
default: sort by time (last seen on top)
1 = sort by status (last PMKID/EAPOL on top)
scan mode:
1 = sort by PROBERESPONSE count
Columns:
R = + AP display : AP is in TX range or under attack
S = + AP display : AUTHENTICATION KEY MANAGEMENT PSK
P = + AP display : got PMKID hashcat / JtR can work on
1 = + AP display : got EAPOL M1 (CHALLENGE)
3 = + AP display : got EAPOL M1M2M3 or EAPOL M1M2M3M4 (AUTHORIZATION) hashcat / JtR can work on
E = + CLIENT display : got EAP-START MESSAGE
2 = + CLIENT display : got EAPOL M1M2 (ROGUE CHALLENGE) hashcat / JtR can work on
Posts: 2
Threads: 1
Joined: Apr 2024
(04-16-2024, 02:15 PM)ZerBea Wrote:
Thank you.
Posts: 1,014
Threads: 2
Joined: Jun 2017
04-17-2024, 11:56 AM
(This post was last modified: 04-17-2024, 11:57 AM by ZerBea.)
You're welcome.
BTW:
Some more information is here:
https://github.com/ZerBea/hcxdumptool/discussions/432
To monitor the entire traffic, you can always run tshark or Wireshark in parallel with hcxdumptool.
e.g. monitor outgoing packets:
https://github.com/ZerBea/hcxdumptool/discussions/395
Some systems are described here:
https://github.com/ZerBea/hcxdumptool/wiki
Some adapters are tested here:
https://github.com/ZerBea/hcxdumptool/discussions/361