Skip to content
Permalink
Browse files

hcxpcaptool: added new option -M to collect IMSI numbers

  • Loading branch information...
ZerBea committed Mar 18, 2019
1 parent d499528 commit e1ca41601f635076b824fffc722004bb7890c767
Showing with 125 additions and 13 deletions.
  1. +2 −0 changelog
  2. +52 −3 hcxpcaptool.c
  3. +71 −10 manpages/hcxpcaptool.1
@@ -1,6 +1,8 @@
18.03.2019
==========
wlancap2wpasec: added man 1 page
hcxpcaptool: added new option -M to collect IMSI numbers
-M <file> : output unsorted IMSI number list


17.03.2019
@@ -64,6 +64,7 @@
#define HCXT_GPX_OUT 'g'
#define HCXT_IDENTITY_OUT 'I'
#define HCXT_USERNAME_OUT 'U'
#define HCXT_IMSI_OUT 'M'
#define HCXT_PMK_OUT 'P'
#define HCXT_VERBOSE_OUT 'V'
#define HCXT_HELP 'h'
@@ -192,8 +193,6 @@ static int hour = 0;
static int minute = 0;
static int second = 0;



char *hexmodeoutname;
char *hccapxbestoutname;
char *hccapxrawoutname;
@@ -209,6 +208,7 @@ char *gpxoutname;
char *pmkoutname;
char *identityoutname;
char *useroutname;
char *imsioutname;
char *netntlm1outname;
char *md5outname;
char *md5johnoutname;
@@ -259,6 +259,7 @@ gpxoutname = NULL;
pmkoutname = NULL;
identityoutname = NULL;
useroutname = NULL;
imsioutname = NULL;
netntlm1outname = NULL;
md5outname = NULL;
md5johnoutname = NULL;
@@ -1743,6 +1744,47 @@ if(identityoutname != NULL)
return;
}
/*===========================================================================*/
void outlistimsi(uint32_t idlen, uint8_t *packet)
{
FILE *fhoutlist = NULL;
uint32_t idcount = 5;

if(idlen <= idcount)
{
return;
}

if((packet[idcount] == 0) && (idlen > idcount +1))
{
idcount++;
if((packet[idcount] == 0) && (idlen <= idcount +1))
{
return;
}
}
if((idlen -idcount) < 17)
{
return;
}
if(packet[idcount] != '0')
{
return;
}
if(packet[idcount +16] != '@')
{
return;
}
if(imsioutname != NULL)
{
if((fhoutlist = fopen(imsioutname, "a+")) != NULL)
{
fwriteessidstr(15, (packet +idcount +1), fhoutlist);
fclose(fhoutlist);
}
}
return;
}
/*===========================================================================*/
void addtacacsp(uint8_t version, uint8_t sequencenr, uint32_t sessionid, uint32_t len, uint8_t *data)
{
tacacspl_t *zeiger;
@@ -3325,6 +3367,7 @@ if(exeap->exttype == EAP_TYPE_ID)
if(eaplen != 0)
{
outlistidentity(eaplen, packet +EAPAUTH_SIZE);
outlistimsi(eaplen, packet +EAPAUTH_SIZE);
}
}
else if(exeap->exttype == EAP_TYPE_LEAP)
@@ -5078,6 +5121,7 @@ printf("%s %s (C) %s ZeroBeat\n"
" : format: mac_sta:probed ESSID (autohex enabled)\n"
"-I <file> : output unsorted identity list\n"
"-U <file> : output unsorted username list\n"
"-M <file> : output unsorted IMSI number list\n"
"-P <file> : output possible WPA/WPA2 plainmasterkey list\n"
"-T <file> : output management traffic information list\n"
" : european date : timestamp : mac_sta : mac_ap : essid\n"
@@ -5140,7 +5184,7 @@ char *gpxhead = "<?xml version=\"1.0\"?>\n"

char *gpxtail = "</gpx>\n";

static const char *short_options = "o:O:z:j:J:E:X:I:U:P:T:g:H:Vhv";
static const char *short_options = "o:O:z:j:J:E:X:I:U:M:P:T:g:H:Vhv";
static const struct option long_options[] =
{
{"nonce-error-corrections", required_argument, NULL, HCXT_REPLAYCOUNTGAP},
@@ -5282,6 +5326,11 @@ while((auswahl = getopt_long (argc, argv, short_options, long_options, &index))
verboseflag = true;
break;

case HCXT_IMSI_OUT:
imsioutname = optarg;
verboseflag = true;
break;

case HCXT_PMK_OUT:
pmkoutname = optarg;
verboseflag = true;
@@ -23,20 +23,81 @@ furnished to do so. License MIT
.TP
.B Common options:
.TP
.I -c <file>
output cap file
.I -o <file>
output hccapx file (hashcat -m 2500/2501)
.TP
.I --pmkid=<file>
input PMKID hash file
.I -O <file>
output raw hccapx file (hashcat -m 2500/2501)
.TP
.I --hccapx=<file>
input hashcat hccapx file
.I -z <file>
output PMKID file (hashcat hashmode -m 16800)
.TP
.I --hccap=<file>
input hashcat hccap file
.I -j <file>
output john WPAPSK-PMK file (john wpapsk-opencl)
.TP
.I --john=<file>
input John the Ripper WPAPSK hash file
.I -J <file>
output raw john WPAPSK-PMK file (john wpapsk-opencl)
.TP
.I -E <file>
output wordlist (autohex enabled) to use as input wordlist for cracker
.TP
.I -X <file>
output client probelist
.TP
.I -I <file>
output unsorted identity list
.TP
.I -U <file>
output unsorted username list
.TP
.I -M <file>
output unsorted IMSI number list
.TP
.I -P <file>
output possible WPA/WPA2 plainmasterkey list
.TP
.I -T <file>
output management traffic information list
.I -g <file>
output GPS file
.TP
.I -V
verbose (but slow) status output
.TP
.B Other options:
.TP
.I --time-error-corrections=<digit>
maximum allowed time gap (default: 600s)
.TP
.I --nonce-error-corrections=<digit>
maximum allowed nonce gap (default: 8)
.TP
.I --netntlm-out=<file>
output netNTLMv1 file (hashcat -m 5500, john netntlm)
.TP
.I --md5-out=<file>
output MD5 challenge file (hashcat -m 4800)
.TP
.I --md5-john-out=<file>
output MD5 challenge file (john chap)
.TP
.I --tacacsplus-out=<file>
output TACACS+ authentication file (hashcat -m 16100, john tacacs-plus)
.TP
.I --eapol-out=<file>
output EAPOL packets in hex
.TP
.I --network-out=<file>
output network information
.TP
.I --hexdump-out=<file>
output dump raw packets in hex
.TP
.I --hccap-out=<file>
output old hccap file (hashcat -m 2500)
.TP
.I --hccap-raw-out=<file>
output raw old hccap file (hashcat -m 2500)
.TP
.I -h or --help
show help screen

0 comments on commit e1ca416

Please sign in to comment.
You can’t perform that action at this time.