Thanks.

Here's what I've got so far:

Pushed in latest commit.

from wifite2.

I'm looking to add a --crack option that, given an existing handshake, would:

1. Generate all required files (creating .hccapx and .hccap files from the .cap)
2. Provide commands to crack the handshake in various crackers (aircrack, pyrit, oclhashcat, etc).

Using oclhashcat on a .hccapx file: https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
john on a .hccap file: http://openwall.info/wiki/john/WPA-PSK

from wifite2.

anything?

from wifite2.

yeah i know how to do it, but just thought it would be great if this tool could automate it for me, rather than having to do it all manually.
Thanks for looking into the suggestion, keep up the good work..

from wifite2.

Oh, I linked to those tutorials for my own reference when adding the feature.

I can't find any way to convert .cap files to .hccapx needed by hashcat using Kali Rolling. From https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 :

The cap2hccapx utility and hcxtools are still very new.
At this writing, Kali has not yet updated from hccap to hccapx.

There's a website to convert .cap to .hccapx: https://hashcat.net/cap2hccapx/

...But that's not very automated.

I can create hccap files (not hccapX) using aircrack-ng's -J option:

% aircrack-ng -J hccap_file regular_cap_file.cap
% ls
`hccapfile.hccap`    `regular_cap_file.cap`

...But I don't know if hashcat accepts this format. Trying to run it in my VM:

root@kali:/tmp# hashcat -m 2500 hccapfile.hccap /usr/share/wordlists/fern-wifi/common.txt
hashcat (v3.5.0) starting...
clGetDeviceIDs(): CL_DEVICE_NOT_FOUND
clGetDeviceIDs(): CL_DEVICE_NOT_FOUND
No devices found/left.

Do you know:

1. If aircrack-ng's hccap files work with hashcat?
2. If not, do you know how to generate hccapx files in vanilla Kali Rolling?

from wifite2.

I'm not near a PC so will have a look over the weekend..

from wifite2.

Some other ideas I had:

1. During --crack, ask user how they want to crack (aircrack, pyrit, etc), and run the appropriate command.
   • The script can't detect CUDA/OPENGL so this probably isn't very efficient...
   • And this makes the tool ask a lot of questions which might be frustrating for users.
2. When handshake is captured, provide all available cracking commands, but don't actually try to crack.
   • Good for quickly-capturing WPA handshakes (i.e. you'll crack 'em later)
   • But it could miss out on easily-guessed passwords that could be guessed within a minute (e.g. Fern Wifi Cracker's common.txt).

I'm open to other suggestions.

from wifite2.

i like the new idea, what about --crack and then sub options the user can choose e.g
--crack cpu
--crack cuda
--crack opengl

this would then use that for future GPU requests

also i like the crack em later option just to grab handshakes
e.g
--crack later , just get handshakes
--crack quick - would do the quick fern check and then skip

from wifite2.

tonight i'll try to fire up my kali on my main PC with GPU, as i am using VM on laptop at the moment. try to give you some results on the hashcat output

from wifite2.

My own reminder
https://hashcat.net/forum/thread-6150.html

from wifite2.

hashcat -m 2500 /usr/share/wordlists/fern-wifi/common.txt hccap.hccap
hashcat (v3.5.0) starting...

• Device #1: This hardware has outdated CUDA compute capability (3.0).
  For modern OpenCL performance, upgrade to hardware that supports
  CUDA compute capability version 5.0 (Maxwell) or higher.
• Device #1: WARNING! Kernel exec timeout is not disabled.
  This may cause "CL_OUT_OF_RESOURCES" or related errors.
  To disable the timeout, see: https://hashcat.net/q/timeoutpatch
• Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
  You can use --force to override, but do not report related errors.
  OpenCL Platform #1: NVIDIA Corporation
  ======================================
• Device #1: GeForce GTX 650, 245/980 MB allocatable, 2MCU

OpenCL Platform #2: The pocl project

• Device #2: pthread-Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, skipped.

Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature
No hashes loaded.

Started: Mon May 29 21:43:47 2017
Stopped: Mon May 29 21:43:47 2017

from wifite2.

Crap. Looks like it needs a .hccapx file, not .hccap

I guess newer versions of hashcat are not backwards-compatible with the old .hccap file format.

I'll look into the hccapx format and see if Wifite can generate these files... that would be a lot of work, and it's hard for me to test hashcat in a VM (no direct access to GPU).

Maybe it should just check if cap2hccapx exists and provide that as an option.

from wifite2.

actually re-reading that error i think its incorrect sytax going into hashcat.. its trying to use common.txt as the hashfile....

`root@KALI-PC:~/apps/wifite2# hashcat -m 2500 hccap.hccap /usr/share/wordlists/fern-wifi/common.txt
hashcat (v3.5.0) starting...

• Device #1: This hardware has outdated CUDA compute capability (3.0).
  For modern OpenCL performance, upgrade to hardware that supports
  CUDA compute capability version 5.0 (Maxwell) or higher.
• Device #1: WARNING! Kernel exec timeout is not disabled.
  This may cause "CL_OUT_OF_RESOURCES" or related errors.
  To disable the timeout, see: https://hashcat.net/q/timeoutpatch
• Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
  You can use --force to override, but do not report related errors.
  OpenCL Platform #1: NVIDIA Corporation
  ======================================
• Device #1: GeForce GTX 650, 245/980 MB allocatable, 2MCU

OpenCL Platform #2: The pocl project

• Device #2: pthread-Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, skipped.

hccap.hccap: Old hccap format detected! You need to update: https://hashcat.net/q/hccapx

Started: Tue May 30 19:01:50 2017
Stopped: Tue May 30 19:01:50 2017
root@KALI-PC:~/apps/wifite2#
`

from wifite2.

obviously when cracking i would use a larger dictionary

for cap to hccapx i did

git clone https://github.com/hashcat/hashcat-utils.git
cd src
make

./cap2hccapx.bin ~/apps/wifite2/hs/handshake_XXXXXXXXXXXXXXXXXXXXXXXXXxxxxx. cap ~/apps/wifite2/OUTPUT.hccapx

then

`hashcat -m 2500 OUTPUT.hccapx /usr/share/wordlists/fern-wifi/common.txt
hashcat (v3.5.0) starting...

