WiFi WPA/WPA2 vs hashcat and hcxdumptool

Apologies for the glitches in this video 😢 .... looks like the export of this video broke.... I had lots of issues uploading the original video to UA-cam and had to export again quickly and it looks like something else broke. Hopefully won't happen again 😅
Big thanks to Cisco Meraki for sponsoring this video! Learn how to secure hybrid networks so you can stop these kinds of attacks: davidbombal.wiki/meraki
Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Only use the tools demonstrated in this video on networks you have permission to attack.
// MENU //
0:00 ▶ Introduction
1:32 ▶ Software used
2:17 ▶ WiFi Hardware used
3:15 ▶ Commands used
4:17 ▶ Install required software method 1
5:31 ▶ Install using Github
7:20 ▶ hcxdumptool demo using first Alfa adapter
9:15 ▶ Demonstration using second Alfa adapter
11:15 ▶ Real world example - a warning to all of us
13:45 ▶ Use hcxpcapngtool to set format correctly
17:24 ▶ Using hashcat with rockyou wordlist
18:38 ▶ Using hashcat with GPU and bruteforce
// Previous Videos //
Kali Wifi Adapters: ua-cam.com/video/5MOsY3VNLK8/v-deo.html
Old method using airmon-ng: ua-cam.com/video/WfYxrLaqlN8/v-deo.html
Old method using GPUs: ua-cam.com/video/J8A8rKFZW-M/v-deo.html
// COMMANDS //
sudo systemctl stop NetworkManager.service
sudo systemctl stop wpa_supplicant.service
sudo hcxdumptool -i wlan0 -o dumpfile.pcapng --active_beacon --enable_status=15
sudo systemctl start wpa_supplicant.service
sudo systemctl start NetworkManager.service
hcxpcapngtool -o hash.hc22000 -E essidlist dumpfile.pcapng
hashcat -m 22000 hash.hc22000 wordlist.txt
Windows:
hashcat.exe -m 22000 hash.hc22000 -a 3 ?d?d?d?d?d?d?d?d
hashcat.exe -m 22000 hash.hc22000 -a 3 --increment --increment-min 8 --increment-max 18 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d
// SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
UA-cam: ua-cam.com/users/davidbombal
// MY STUFF //
Monitor: amzn.to/3yyF74Y
More stuff: www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

David, I took your CCNA course on Udemy two years ago. Got my CCNA cert, did some security later on following your channel and others. I'm now got a job as a SOC analyst and I'm aiming at becoming a read teamer later on. You helped me get on track with this career. Thank you and keep up the amazing work!

David, when you are showing us some awesomeness there are never videos that are too long.

Thanks!

Dude thank you for being so thorough and actually going through all the little steps. Excellent videos.

-o Option is Deprecated so use -w to get output file
--active_beacon is also deprecated so use --beacontx=10
--enable_status is also not acceptable now, so I removed it
Final Command
sudo hcxdumptool -I wlan0 -w dumpfile.pcapng --beacontx=10

Very good and complete explanation of hashcat. Better approach to collecting hashes this way then the classic disconnecting the client from the AP. Quite interested to see the next video with a bigger GPU or multiple GPUs or maybe even try to explain GPU clusters with Hashtopolis. Thanks!

I love these videos. I appreciate you David.

Bro i literally just wanted to learn about password cracking and this comes up! Love your video as always david :3

Been watching your videos for a few months and have learned a ton! I recently scored my first real full time I.T. contract for a corporate office.

Boy does this video bring back old memories. First hack I ever completed as a kid and where my love of hacking started. Good stuff man

David this video helped me a lot during a pentest with a client that uses a mesh WiFi network where airodump-ng doesn't worked as spected becuse every time i used a deauth attack, the device reconnect on a different access point and i was unable to get the handshake. Thanks a lot!!

Im so love your content #1👑, waiting for the video with the gpu😎

Hi, at 8:36, after i hit enter, i have this error : hcxdumptool: invalid option -- 'o', can someone help me @David Bombal. Thanks

Best teacher , really enjoyed and learned a lot .
pls continue posting videos .

I'm blessed by your work Sir. Your free unconditional teaching and knowledge you gave us has immensely rooted with in us. Seeing you new work every weeks gives me a desire that I want to learn ethical hacking and free myself.

I did that tonight. I had some errors, but I found a way out.
Well, the worldlist is your weapon. A big plus is that you can put your laptop in wifi scanning, take your laptop, and go around the block to find more essids and afterwards crack them all at once.
The bigger the worldlist, the better 😅

Cisco I favour the willingness in sponsorship in content promotion in the spectrum shown here.
I further liked to express thanks for sparking and fanning a flame thus leading to minds; possibly being intrigued then pursuing Sec+ filling voids. More essential minds able to elaborate what " online & privacy / security " means

love the new way has been working on my pine apple nano
andgot this all working

Can’t wait to see part 2 , very educational ! Great videos!

Sir , I find only your videos much more convenient, useful , friendly with smooth English and simple explanation about the ethical hacking and so on topics . Thank you very much for teaching us so much amazing things !!

