- Penetration Testing Tools
- Kali Linux Tools Listing
- hcxdumptool
- hcxdumptool Description
- hcxdumptool Help
- hcxdumptool Usage Example
- How to install hcxdumptool
- com.s33me If You Want Some
- Sunday, December 30, 2018
- Kali Linux WiFite missing hcxpcaptool and hcxdumptool
- 11 comments:
- Инструменты Kali Linux
- Список инструментов для тестирования на проникновение и их описание
- hcxdumptool
- Описание hcxdumptool
- Справка по hcxdumptool
- Руководство по hcxdumptool
- Примеры запуска hcxdumptool
- Установка hcxdumptool
- Не могу установить hcxdumptool
- Установка hcxdumptool в Kali Linux:
- Установка hcxdumptool в Debian, Linux Mint, Ubuntu и их производные:
- Установка hcxdumptool kali linux 2020
- About
Penetration Testing Tools
Kali Linux Tools Listing
hcxdumptool
hcxdumptool Description
Small tool to capture packets from wlan devices.
- hcxdumptool is able to prevent complete wlan traffic
- hcxdumptool is able to capture PMKIDs from access points (only one single PMKID from an access point required)
- hcxdumptool is able to capture handshakes from not connected clients (only one single M2 from the client is required)
- hcxdumptool is able to capture handshakes from 5GHz clients on 2.4GHz (only one single M2 from the client is required)
- hcxdumptool is able to capture extended EAPOL (RADIUS, GSM-SIM, WPS)
- hcxdumptool is able to capture passwords from the wlan traffic
- hcxdumptool is able to capture plainmasterkeys from the wlan traffic
- hcxdumptool is able to capture usernames and identities from the wlan traffic
hcxdumptool Help
Do not use a logical interface and leave the physical interface in managed mode.
Do not use hcxdumptool in combination with aircrack-ng, reaver, bully or other tools which takes access to the interface.
Stop all services which takes access to the physical interface (NetworkManager, wpa_supplicant,…).
Do not use tools like macchanger, as they are useless, because hcxdumptool uses its own random mac address space.
hcxdumptool Usage Example
Use the wireless interface (-i wlp39s0f3u4u5), it will be automatically switched to monitor mode, save the captured frames to a pcapng file (-o output.pcapng), stay on each channel for 5 seconds (-t 5), show EAPOL messages and PROBEREQUEST/PROBERESPONSE (—enable_status=3):
How to install hcxdumptool
Installation on Kali Linux
Installation on BlackArch
Installation on Debian, Linux Mint, Ubuntu and their derivatives
Источник
com.s33me If You Want Some
Nothing fancy, just a personal repository of tech crap et. al.
Sunday, December 30, 2018
Kali Linux WiFite missing hcxpcaptool and hcxdumptool
/tar -xvzf curl-7.48.0.tar.gz
:
/sudo make install
11 comments:
this site is amazingly
thnx its working
ok i finish that but how i use that with wifite
many many thanx.
You downloaded curl-7.63.0.tar.gz not
curl-7.48.0.tar.gz
Sorry, but I just include the bare minimum for a particlar task. One must rely on «DuckDuckGoing» to search for the plethora of more involved tutorials on WiFite and aircrack.
hxcpcaptool is not in master.zip. Help
after downloading open the terminal and type,
cd hcxtools
apt install hcxtools
IT WILL DOWNLOAD hcxpcaptool
I downloaded it, build it with make and installed with make install . wifite still says it cannot find it. what the hell? I manually tried posting the executables in /usr/sbin and /usr/local/sbin and /usr/local/bin . where the hell is wifite looking for these executables.
We get this error when executing # wifite -kill
# [!] Warning: Recommended app hcxpcaptool was not found. install @ https://github.com/ZerBea/hcxtools
Reasons cause the developer have rename the file from «hcxpcaptool» to «hcxpcapngtool»
therefore a quick dirty fix it to do a symlink.
# ln -s /usr/local/bin/hcxpcapngtool /usr/local/bin/hcxpcaptool
Источник
Инструменты Kali Linux
Список инструментов для тестирования на проникновение и их описание
hcxdumptool
Описание hcxdumptool
hcxdumptool — это инструмент для захвата пакетов с wlan устройств.
- полная блокировка wlan трафика
- захват PMKID от точек доступа
- захват рукопожатий от не подключённых клиентов (требуется только один единичный M2 от клиента)
- захват рукопожатий от 5GHz клиентов на 4GHz (требуется только один единичный M2 от клиента)
- захват расширенных EAPOL (RADIUS, GSM-SIM, WPS)
- захват паролей из wlan трафика
- захват plainmasterkeys (мастер ключей в форме простого текста) из wlan трафика
- захват имён пользователей и паролей из wlan трафика
Справка по hcxdumptool
Руководство по hcxdumptool
Страница man отсутствует.
