Hello, I have wifi pcap that I converted to hccapx. Whats the difference between 2500 and 2501? Which one do I use with wordlist. Thanks in advance.
Does this look correct?
hashcat -m 2500 /home/parrot/Downloads/4381_1623990219.hccapx /home/parrot/Documents/rockyou.txt
or is it better to use this as shown on the example?
hascat -a 0 -m 400 /home/parrot/Downloads/4381_1623990219.hccapx /home/parrot/Documents/rockyou.txt
Difference:
EAPOL MESSAGE PAIRS (known as 4way handshake):
2500 recover PSK
2501 verify existing PMK
PMKID:
16800 recover PSK
16801 verify existing PMK
Both modes are deprecated. Successor is PMKID + EAPOL MESSAGE PAIRS:
22000 recover PSK
22001 verify existing PMK
My recommendation:
use hash mode 22000 with wordlist (either a pre-calculated wordlist by hcxtools or your own), rules, masks or a combination of that
explanation:
PSK = Pre-Shared-Key (password) 8 - 63 charakters
PMK = Plan-Master-Key 32 bytes
WiFi (WPA1/WPA2/WPA2 key version 3) related hash modes:
Code:
2500 | WPA-EAPOL-PBKDF2 | Network Protocols
2501 | WPA-EAPOL-PMK | Network Protocols
16800 | WPA-PMKID-PBKDF2 | Network Protocols
16801 | WPA-PMKID-PMK | Network Protocols
22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocols
22001 | WPA-PMK-PMKID+EAPOL | Network Protocols
Don't be disappointed if you are not able to recover the PSK, using the rockyou wordlist.
This list is old (very old) and not related to WiFi.
I suggest to create/calculate a wordlist tailored to your target (PSK from WiFi traffic, ESSID combinations, MAC_AP combinations, known pattern of the default PSK, OSINT by ebay or DuckDuckGo picture search).
Also you can try this (WiFi related lists):
from here
https://wpa-sec.stanev.org
https://wpa-sec.stanev.org/dict/cracked.txt.gz
https://wpa-sec.stanev.org/dict/rkg.txt.gz
or here:
https://3wifi.stascorp.com
https://3wifi.stascorp.com/3wifi-dic-2021-06-03.7z
Thank you for the information!