Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue Outputting Essid, Identity, PMKID File #112

Closed
LunarMinecraft opened this issue Sep 17, 2019 · 12 comments
Closed

Issue Outputting Essid, Identity, PMKID File #112

LunarMinecraft opened this issue Sep 17, 2019 · 12 comments

Comments

@LunarMinecraft
Copy link

@LunarMinecraft LunarMinecraft commented Sep 17, 2019

Hi ZerBea, thanks for making the great tools.

Just been trying to output the data using the following command:

"hcxpcaptool -E essidlist -I identitylist -U usernamelist -z homeoutputs.16800 home.pcapng"

Here is the summary of capture file: https://pastebin.com/smFMTse7

Oddly, when I execute the command to output the data, it appears with no error. I made sure that my home.pcapng file is within the same folder I am in. The home.pcapng file includes multiple networks with PMKID, handshake, etc...

It does not create any of the files in the directory, it creates a file "home.pcapng-0"

I ended up figuring out if I then did the same command again but changed for the new file like so:

hcxpcaptool -E essidlist -I identitylist -U usernamelist -z homeoutputs.16800 home.pcapng

Then it would output my "essidlist" and "homeoutputs.16800" files.

Although, the identitylist and usernamelist still are not outputting, any idea what is the cause for this and what I may be doing wrong?

Thanks for taking the time to read.

@ZerBea

This comment has been minimized.

Copy link
Owner

@ZerBea ZerBea commented Sep 17, 2019

Summary looks like your home.pcapng is empty. Please attach it (zip compressed).

BTW:
If a pcapnag file with the same name exists, hcxdumptool append a sequential number
home.pcapng
home.pcapng-1
home.pcapng-2
home.pcapng-3

@LunarMinecraft

This comment has been minimized.

Copy link
Author

@LunarMinecraft LunarMinecraft commented Sep 17, 2019

Thanks for the response.

It is odd because it only appends the sequential number when I use hcxpcaptool command as shown above.

I attached a zip, in side is the home.pcapng generated from using hxcdumptool.

Also I attached "home.pcapng-0" which is generated from using hxcpcaptool on "home.pcapng"

Also I have included the output file "homeoutputs.16800" which is generated from using hxcpcaptool on "home.pcapng-0".

Hope this all makes sense to you, english is not my first language. Apologies if any mistakes in grammar.
home.zip

@ZerBea

This comment has been minimized.

Copy link
Owner

@ZerBea ZerBea commented Sep 17, 2019

home.pcapng is empty and contain no packets, but home.pcapng-0 looking good

$ hcxpcaptool -o test.hccapx -k test.16800 home.pcapng-0
reading from home.pcapng-0
summary capture file:
file name........................: home.pcapng-0
file type........................: pcapng 1.0
file hardware information........: x86_64
capture device vendor information: 00c0ca
file os information..............: Linux 5.2.0-kali2-amd64
file application information.....: hcxdumptool 5.2.2
network type.....................: DLT_IEEE802_11_RADIO (127)
endianness.......................: little endian
read errors......................: flawless
minimum time stamp...............: 17.09.2019 18:04:15 (GMT)
maximum time stamp...............: 17.09.2019 18:12:08 (GMT)
packets inside...................: 289
skipped damaged packets..........: 0
packets with GPS data............: 0
packets with FCS.................: 0
beacons (total)..................: 28
beacons (WPS info inside)........: 4
probe requests...................: 8
probe responses..................: 3
association requests.............: 31
association responses............: 26
reassociation requests...........: 1
reassociation responses..........: 1
authentications (OPEN SYSTEM)....: 40
authentications (BROADCOM).......: 39
authentications (NETGEAR)........: 1
EAPOL packets (total)............: 151
EAPOL packets (WPA2).............: 151
PMKIDs (not zeroed - total)......: 7
PMKIDs (WPA2)....................: 15
PMKIDs from access points........: 7
best handshakes (total)..........: 7 (ap-less: 7)
best PMKIDs (total)..............: 7

summary output file(s):
6 PMKID(s) written to test.16800
7 handshake(s) written to test.hccapx
message pair M12E2...............: 7

@LunarMinecraft

This comment has been minimized.

Copy link
Author

@LunarMinecraft LunarMinecraft commented Sep 17, 2019

Yes, this is what I noticed also when opening both files in wireshark to investigate the contents it appeared nothing with the first and the second one appeared. Very odd to me.

Is there any reason that would cause this?

Here are the exact commands I used as follows:

hcxdumptool -o home.pcapng -i wlan1 --enable_status 1 hcxpcaptool -E essidlist -I identitylist -U usernamelist -z homeoutputs.16800 home.pcapng

// Here it should have made file homeoutputs.16800, along with others, but it did not. Instead it created home.pcapng-0

Next I do
hcxpcaptool -E essidlist -I identitylist -U usernamelist -z homeoutputs.16800 home.pcapng-0

Then it appears with 'essidlist' file and 'homeoutputs.16800' file. Does not make identitylist or usernamelist, and any reason why I have to do hxcpcaptool twice with different files? I tried following instructions but thought these commands were correct. Thanks!

@ZerBea

This comment has been minimized.

Copy link
Owner

@ZerBea ZerBea commented Sep 17, 2019

Is there any reason that would cause this?
Yes, broken driver.
-I and -U lists are only filled, if the pcapng contain EAP or RADIUS data. If you didn't capture them, you will not get this lists.

@LunarMinecraft

This comment has been minimized.

Copy link
Author

@LunarMinecraft LunarMinecraft commented Sep 17, 2019

Oh this makes sense. I have not installed any driver with my card. I plugged in and worked, could put in monitor mode so I assumed everything was fine. Checked dkms status but no driver appeared. I will attempt to install driver and redo.

Thanks again for your help

@ZerBea

This comment has been minimized.

Copy link
Owner

@ZerBea ZerBea commented Sep 17, 2019

No problem, you're welcome.

@ZerBea ZerBea closed this Sep 17, 2019
@ZerBea

This comment has been minimized.

Copy link
Owner

@ZerBea ZerBea commented Sep 18, 2019

I took a closer look at the pcapng file and even though you run hcxpcaptool only for 8 minutes:
minimum time stamp...............: 17.09.2019 18:04:15 (GMT)
maximum time stamp...............: 17.09.2019 18:12:08 (GMT)
you captured a ten digit password:
packet 201 = ESSID
packet 202 = password
unfortunately you didn't capture a matching handshake, but the password is real and will open the network using this ESSID to which the client belongs.

@LunarMinecraft

This comment has been minimized.

Copy link
Author

@LunarMinecraft LunarMinecraft commented Sep 18, 2019

@ZerBea

This comment has been minimized.

Copy link
Owner

@ZerBea ZerBea commented Sep 18, 2019

Maybe not very surprising...
From README.md:
" hcxdumptool is able to capture passwords from the wlan traffic
(use hcxpcaptool -E to save them to file, together with networknames)"

@LunarMinecraft

This comment has been minimized.

Copy link
Author

@LunarMinecraft LunarMinecraft commented Sep 18, 2019

@ZerBea

This comment has been minimized.

Copy link
Owner

@ZerBea ZerBea commented Sep 18, 2019

-T : output management traffic information list
format = mac_sta:mac_ap:essid
-X : output client probelist
format: mac_sta:probed ESSID (autohex enabled)

will do this for you in human readable format.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.