• Device #1: This hardware has outdated CUDA compute capability (3.0).
  For modern OpenCL performance, upgrade to hardware that supports
  CUDA compute capability version 5.0 (Maxwell) or higher.
• Device #1: WARNING! Kernel exec timeout is not disabled.
  This may cause "CL_OUT_OF_RESOURCES" or related errors.
  To disable the timeout, see: https://hashcat.net/q/timeoutpatch
• Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
  You can use --force to override, but do not report related errors.
  OpenCL Platform #1: NVIDIA Corporation
  ======================================
• Device #1: GeForce GTX 650, 245/980 MB allocatable, 2MCU

OpenCL Platform #2: The pocl project

• Device #2: pthread-Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, skipped.

Hashes: 3 digests; 2 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:

• Zero-Byte
• Single-Salt
• Slow-Hash-SIMD

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Watchdog: Temperature retain trigger disabled.

• Device #1: build_opts '-I /usr/share/hashcat/OpenCL -D VENDOR_ID=32 -D CUDA_ARCH=300 -D VECT_SIZE=1 -D DEVICE_TYPE=4 -D DGST_R0=0 -D DGST_R1=1 -D DGST_R2=2 -D DGST_R3=3 -D DGST_ELEM=4 -D KERN_TYPE=2500 -D _unroll -cl-std=CL1.2'

• Device #1: Kernel m02500.b2d3218c.kernel not found in cache! Building may take a while...

• Device #1: Kernel amp_a0.b2d3218c.kernel not found in cache! Building may take a while...

Dictionary cache built:

• Filename..: /usr/share/wordlists/fern-wifi/common.txt
• Passwords.: 478
• Bytes.....: 4098
• Keyspace..: 478

• Device #1: autotuned kernel-accel to 22
• Device #1: autotuned kernel-loops to 23
  [s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => The wordlist or mask that you are using is too small.
  This means that hashcat cannot use the full parallel power of your device(s).
  Unless you supply more work, your cracking speed will drop.
  For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA/WPA2
Hash.Target......: OUTPUT.hccapx
Time.Started.....: Tue May 30 19:13:24 2017 (0 secs)
Time.Estimated...: Tue May 30 19:13:24 2017 (0 secs)
Guess.Base.......: File (/usr/share/wordlists/fern-wifi/common.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 1370 H/s (0.47ms)
Recovered........: 0/2 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 478/478 (100.00%)
Rejected.........: 327/478 (68.41%)
Restore.Point....: 478/478 (100.00%)
Candidates.#1....: admin123 -> XLSERVER
HWMon.Dev.#1.....: N/A

Started: Tue May 30 19:13:20 2017
Stopped: Tue May 30 19:13:24 2017
root@KALI-PC:~/apps/wifite2#
`

from wifite2.

so i would also have an option to choose the wordlist the user wants to use to crack in hashcat etc.

from wifite2.

You should be able to specify the wordlist using the --dict option, e.g.

./Wifite.py --crack --dict /path/to/a/wordlist.txt

I'll look at swapping the order of hccapx and the wordlist in the hashcat command.

from wifite2.

1. Confirmed that --dict allows specifying the path to the wordlist.

2. I "installed" cap2hccapx but it doesn't actually install the binary into /usr/bin; the make command generates cap2hccapx.bin in the cwd of wherever the source for hashcat-utils is.

This means Wifite has no standard way of discovering the location of the cap2hccapx binary.

The commit above looks for cap2hccapx via the which cap2hccapx command. So if/when the Hashcat team make hashcat-utils installable (and/or the Kali team makes this script available in /usr/bin), the --crack option will provide the appropriate commands.

Until then, if cap2hccapx isn't found, the --crack option tells the user how to generate the hccapx file via the website:

  # OCLHASHCAT: GPU-based cracking. Fast.
  # Visit https://hashcat.net/cap2hccapx to generate a .hccapx file
  # Browse -> /root/wifite2/hs/handshake_essid_mac_address_2017-05-15T23-21-07.cap -> Convert
  hashcat -m 2500 generated.hccapx /usr/share/wordlists/fern-wifi/common.txt

from wifite2.

To recap:

1. --crack option seems to work
2. --dict can specify the dictionary
3. There's options to crack via aircrack-ng, pyrit, john, and hashcat.
4. cap2hccapx support will work once it's installed to /usr/bin

Closing since this issue is getting long and covering too many topics.

If there anything else needed on this issue (bugs or feature requests), please create a new issue!

from wifite2.

FYI I created a new Issue #25 to allow a cracker as input to the --crack option (aircrack, pyrit, john, hashcat) so wifite would automatically run the program, parse the output, and store the key.

from wifite2.

See also #119 which asks for more features in the --crack option (auto-running the crack command for all handshakes with a given wordlist).

from wifite2.