Не используйте логический интерфейс (monx, wlanxmon), а физический интерфейс оставьте в управляемом (managed) режиме.
Не используйте hcxdumptool в комбинации с aircrack-ng, reaver, bully или другими инструментами, которым требуется доступ к интерфейсу.
Остановите все службы, которым нужен доступ к физическому интерфейсу (NetworkManager, wpa_supplicant,…).
Не используйте инструменты вроде macchanger, они будут бесполезны, поскольку hcxdumptool использует своё собственное пространство случайных MAC-адресов.
Примеры запуска hcxdumptool
Использовать беспроводной интерфейс (-i wlp39s0f3u4u5) при этом он будет автоматически переведён в режим монитора, сохранять захваченные кадры в файл формата pcapng (-o output.pcapng), оставаться на каждом канале по 5 секунд (-t 5) включить показ сообщений о EAPOL и PROBEREQUEST/PROBERESPONSE (—enable_status=3):
Установка hcxdumptool
Установка в Kali Linux
Установка в BlackArch
Программа предустановлена в BlackArch.
Установка hcxdumptool в Debian, Linux Mint, Ubuntu и их производные
Информация об установке в другие операционные системы будет добавлена позже.
Источник
Не могу установить hcxdumptool
Привет! Не могу установить hcxdumptool, определяет ошибку
fatal error: openssl openssl/evp.h : Нет такого файла или каталога # include openssl/evp.h >
нужен совет. я в этом деле новичок. спасибо.
P.S. Извиняюсь если не в ту ветку.
Приветствую! На каком дистрибутиве возникла проблема?
Установка hcxdumptool в Kali Linux:
Установка hcxdumptool в Debian, Linux Mint, Ubuntu и их производные:
Kali Linux x64. ver. 2019.3
Все практически так и делал,
пишет невозможно найти пакет hcxdumptool
/hcxdumptool# make
cc -O3 -Wall -Wextra -std=gnu99 -o hcxpioff hcxpioff.c
cc -O3 -Wall -Wextra -std=gnu99 -o hcxdumptool hcxdumptool.c -lcrypto
hcxdumptool.c fatal error: openssl / evp.h : Нет такого файла или каталога
#include
^
compilation terminated.
make: *** [Makefile build] Ошибка 1
root@kali:
Вы всё делаете неправильно )))))
В Kali Linux эта программа уже присутствует в стандартных репозиториях.
Сначала обновляем кэш пакетов из в репозитории:
А затем просто устанавливаем из стандартного репозитория:
# sudo apt update
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
Все пакеты имеют последние версии.
root@kali:
# sudo apt install hcxdumptool
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
E: Невозможно найти пакет hcxdumptool
root@kali:
я уже руками добавил в usr/include/openssl файл / evp.h , появилась ошибка
/hcxdumptool# make
cc -O3 -Wall -Wextra -std=gnu99 -o hcxpioff hcxpioff.c
cc -O3 -Wall -Wextra -std=gnu99 -o hcxdumptool hcxdumptool.c -lcrypto
In file included from hcxdumptool.c
/usr/include/openssl/evp.h fatal error: openssl/opensslconf.h: Нет такого файла или каталога
# include
^
compilation terminated.
make: *** [Makefile build] Ошибка 1
root@kali:
Источник
Установка hcxdumptool kali linux 2020
Small tool to capture packets from wlan devices and detect weak point within own WiFi networks. After capturing, upload the «uncleaned» pcapng file here https://wpa-sec.stanev.org/?submit to see if your ACCESS POINT or the CLIENT is vulnerable by using common wordlists. To reduce dump file size, gzip (.gz) compression is supported. Convert the pcapng file to WPA-PBKDF2-PMKID+EAPOL hashline (22000) with hcxpcapngtool (hcxtools) and check if PreSharedKey or PlainMasterKey was transmitted unencrypted.
Stand-alone binaries — designed to run on Arch Linux, but other Linux distributions should work, too.
Capture format pcapng is compatible to Wireshark and tshark.
