search

derv82 / wifite2

Rewrite of the popular wireless network auditor, "wifite"
GNU General Public License v2.0
6.44k stars 1.32k forks source link

output handshake into john or oclhashcat format #15

Closed wifiuk closed 7 years ago

wifiuk commented 7 years ago

Would it be possible to have an option to output into john the ripper or oclhashcat format for cracking?

(Added by derv82@)

Other requirements mentioned below:

  1. --later option to not crack captured handshakes (just capture & move on).
  2. --quick to try the very-short Fern Wifi wordlist... although some machines might not have Fern's common.txt list so this may not be feasible
  3. Platform-specific cracking via --crack cpu --crack cuda --crack opengl
    • Probably not required; I don't know why we would need to know the GPU type
wifiuk commented 7 years ago

anything?

derv82 commented 7 years ago

I'm looking to add a --crack option that, given an existing handshake, would:

  1. Generate all required files (creating .hccapx and .hccap files from the .cap)
  2. Provide commands to crack the handshake in various crackers (aircrack, pyrit, oclhashcat, etc).

Using oclhashcat on a .hccapx file: https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 john on a .hccap file: http://openwall.info/wiki/john/WPA-PSK

wifiuk commented 7 years ago

yeah i know how to do it, but just thought it would be great if this tool could automate it for me, rather than having to do it all manually. Thanks for looking into the suggestion, keep up the good work..

derv82 commented 7 years ago

Oh, I linked to those tutorials for my own reference when adding the feature.

I can't find any way to convert .cap files to .hccapx needed by hashcat using Kali Rolling. From https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 :

The cap2hccapx utility and hcxtools are still very new. At this writing, Kali has not yet updated from hccap to hccapx.

There's a website to convert .cap to .hccapx: https://hashcat.net/cap2hccapx/

...But that's not very automated.

I can create hccap files (not hccapX) using aircrack-ng's -J option:

% aircrack-ng -J hccap_file regular_cap_file.cap
% ls
`hccapfile.hccap`    `regular_cap_file.cap`

...But I don't know if hashcat accepts this format. Trying to run it in my VM:

root@kali:/tmp# hashcat -m 2500 hccapfile.hccap /usr/share/wordlists/fern-wifi/common.txt
hashcat (v3.5.0) starting...
clGetDeviceIDs(): CL_DEVICE_NOT_FOUND
clGetDeviceIDs(): CL_DEVICE_NOT_FOUND
No devices found/left.

Do you know:

  1. If aircrack-ng's hccap files work with hashcat?
  2. If not, do you know how to generate hccapx files in vanilla Kali Rolling?
wifiuk commented 7 years ago

I'm not near a PC so will have a look over the weekend..

derv82 commented 7 years ago

Thanks.

Here's what I've got so far:

--crack option

Pushed in latest commit.

derv82 commented 7 years ago

Some other ideas I had:

  1. During --crack, ask user how they want to crack (aircrack, pyrit, etc), and run the appropriate command.
    • The script can't detect CUDA/OPENGL so this probably isn't very efficient...
      • And this makes the tool ask a lot of questions which might be frustrating for users.
  2. When handshake is captured, provide all available cracking commands, but don't actually try to crack.
    • Good for quickly-capturing WPA handshakes (i.e. you'll crack 'em later)
    • But it could miss out on easily-guessed passwords that could be guessed within a minute (e.g. Fern Wifi Cracker's common.txt).

I'm open to other suggestions.

wifiuk commented 7 years ago

i like the new idea, what about --crack and then sub options the user can choose e.g --crack cpu --crack cuda --crack opengl

this would then use that for future GPU requests

also i like the crack em later option just to grab handshakes e.g --crack later , just get handshakes --crack quick - would do the quick fern check and then skip

wifiuk commented 7 years ago

tonight i'll try to fire up my kali on my main PC with GPU, as i am using VM on laptop at the moment. try to give you some results on the hashcat output

wifiuk commented 7 years ago

My own reminder https://hashcat.net/forum/thread-6150.html

wifiuk commented 7 years ago

hashcat -m 2500 /usr/share/wordlists/fern-wifi/common.txt hccap.hccap hashcat (v3.5.0) starting...

OpenCL Platform #2: The pocl project

Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature Hashfile '/usr/share/wordlists/fern-wifi/common.txt': Invalid hccapx signature No hashes loaded.

Started: Mon May 29 21:43:47 2017 Stopped: Mon May 29 21:43:47 2017

derv82 commented 7 years ago

Crap. Looks like it needs a .hccapx file, not .hccap

I guess newer versions of hashcat are not backwards-compatible with the old .hccap file format.

I'll look into the hccapx format and see if Wifite can generate these files... that would be a lot of work, and it's hard for me to test hashcat in a VM (no direct access to GPU).