Seriously man if my parents ask how had you grown up - i would simply say David bombal name. Thanks man love you from India
❤❤❤❤

I learn wifi hacking technique 7 years ago but i didn't give continue on hacking skills. Thanks David for this video which helps me to revised all.

Great Video Bombal Sir! Am in Class 8 and learning a great deal of things from ur vids! Thanks so much for the free information

hi david awesome vids but hcxdumptool changed can you do an updated video

man you are legend

Great tutorial David!

This is an awesome video!

I also want to wish you all the very best. Thank you for the amazing content David. God bless you.

MINDSET
IS
EVERYTHING

Just awesome. It works without any error in Kali Linux. But In windows it taking more time from hash software so I quit it.
The adaptor which was showing at video. Already bought in one year ago I feel lucky to having this adaptor which is future on David Bombal channel. Thank you for the video.

Hi David, at 8:44 when using the comand: "sudo hcxdumptool -i wlan0 -o dumpfile.pcapng --active_beacon --enable_status=15", do I stop the terminal or do I let it continue? After a couple of minutes it doesn't make any progress really andif I try to stop it I simply can't use ^C, nothing happens at all, if I close the terminal and open a new one any command I write connectivity related as, I believe, the wifi stops working, checking it, it says "NetworkManager is not running...", any advice?

Hello David, can you please make a new video about the new and re-written hcxdumptool 6.3.x?
Can you also show how to connect hashcat to another PC so they can work together with the Brain feature? Please please please 🙏🙏🙏🙏🙏🙏

You are a great teacher, I really enjoy your videos

Excellent Video. I was able to recover passwords using your methods. I have an NVIDIA 3090 card, it is 5 times faster then a 1650 card. Still took two hours to recover a 10 numbered password however. Looking forward to your next video.

Hi David, just to be sure at 8:23 u are showing list of cmds and there is --enable_status=1, but u're using --enable_status=15 in CLI, should we keep 1 or go with 15 (this is probably a typo)

I did the updates to hcxdumptool after running into issues with the 2200x hashes while doing a hashcat module on HackTheBox that required us to convert a pcap file. However, I had NO IDEA why the old hashes were depreciated. This is awesome! I hated all the things that needed to "line-up" previously to have a shot at cracking WPA2. It's so much easier to just dump the hashes into my hashcat rig haha

Mrs Richards: "I paid for a room with a view!"
Basil: (pointing to the lovely view) "That is Torquay, Madam."
Mrs Richards: "It's not good enough!"
Basil: "May I ask what you were expecting to see out of a Torquay hotel bedroom window? Sydney Opera House, perhaps? the Hanging Gardens of Babylon? Herds of wildebeest sweeping majestically past?..."
Mrs Richards: "Don't be silly! I expect to be able to see the sea!"
Basil: "You can see the sea, it's over there between the land and the sky."
Mrs Richards: "I'm not satisfied. But I shall stay. But I expect a reduction."
Basil: "Why?! Because Krakatoa's not erupting at the moment ?"

Best teacher ( DAVID ) ,Thanks a lost of your Great video's -:)

Thank you respected sir for your video. May I ask you two questions :
- why you have to close two services before initiating the scan? Is it because you didn't want to have other packet exchanges when scan is running?
- why did you used external wifi adapter. Why didn't you used built-in laptop wifi adapter?
Thank you in advance.

Thanks David great Video

Btw, Ctr + Shift + V/C can be used for copy and paste on Linux machines. I see everyone manually copying and posting in these videos, so I thought I'd give a helping hand by potentially reducing the amount of work you have to do in order to do simple things like copy and paste.
Also, it's worth mentioning that you can edit your nano config file to work like vim without annoying issues like saving and exiting file edits. With a little bash scripting, you can have nano working similar to vscode, or vim, if you'd like.
The nano config file is located at /etc/.nanorc/. You can edit this file via sudo nano /etc/.nanorc/

This video was not easy to follow everything was confusing , I hope you make another one and make it easy to follow

Very complicated ...informative and Helpful

Awesome as always.... Really enjoyed and learned so much. Stay blessed

Good video. Everything worked, I also compiled hashcat from the sources. However one of my 6 GPUs overheated after about 15 mins of cracking. 😬

Great learning tutorial David. Did you ever do a video using a higher end GPU for doing more complex passwords that are using alpha-numeric as mentioned at 12:55 ? I would like to see how that scenario performs using this method.

HI David, i learn a lot of knowledge from your video ....Abdulsalam Yahya from Libya

Incredibly informative video! I noticed some of your hcxdumptool commands are now out of date for version 6.3.1. Do you have an updated video for the new version? Love your channel!

Awesome video once again, And I should give this a go with my gaming laptop..

At 6:03 as the link to those dependencies is nowhere to be found.
Maybe they're now integrated as part of latest v 6.3.1

@davidbombal
Hi David, I have been following you for a while now and may I say what a wonderful job you are doing. Your content is top quality and easy for beginners to understand and grasp the fundamentals behind every topic you bring to us.
I have a question David. I know I could probably Google it and find the answer but I would like help from my favourite online teacher 😁
Question:
So with the old method of capturing the hash file we needed to put the network card in monitor mode. In your video I did not see you put the card into monitor mode? So with this new method as long as you have the required network card you don't need to put it in monitor mode! Is that right ?
Thanks in advance 🎉

Hello
I get the error :
hcxdumptool : invalid option -- 'o'
does anyone know why ?
Thank's

David had u made that video with big GPU method ?

