wifite ends in an infinite loop

[DogothUr]

hey everyone, so im really new to wireless hacking and attacks, and i started using kali linux on a generic netbook and i've been dabbling into wifite a bit cracking my own wifi to get the hang of different kinds of attacks and just generally how it all works, and i've realized that when i installed hcxtools and hcxdumptools and tried to crack any network either in wps or wpa mode, i'd fail to see any users on the client list of my own wifi or any others, and all attacks on a network would fail eventually leaving a pmkid attack looping until i shut it down manually. is this an issue of my drivers compatibility? did i set up my tools incorrectly? i wanna know what im doing wrong and how i can fix it

[ZerBea]

Please comment some additional information, too:

$ lsusb (if the adapter is an USB adapter)
$ lspci (if the adapter is a PCIe card)
$ hcxdumptool -L
$ hcxdumptool -I YOUR_INTERFACE_NAME
$ hcxdumptool -v
$ hcxpcapngtool -v
and the entire command line you have used to start hcxdumptool

To figure out what's going on, please run hcxdumptool and hcxpcapngtool outside of wifite.

First we test hcxpcapngtool
Download dump file from here;
https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/wpa-Induction.pcap

convert it to a hc22000 file hashcat can work on:

$ hcxpcapngtool -o test.hc22000 wpa-Induction.pcap
hcxpcapngtool 6.3.1-108-g2f974b8 reading from wpa-Induction.pcap...

summary capture file
--------------------
file name................................: wpa-Induction.pcap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 04.01.2007 07:14:45
timestamp maximum (GMT)..................: 04.01.2007 07:15:26
duartion of the dump tool (seconds)......: 40
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianness (capture system)..............: little endian
packets inside...........................: 1093
frames with correct FCS..................: 1080
packets received on 2.4 GHz..............: 1093
WIRELESS DISTRIBUTION SYSTEM.............: 1
ESSID (total unique).....................: 2
BEACON (total)...........................: 398
BEACON on 2.4 GHz channel (from IE_TAG)..: 1 
PROBEREQUEST (undirected)................: 12
PROBEREQUEST (directed)..................: 1
PROBERESPONSE (total)....................: 26
DISASSOCIATION (total)...................: 1
AUTHENTICATION (total)...................: 2
AUTHENTICATION (OPEN SYSTEM).............: 2
ASSOCIATIONREQUEST (total)...............: 1
ASSOCIATIONREQUEST (PSK).................: 1
RESERVED MANAGEMENT frame................: 4
WPA encrypted............................: 280
EAPOL messages (total)...................: 4
EAPOL RSN messages.......................: 4
EAPOLTIME gap (measured maximum msec)....: 4
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 1
EAPOL M2 messages (total)................: 1
EAPOL M3 messages (total)................: 1
EAPOL M4 messages (total)................: 1
EAPOL M4 messages (zeroed NONCE).........: 1
EAPOL pairs (total)......................: 2
EAPOL pairs (best).......................: 1
EAPOL pairs written to 22000 hash file...: 1 (RC checked)
EAPOL M32E2 (authorized).................: 1
RSN PMKID (total)........................: 1
RSN PMKID (from zeroed PMK)..............: 1 (not converted by default options - use --all if needed)

frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
 2412: 1093	

Information: limited dump file format detected!
This file format is a very basic format to save captured network data.
It is recommended to use PCAP Next Generation dump file format (or pcapng for short) instead.
The PCAP Next Generation dump file format is an attempt to overcome the limitations
of the currently widely used (but very limited) libpcap (cap, pcap) format.
https://www.wireshark.org/docs/wsug_html_chunked/AppFiles.html#ChAppFilesCaptureFilesSection
https://github.com/pcapng/pcapng

Information: missing frames!
This dump file does not contain enough EAPOL M1 frames.
It always happens if the capture file was cleaned or
it could happen if filter options are used during capturing.
That makes it impossible to calculate nonce-error-correction values.
Duration of the dump tool was a way too short to capture enough additional information.


session summary
---------------
processed cap files...................: 1

Check the converted hash file:

$ cat test.hc22000
WPA*02*a462a7029ad5ba30b6af0df391988e45*000c4182b255*000d9382363a*436f6865726572*3e8e967dacd960324cac5b6aa721235bf57b949771c867989f49d04ed47c6933*0203007502010a00100000000000000000cdf405ceb9d889ef3dec42609828fae546b7add7baecbb1a394eac5214b1d386000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac020100000fac040100000fac020000*82

run hashcat to recover the PSK:

$ hashcat -m 22000 test.hc22000 -a 3 Induction
hashcat (v6.2.6-796-g632504d1b) starting

CUDA API (CUDA 12.2)
====================
* Device #1: NVIDIA GeForce GTX 1650, 3841/3903 MB, 16MCU

OpenCL API (OpenCL 3.0 CUDA 12.2.146) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce GTX 1650, skipped

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 1080 MB

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.           

a462a7029ad5ba30b6af0df391988e45:000c4182b255:000d9382363a:Coherer:Induction
                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: test.hc22000
Time.Started.....: Fri Oct 13 07:35:02 2023 (0 secs)
Time.Estimated...: Fri Oct 13 07:35:02 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: Induction [9]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:       41 H/s (0.63ms) @ Accel:64 Loops:256 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: Induction -> Induction
Hardware.Mon.#1..: Temp: 44c Util: 34% Core:1920MHz Mem:4001MHz Bus:8

Started: Fri Oct 13 07:35:00 2023
Stopped: Fri Oct 13 07:35:02 2023

If you got the PSK, hcxtools are working as expected:
a462a7029ad5ba30b6af0df391988e45:000c4182b255:000d9382363a:Coherer:Induction

Now test hcxdumptool:
stop all services that take access to the device
run hcxdumptool:
$ hcxdumptool -i YOUR_INTERFACENAME -F --rds=1 -w test.pcapng
Do you see APs on top split screen? Does a "+" appear in R or P or S or 1 or 3 column?
Do you see CLIENTs on bottom split screen? Does a "+" appear in E or 2 column?

If a "+" appeared in P, 3 or 2 column, stop hcxdumptool and convert the dump file:
$ hcxpcapngtool -o test.hc22000 test.pcapng

Please notice:
If wifite is running into a loop, it is neither a hcxdumptool nor a hcxtools problem.
It is more likely that wifite misinterprets the status of hcxpcapngtool and/or hcxdumptool.

I suggest to report wifite related problems to:
https://github.com/kimocoder/wifite2/issues

[ZerBea]

BTW:
If you start to learn wireless attacks it is not helpful to do this by an "all-in-one script".
I recommend to use all tools stand alone. Also I recommend to use tshark and/or Wireshark to discover how the tools acting with a target.

[ZerBea]

@kimocoder
Hi Christian. Added you, because it looks like wifite2 is involved, too.

[kimocoder]

Im looking

[ZerBea]

Great, thanks.

[ZerBea]

I ran several tests.
All hcxtools and hcxdumptool start as expected.
All hcxtools and hcxdumptool are working as expected.
Neither hcxtools nor hcxdumptool ends in an infinite loop.

Closed this report, because it is not a hcxtools bug.