Read this post: hcxtools — solution for capturing wlan traffic and conversion to hashcat formats (https://hashcat.net/forum/thread-6661.html)
Read this post: New attack on WPA/WPA2 using PMKID (https://hashcat.net/forum/thread-7717.html)
Unsupported: Windows OS, macOS, Android, emulators or wrappers and NETLINK!
| Tool | Description |
|---|---|
| hcxdumptool | Tool to run several tests to determine if ACCESS POINTs or CLIENTs are vulnerable |
| hcxpioff | Turns Raspberry Pi off via GPIO switch |
hcxdumptool -> hcxpcapngtool -> hcxhashtool (additional hcxpsktool/hcxeiutool) -> hashcat or JtR
hcxdumptool: attack and capture everything (depending on options)
hcxpcapngtool: convert everything
hcxhashtool: filter hashes
hcxpsktool: get weak PSK candidates
hcxeiutool: calculate wordlists from ESSID
hashcat or JtR: get PSK from hash
Solve dependencies (Debian based distributions: KALI, UBUNTU, . )
You need to install missing dependencies before running make :
Or install via packet manager
Arch Linux pacman -S hcxtools
Black Arch is an Arch Linux-based penetration testing distribution for penetration testers and security researchers
pacman -S hcxtools
Compile for Android
Android NDK installed in your system and in path variable
This repository cloned with all submodules ( —recursive flag in git clone or git submodules update command run)
Just run ndk-build — built executables for some architectures should be created inside libs directory. Copy it to your phone and enjoy.
Operatingsystem: Arch Linux (strict), Kernel >= 5.4 (strict). It may work on other Linux systems (notebooks, desktops) and distributions, too (no support for other distributions, no support for other operating systems).
Chipset must be able to run in monitor mode and driver must support monitor mode as well as full packet injection. Recommended: MEDIATEK (MT7601) or RALINK (RT2870, RT3070, RT5370) chipset
gcc 10 recommended (deprecated versions are not supported: https://gcc.gnu.org/)
libopenssl and openssl-dev installed
Raspberry Pi A, B, A+, B+, Zero (WH). (Recommended: Zero (WH) or A+, because of a very low power consumption), but notebooks and desktops may work, too.
GPIO hardware mod recommended (push button and LED).
to allow 5GHz packet injection, it is mandatory to uncomment a regulatory domain that support this: /etc/conf.d/wireless-regdom
If you decide to compile latest git head, make sure that your distribution is updated on latest version.
hcxdumptool need full (monitor mode and full packet injection running all packet types) and exclusive access to the adapter! Otherwise it will not start!
The driver must support monitor mode and full packet injection, as well as ioctl() system calls!
Virtual Netlink (libnl) interfaces are not supported!
Get information about VENDOR, model, chipset and driver here: https://wikidevi.wi-cat.ru/
Manufacturers do change chipsets without changing model numbers. Sometimes they add (v)ersion or (rev)vision.
This list is for information purposes only and should not be regarded as a binding presentation of the products:
| VENDOR MODEL | ID |
|---|---|
| ALLNET ALL-WA0150N | ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter |
| SEMPRE WU150-1 | ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter |
| TP-LINK Archer T2UH | ID 148f:761a Ralink Technology, Corp. MT7610U («Archer T2U» 2.4G+5G WLAN Adapter) |
| ASUS USB-AC51 | ID 0b05:17d1 ASUSTek Computer, Inc. AC51 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U] |
| ALFA AWUS036ACM | ID 0e8d:7612 MediaTek Inc. MT7612U 802.11a/b/g/n/ac Wireless Adapter |
| CSL 300MBit 300649 | ID 148f:5572 Ralink Technology, Corp. RT5572 Wireless Adapter |
| EDIMAX EW-7711UAN | ID 7392:7710 Edimax Technology Co., Ltd |
| TENDA W311U+ | ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter |
| ALFA AWUS036H | ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter |
| ALFA AWUS036NH | ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter |
| LogiLink WL0151 | ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter |
| WiFi N (noname) | ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter |
| TP-Link TL-WN722N v1 | ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n Partly driver freezes and overheating problems |
| TP-Link TL-WN722N v2/v3 | ID 2357:010c TP-Link TL-WN722N v2/v3 [Realtek RTL8188EUS] Recommended driver: https://github.com/kimocoder/realtek_rtwifi |
| LogiLink WL0151A | ID 0bda:8179 Realtek Semiconductor Corp. RTL8188EUS 802.11n Wireless Network Adapter Recommended driver: https://github.com/kimocoder/realtek_rtwifi |
| ALFA AWUS036ACH | ID 0bda:8812 Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter Required driver: https://github.com/aircrack-ng/rtl8812au — interface must be set to monitor mode manually using iw before starting hcxdumptool |
Always verify the actual chipset with ‘lsusb’ and/or ‘lspci’!
Due to a bug in xhci subsystem other devices may not work at the moment:
https://bugzilla.kernel.org/show_bug.cgi?id=202541
Third party drivers may not compile or work as expected on latest kernels
No support for a third party driver which is not part of the official kernel (https://www.kernel.org/)
Report related issues to the site, from which you downloaded the driver
No support for a driver which doesn’t support monitor and packet injection, native
If you need this features, do a request on www.kernel.org
Not recommended WiFi chipsets:
Intel PRO/Wireless (due to MICROCODE issues)
Broadcom (neither monitor mode nor frame injection)
Realtek RTL8811AU, RTL8812AU, RTL 8814AU (due to NETLINK dependency)
The best high frequency amplifier is a good antenna!