Yayyy another way to crack something I waited for this so long.....

please help at 8:29 when entering the command hcxdumptool says invalid option -- 'o'
edit: replace o with w, but a new error comes up saying --active_beacon is not recognized

Love the tutorial, you are a great teacher!

Thanks David. I deleted my previous comment as I wasn't paying attention! It's handy splitting the sniffing and cracking between Kali and Windows, I can put the VM on my laptop and remote to my gaming rig at home to crack. Perfect.
Really good video, the adapter is coming tomorrow and I'm looking forward to playing!

Wow that's a lot of work, I even get lost at some point but I'll keep watching til I master it 😁

Hello David, greetings from Turkey, thank you for your videos tutorial

if I ever leave my Mom's basement I'm heading down to the store to grab a sweet hoodie, a Alfa™adapter and.... well, I better not say

Hello David! There a new version of dumptool.. would you consider updating your video accordingly or not really planned? Thx in advance

Thank for sharing the knowledge

17:02 Someone be drifting away from this hacker's home for safety ;)

while running the command "sudo hcxdumptool -i wlan1 -o dumpfile.pcapng --active_beacon --enable_status=15" it shows invalid option --''o''

most of the actions in the tool have been changed and so the codes in the video are incorrect, you need to update this video to the newer tool update

Thanks for the info mate 😊

Me watching the ads while using a 4$ LB-LINK adapter I got 💃

Hi David thanks for guiding me trough hascat and keeping me up to date (as always)
Can you make a video about Beef next like netzorkchuck? But with port forwarding? Would be wonderful!
Best teacher ever, never leave us please💕🔥

prefect david

Just want to say thank you for all your videos, another great one David, you present it in an easily understandable format - hats off. What virtualization software (or is a cloud based instance) do you use from your Mac and is there a certain version of Kali Linux that you use if you don't mind answering while I wait for part two as it were with bigger GPU or multiple GPUs?

Your content is very nice, keep going, God willing, you will reach 5.000.000 All respect to you sir David Bombal🇵🇸I am from Palestine

can you please show us how to use big GPUs as you mentioned

@David Bombal Hello, If you leave the hcxdumptool running for a very long time in the same location(stationary/not walking around) it will it collect more/better information ? or after a few minutes will it have collected everything it possibly can ? or is it dependant on network activity ?
CHeers very much

Which binary trading platform/broker is the best to use. Which one is your recommded one

Thanks!🖤

Brilliant. Thanks again

Thank you for your Udemy Wireshark course and general for everything you have done towards IT knowledge .I hope i meet you somewhere in the Uk and get you a pint mate thanks.Ps I'm from Brum Jarek

David please give us the guidelines on how to easy get use to pen testing as you do such amazing vidoe!

Sir I can't afford any strong adapter can't we do it using vmware directly if yes please guide us for the same

I can't use hashcat in cmd in windows 10 it says insufficient space allocation, what to do? I use a notebook computer

Great video. Couldn't have come at a better time, iv been stuck on hashcat lately and wondered if you could use a handshake capture from wifite with hashcat after it's been converted obviously? Gave up with aircrack-ng and crunch after over 56 hours and over 2 billion keys tested.

I have enjoyed your videos, they are very well structured and give great step by step instruction. I love to hack but watching your videos now I want to learn so much more! Thank you for your time!

Great tutorial, but you could update this video, the new version of hcxdumptool has other options.
Regards

Hi David, when I run the hcxdumptool on kali the whole OS freezes and I end up restarting... are you aware of this issue? do you have any ideas on how I can move forward?

So once you have the pcapng file, can you leave and take that to a more powerful computer and brute force attack any password?

Why could it be that --active_beacon does not work?

Hi sir i want know how u save the file from VMware to windows to hashcat

Please can you do a update version of this video? hcxdumptool change the commands

can you make a new and updated video on this topic and maybe using a simpler method? Earlier all we had to do was to convert the .cap file to hccapx and then feed it to hashcat using "-m 2500", but since that is deprecated, isn't there a similar straight forward way to do so?

Can we use the .cap file from wifite and convert it to .hc22000 using the same hcxpcapng tool? Or does the hcxpcapng tool work only with .pcapng files and not .pcap files?

Hi David -E comes out as an invalid option….. any ideas?

great video... 👍🏼

The increment min and Max with (?d?d…) works also for alphanumeric?

Hi , hello David sir ! How are you and your family ! After long time you post videos ! 😁

What an amazing video

after the third step it gives me this error - "hcxdumptool: unrecognized option '--active_beacon'". could you do a remake / updated version of this video

Can you please record a new video illustrating this method again as most of the commands no longer work due to updates in Kali Linux versions as well as hashcat commands

hashcat gives me an error "No hashes loaded" I captured the handshake using wifite and even tried with airgeddon but still hashcat won't run

I got a message saying driver is busy: failed to transmit acknowledgment