Maybe it should just check if cap2hccapx exists and provide that as an option.

wifiuk commented 7 years ago

actually re-reading that error i think its incorrect sytax going into hashcat.. its trying to use common.txt as the hashfile....

`root@KALI-PC:~/apps/wifite2# hashcat -m 2500 hccap.hccap /usr/share/wordlists/fern-wifi/common.txt hashcat (v3.5.0) starting...

OpenCL Platform #2: The pocl project

hccap.hccap: Old hccap format detected! You need to update: https://hashcat.net/q/hccapx

Started: Tue May 30 19:01:50 2017 Stopped: Tue May 30 19:01:50 2017 root@KALI-PC:~/apps/wifite2# `

wifiuk commented 7 years ago

obviously when cracking i would use a larger dictionary

for cap to hccapx i did

git clone https://github.com/hashcat/hashcat-utils.git cd src make

./cap2hccapx.bin ~/apps/wifite2/hs/handshake_XXXXXXXXXXXXXXXXXXXXXXXXXxxxxx. cap ~/apps/wifite2/OUTPUT.hccapx

then

`hashcat -m 2500 OUTPUT.hccapx /usr/share/wordlists/fern-wifi/common.txt hashcat (v3.5.0) starting...

OpenCL Platform #2: The pocl project

Hashes: 3 digests; 2 unique digests, 1 unique salts Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates Rules: 1

Applicable optimizers:

Watchdog: Hardware monitoring interface not found on your system. Watchdog: Temperature abort trigger disabled. Watchdog: Temperature retain trigger disabled.

Dictionary cache built:

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted Hash.Type........: WPA/WPA2 Hash.Target......: OUTPUT.hccapx Time.Started.....: Tue May 30 19:13:24 2017 (0 secs) Time.Estimated...: Tue May 30 19:13:24 2017 (0 secs) Guess.Base.......: File (/usr/share/wordlists/fern-wifi/common.txt) Guess.Queue......: 1/1 (100.00%) Speed.Dev.#1.....: 1370 H/s (0.47ms) Recovered........: 0/2 (0.00%) Digests, 0/1 (0.00%) Salts Progress.........: 478/478 (100.00%) Rejected.........: 327/478 (68.41%) Restore.Point....: 478/478 (100.00%) Candidates.#1....: admin123 -> XLSERVER HWMon.Dev.#1.....: N/A

Started: Tue May 30 19:13:20 2017 Stopped: Tue May 30 19:13:24 2017 root@KALI-PC:~/apps/wifite2# `

wifiuk commented 7 years ago

so i would also have an option to choose the wordlist the user wants to use to crack in hashcat etc.

derv82 commented 7 years ago

You should be able to specify the wordlist using the --dict option, e.g.

./Wifite.py --crack --dict /path/to/a/wordlist.txt

I'll look at swapping the order of hccapx and the wordlist in the hashcat command.

derv82 commented 7 years ago

  1. Confirmed that --dict allows specifying the path to the wordlist.

  2. I "installed" cap2hccapx but it doesn't actually install the binary into /usr/bin; the make command generates cap2hccapx.bin in the cwd of wherever the source for hashcat-utils is.

This means Wifite has no standard way of discovering the location of the cap2hccapx binary.

The commit above looks for cap2hccapx via the which cap2hccapx command. So if/when the Hashcat team make hashcat-utils installable (and/or the Kali team makes this script available in /usr/bin), the --crack option will provide the appropriate commands.

Until then, if cap2hccapx isn't found, the --crack option tells the user how to generate the hccapx file via the website:

  # OCLHASHCAT: GPU-based cracking. Fast.
  # Visit https://hashcat.net/cap2hccapx to generate a .hccapx file
  # Browse -> /root/wifite2/hs/handshake_essid_mac_address_2017-05-15T23-21-07.cap -> Convert
  hashcat -m 2500 generated.hccapx /usr/share/wordlists/fern-wifi/common.txt
derv82 commented 7 years ago

To recap:

  1. --crack option seems to work
  2. --dict can specify the dictionary
  3. There's options to crack via aircrack-ng, pyrit, john, and hashcat.
  4. cap2hccapx support will work once it's installed to /usr/bin

Closing since this issue is getting long and covering too many topics.

If there anything else needed on this issue (bugs or feature requests), please create a new issue!

derv82 commented 7 years ago

FYI I created a new Issue #25 to allow a cracker as input to the --crack option (aircrack, pyrit, john, hashcat) so wifite would automatically run the program, parse the output, and store the key.

derv82 commented 6 years ago

See also #119 which asks for more features in the --crack option (auto-running the crack command for all handshakes with a given wordlist).