I cracked a few WPA2 hashes with simple passwords (unknown to me when hashing began), but I am unable to use the passwords to log on to the WPA2 networks.
I wondered if there was something wrong, so I created a wordlist with the solved hashes and it cracked them again.
I even used coWPAtty on that wordlist and it cracked them again.
Could the problem be with my hashes?
Could it be I am getting a hash collision?
It seems a collision is unlikely since one of the solved hashes was "password"
I think it is much more likely that there are some further security measurements (like MAC address filtering) or that you type/input the password incorrectly (wrong configuration/setting/HEX vs preshared Key,ESSID wrong) etc.
No, collision is kinda ruled out... that would be very exceptional to say the least, forget about collision here!
A captured handshake can be "validated" (it includes all 4 states, showing the password was correct) or not (meaning you just may have captured someone using the wrong password). Not sure whether hashcat shows it to you.
Also, there's obviously a chance the password was changed between the capture and your login attempt.
(03-31-2017, 11:55 AM)magnum Wrote: [ -> ]A captured handshake can be "validated" (it includes all 4 states, showing the password was correct) or not (meaning you just may have captured someone using the wrong password). Not sure whether hashcat shows it to you.
Also, there's obviously a chance the password was changed between the capture and your login attempt.
You hit the nail on the head - I had forced a handshake capture by trying to join the network myself and typing in a possible idea. I realized this must be the problem because on one of them the "discovered" password was a word I knew I typed in to force a handshake.
The password attempt that I made was mistakenly found as the correct password.
I didn't realize that was going to be a problem - guess you have to have a real client on the network and not fake it yourself.
PS - I had validated all of them before turning into hccapx with cowpatty to try to cut down on bad captures
That is a new feature of hccapx to crack passwords captures from a Fake AP. See here for details:
https://hashcat.net/forum/thread-6273.html
You can turn it off by forcing hashcat only to use the oldschool way by setting --hccapx-message-pair=2