It is much better to achieve gain using a good antenna instead of increasing transmitter power.
| VENDOR MODEL | TYPE |
|---|---|
| LOGILINK WL0097 | grid parabolic |
| TP-LINK TL-ANT2414 A/B | panel |
| LevelOne WAN-1112 | panel |
| DELOCK 88806 | panel |
| TP-LINK TL-ANT2409 A | panel |
| VENDOR MODEL | TYPE |
|---|---|
| NAVILOCK NL-701US | USB |
| JENTRO BT-GPS-8 activepilot | BLUETOOTH |
| Script | Description |
|---|---|
| bash_profile | Autostart for Raspberry Pi (copy to /root/.bash_profile) |
| pireadcard | Back up a Pi SD card |
| piwritecard | Restore a Pi SD card |
| makemonnb | Example script to activate monitor mode |
| killmonnb | Example script to deactivate monitor mode |
Hardware mod — see docs gpiowait.odg (hcxdumptool)
LED flashes 5 times if hcxdumptool successfully started
LED flashes every 5 seconds if everything is fine and signals are received
LED flashes twice, if no signal received during the last past 5 seconds
Press push button at least > 5 seconds until LED turns on (also LED turns on if hcxdumptool terminates)
Green ACT LED flashes 10 times
Raspberry Pi turned off and can be disconnected from power supply
Do not use hcxdumptool and hcxpioff together!
Hardware mod — see docs gpiowait.odg (hcxpioff)
LED flashes every 5 seconds 2 times if hcxpioff successfully started
Press push button at least > 5 seconds until LED turns on
Green ACT LED flashes 10 times
Raspberry Pi turned off safely and can be disconnected from power supply
first run hcxdumptool -i interface —do_rcascan at least for 30 seconds
to determine that the driver support monitor mode and required ioctl() calls,
to determine that the driver support full packet injection,
to retrieve information about access points and
to determine which access points are in attack range.
pcapng option codes (Section Header Block)
ENTERPRISE NUMBER 0x2a, 0xce, 0x46, 0xa1
MAGIC NUMBER 0x2a, 0xce, 0x46, 0xa1, 0x79, 0xa0, 0x72, 0x33,
OPTIONCODE_MACMYORIG 0xf29a (6 byte)
OPTIONCODE_MACMYAP 0xf29b (6 byte)
OPTIONCODE_RC 0xf29c (8 byte)
OPTIONCODE_ANONCE 0xf29d (32 byte)
OPTIONCODE_MACMYSTA 0xf29e (6 byte)
OPTIONCODE_SNONCE 0xf29f (32 byte)
OPTIONCODE_WEAKCANDIDATE 0xf2a0 (64 byte) == 63 characters + zero
OPTIONCODE_GPS 0xf2a1 (max 128 byte)
You must use hcxdumptool only on networks you have permission to do this, because:
hcxdumptool is able to prevent complete wlan traffic (depend on selected options)
hcxdumptool is able to capture PMKIDs from access points (only one single PMKID from an access point required) (use hcxpcapngtool to convert them to a format hashcat and/Or JtR understand)
hcxdumptool is able to capture handshakes from not connected clients (only one single M2 from the client is required) (use hcxpcapngtool to convert them to a format hashcat and/Or JtR understand)
hcxdumptool is able to capture handshakes from 5GHz clients on 2.4GHz (only one single M2 from the client is required) (use hcxpcapngtool to to a format hashcat and/Or JtR understand)
hcxdumptool is able to capture passwords from the wlan traffic (use hcxpcapngtool -E to save them to file, together with networknames)
hcxdumptool is able to request and capture extended EAPOL (RADIUS, GSM-SIM, WPS) (hcxpcapngtool will show you information about them)
hcxdumptool is able to capture identities from the wlan traffic (for example: request IMSI numbers from mobile phones — use hcxpcapngtool -I to save them to file)
hcxdumptool is able to capture usernames from the wlan traffic (for example: user name of a server authentication — use hcxpcapngtool -U to save them to file)
Do not use a logical interface and leave the physical interface in managed mode
Do not use hcxdumptool in combination with aircrack-ng, reaver, bully or other tools which take access to the interface
Stop all services which take access to the physical interface (NetworkManager, wpa_supplicant. )
Do not use tools like macchanger, as they are useless, because hcxdumptool uses its own random mac address space
About
Small tool to capture packets from wlan devices.
Источник
