FYI.
Since this commit: https://github.com/ZerBea/hcxtools/commit/a47385540561958bae640494ea029e369e96d21f hcxpsktool should calculate the PSKs.
Smartcom Ralink routers - weak default WiFi password generation algorithm
- Thread starter freeroute
- Start date
FYI.
Since this commit: https://github.com/ZerBea/hcxtools/commit/a47385540561958bae640494ea029e369e96d21f hcxpsktool should calculate the PSKs.
Bash:
freeroute@Orion-Nebula:~$ hcxpsktool -h
hcxpsktool 6.3.5-17-gad27da5 (C) 2024 ZeroBeat
usage:
hcxpsktool <options>
options:
-c <file> : input PMKID/EAPOL hash file (hashcat -m 22000/22001)
-i <file> : input EAPOL hash file (hashcat -m 2500/2501)
-j <file> : input EAPOL hash file (john)
-z <file> : input PMKID hash file (hashcat -m 16800/16801 and john)
-e <char> : input ESSID
-b <xdigit> : input MAC access point
format: 112233445566
-o <file> : output PSK file
default: stdout
output list must be sorted unique!
-h : show this help
-v : show version
--maconly : print only candidates based on ACCESS POINT MAC
--noessidcombination: exclude ESSID combinations
--netgear : include weak NETGEAR / ORBI / NTGR_VMB / ARLO_VMB / FoxtelHub candidates
--spectrum : include weak MySpectrumWiFi / SpectrumSetup / MyCharterWiFi candidates
list will be > 2.2GB
--digit10 : include weak 10 digit candidates (INFINITUM, ALHN, INEA, VodafoneNet, VIVACOM)
list will be > 1GB
--phome : include weak PEGATRON / Vantiva candidates (CBCI, HOME, [SP/XF]SETUP)
list will be > 2.9GB
--tenda : include weak Tenda / NOVA / NOVE / BrosTrend candidates
--ee : include weak 5GHz-EE / BrightBox / EE / EE-BrightBox candidates
list will be > 1.3GB
--eeupper : include weak EE-Hub candidates
list will be > 3.8GB
--alticeoptimum : include weak Altice/Optimum candidates (MyAltice, MyOptimum)
list will be > 4.6GB
--asus : include weak ASUS RT-AC candidates (ASUS_XX, RT-AC)
--weakpass : include weak password candidates
--eudate : include complete european dates
--usdate : include complete american dates
--wpskeys : include complete WPS keys
--egn : include Bulgarian EGN
--simple : include simple pattern
--help : show this help
--version : show version
if hcxpsktool recovered your password, you should change it immediately!https://github.com/ZerBea/hcxtools/issues/192#issuecomment-879179670
Recommendation of the developer of hcxtools/hcxdump.
"All hcxtools can be controlled via bash scripts. That makes a lot of things easier. :)
I recommend a small bash script like this 2 examples:"
"All hcxtools can be controlled via bash scripts. That makes a lot of things easier. :)
I recommend a small bash script like this 2 examples:"
Bash:
#!/bin/bash
TMPDIR=`mktemp -d`
cd $TMPDIR
hcxhashtool -i hashfile.22000 --essid-part=NETGEAR --essid-len=9' -o test.22000
if [ -s "test.22000" ]
then
hcxpsktool -c test.22000 --netgear | hashcat -m 22000 --stdin-timeout-abort=600 --nonce-error-corrections=8 test.22000
rm test.22000
fi
cd ~
rm -r $TMPDIR
Bash:
#!/bin/bash
TMPDIR=`mktemp -d`
cd $TMPDIR
hcxhashtool -i hashfile.22000 --essid-part='ATT-WIFI-' -o test.22000
if [ -s "test.22000" ]
then
hcxhashtool -i test.22000 -E essid.list
while read LINE
do
echo "$LINE";
hcxhashtool -i test.22000 --essid="$LINE" -o testline.22000
hcxpsktool -c testline.22000 --noessidcombination | hashcat -m 22000 --stdin-timeout-abort=600 --nonce-error-corrections=8 testline.22000
rm testline.22000
done < essid.list
rm essid.list
rm test.22000
fi
cd ~
rm -r $TMPDIR