(12-02-2017, 10:50 AM)ZerBea Wrote: [ -> ]Hi DKblue.
usefull
all handshakes (authenticated and not authenticated) , all message_pairs (including message_pairs that need nonce-error-corrections)
valid (matching M1 and M2)
wlandump-ng asked the client to send us his M2 (we now got a M2 that matches exact to this M1)
it isn't possible that the clients M2 doesn't match to our M1
it isn't possible that there is a packetloss between our M1 and the clients M2
it isn't possible that there is no password for this message_pair
this M12E2 message_pair can be used with hashcat to recover a real, "valid" password
the password may not necessarily be the correct password for that network
it is also possible that it is only a part of the correct password or a password for another network using the same ESSID or an old password for that network
so, you're right when you say a wlandump-ng "valid" handshake is 100% crackable!
Thxs for ur reply ZerBea
and here comes a related question,my co-workers can be trained to capture by minidwep-gtk ,a simple tool built-in cdlinux.
all is done just with click by wizards.
This awesome wlandump-ng,and those confusing shell commands are really too much for them.(Those systemctl stop and start,ip/iw dev up and down...etc)
So brief to say,I have many caps to deal with ,by wlandump-ng or not,and I wanna ensuring effective caps and nonce-error-corrections=0 for max speed.
Here is an example:
original26c4.cap captured by minidwep-gtk ,I cat *.caps got it.
wlancapinfo reported truncated file.
wlancap2hcx the original then got 1st26c4.hccapx
Ignore so many reading errors reported by wlancap2hcx ,convert the 1st26c4.hccapx back to cap named 2nd26c4.cap
OK now wlancapinfo the new 2nd26c4.cap,reported flawless(maybe most people like flawless more)
wlancap2hcx it with -W ,finally get 2nd26c4.hccapx
Studing all these skills mainly from your posts,if there'r mistakes would u kindly show me plz? Thanks
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Downloads# wlancapinfo -i original26c4.cap
input file.......: original26c4.cap
magic file number: 0xa1b2c3d4 (cap/pcap)
major version....: 2
minor version....: 4
data link type...: 105 (DLT_IEEE802_11) [
http://www.tcpdump.org/linktypes.html]
packets inside...: 94497
last pcap error..: truncated dump file; tried to read 193104 captured bytes, only got 72696
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Downloads# wlancap2hcx -o 1st26c4.hccapx original26c4.cap
start reading from original26c4.cap
pcap read error: invalid packet capture length 6881280, bigger than maximum of 262144
pcap read error: invalid packet capture length 1835008, bigger than maximum of 262144
pcap read error: invalid packet capture length 2623291088, bigger than maximum of 262144
pcap read error: invalid packet capture length 1383399423, bigger than maximum of 262144
pcap read error: invalid packet capture length 12845056, bigger than maximum of 262144
pcap read error: invalid packet capture length 909837, bigger than maximum of 262144
pcap read error: invalid packet capture length 1960823124, bigger than maximum of 262144
pcap read error: invalid packet capture length 4294967295, bigger than maximum of 262144
pcap read error: invalid packet capture length 2683722260, bigger than maximum of 262144
pcap read error: invalid packet capture length 3377725880, bigger than maximum of 262144
pcap read error: invalid packet capture length 2683722260, bigger than maximum of 262144
pcap read error: invalid packet capture length 3377725556, bigger than maximum of 262144
pcap read error: invalid packet capture length 1079645251, bigger than maximum of 262144
pcap read error: invalid packet capture length 3489741312, bigger than maximum of 262144
pcap read error: truncated dump file; tried to read 193104 captured bytes, only got 72696
94493 packets processed (94493 wlan, 0 lan, 0 loopback)
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Downloads# wlanhcx2cap -i 1st26c4.hccapx -O 2nd26c4.cap
5 records read from 1st26c4.hccapx
5 handshakes written to 2nd26c4.cap
0 handshakes not written (?irreversible messagepair)
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Downloads# wlancapinfo -h
wlancapinfo 4.0.0 (C) 2017 ZeroBeat
usage: wlancapinfo <options>
options:
-i <file> : input pcap file
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Downloads# wlancapinfo -i 2nd26c4.cap
input file.......: 2nd26c4.cap
magic file number: 0xa1b2c3d4 (cap/pcap)
major version....: 2
minor version....: 4
data link type...: 105 (DLT_IEEE802_11) [
http://www.tcpdump.org/linktypes.html]
packets inside...: 15
last pcap error..: flawless
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Downloads# wlancap2hcx -W 2nd26c4.hccapx 2nd26c4.cap
start reading from 2nd26c4.cap
15 packets processed (15 wlan, 0 lan, 0 loopback)
total 3 usefull wpa handshakes
found 3 WPA2 AES Cipher, HMAC-SHA1