01-17-2018, 05:26 AM
(This post was last modified: 01-17-2018, 04:02 PM by JohnDN90.
Edit Reason: Added quick summary of functionality.
)
Hello all,
Quick Summary
Adds 3 new commands to Pyrit by patching pyrit_cli.py.
(While reading this, when I refer to "good", "workable', and "bad", I am referring to Pyrit's classification of the quality of the handhsake.)
I created this repository because I noticed a few issues when running hashcat 4.0.1-79-g7f087d0 on my R9 290 GPU. If more than one handshake was included in the .hccapx file, my cracking speed slowed down. If I performed a capture on my home network over 72 hours, with multiple devices connecting/disconnecting, I ended up with over 150 handshakes in my capture file and in the converted .hccapx file. This was enough to slow my cracking speed down from about 116 kH/s to only 14 kH/s (note, all the handshakes were for the same ESSID). Therefore, I wanted a way to separate the different handshakes from my capture file and only use the single "highest quality" handshake in my .hccapx file so I could obtain maximum speed.
The second issue I noticed was that my capture file with over 150 handshakes included good, workable, and bad handshakes. I wonder if this is what was causing the slow down, perhaps the bad handshakes which were also included in the .hccapx file were generating incorrect hashes and thus hashcat was trying to crack multiple hashes instead of only one. Regardless, I was unsure of how hashcat handles multiple handshakes, especially mixed quality ones, so I wanted a way to strip my capture file down to a single handshake so I knew exactly what hashcat was working with.
The functionality may already exist somewhere, but after searching the web for a couple days I was unable to find a way to split a capture file into individual handshakes. Pyrit could separate by ESSID/BSSID but not individual handshakes, the online hccapxsplitter tool could split the .hccapx file into separate handshakes but then I was unable to find a tool which could detect the quality of a handshake in a .hccapx file. I tried looking at the message_pair in the hexidecimal output from hccapx, per this website https://hashcat.net/wiki/doku.php?id=hccapx, but I noticed that a file with a single "bad" handshake had a 00 in the message_pair location and a different file with a single "good" handshake also had a 00 in the message_pair location so that wasn't giving me enough information to classify the handshake contained in the .hccapx file.
Another feature I desired was the ability to automatically output each ESSID in a capture files to a separate .hccapx file. Furthermore, I thought it'd be nice if the entire post-processing of the capture file (stripping, extracting of handshakes) and conversion to a separate .hccapx for each ESSID was completely automated.
Thus, I created this patch and script to fullfil this need that I had. I ran across several threads in different forums with people searching for similar functionality so I thought I would create a repository and share this with anyone else who may find it useful. The repository link is below.
https://bitbucket.org/JohnDN90/hashcatpreparationtools
If you find this useful, please let me know! Also if you find a bug or fix a bug I'd appreciate feedback on that as well.
DISCLAIMER: These tools are intended for use with auditing the security of wireless networks for which you have AUTHORIZATION. This means you may either use it on wireless systems which you own or wireless systems which you obtain permission for from the network owner.
Quick Summary
Adds 3 new commands to Pyrit by patching pyrit_cli.py.
- strip_best_handshakes: Outputs the highest quality handshake for each AP to a single output (.cap) file.
- separate_best_handshakes: Outputs the highest quality handshake to a separate output (.cap) file for each AP.
- separate_handshakes: Outputs ALL handshakes in the input file to a separate output (.cap) file.
(While reading this, when I refer to "good", "workable', and "bad", I am referring to Pyrit's classification of the quality of the handhsake.)
I created this repository because I noticed a few issues when running hashcat 4.0.1-79-g7f087d0 on my R9 290 GPU. If more than one handshake was included in the .hccapx file, my cracking speed slowed down. If I performed a capture on my home network over 72 hours, with multiple devices connecting/disconnecting, I ended up with over 150 handshakes in my capture file and in the converted .hccapx file. This was enough to slow my cracking speed down from about 116 kH/s to only 14 kH/s (note, all the handshakes were for the same ESSID). Therefore, I wanted a way to separate the different handshakes from my capture file and only use the single "highest quality" handshake in my .hccapx file so I could obtain maximum speed.
The second issue I noticed was that my capture file with over 150 handshakes included good, workable, and bad handshakes. I wonder if this is what was causing the slow down, perhaps the bad handshakes which were also included in the .hccapx file were generating incorrect hashes and thus hashcat was trying to crack multiple hashes instead of only one. Regardless, I was unsure of how hashcat handles multiple handshakes, especially mixed quality ones, so I wanted a way to strip my capture file down to a single handshake so I knew exactly what hashcat was working with.
The functionality may already exist somewhere, but after searching the web for a couple days I was unable to find a way to split a capture file into individual handshakes. Pyrit could separate by ESSID/BSSID but not individual handshakes, the online hccapxsplitter tool could split the .hccapx file into separate handshakes but then I was unable to find a tool which could detect the quality of a handshake in a .hccapx file. I tried looking at the message_pair in the hexidecimal output from hccapx, per this website https://hashcat.net/wiki/doku.php?id=hccapx, but I noticed that a file with a single "bad" handshake had a 00 in the message_pair location and a different file with a single "good" handshake also had a 00 in the message_pair location so that wasn't giving me enough information to classify the handshake contained in the .hccapx file.
Another feature I desired was the ability to automatically output each ESSID in a capture files to a separate .hccapx file. Furthermore, I thought it'd be nice if the entire post-processing of the capture file (stripping, extracting of handshakes) and conversion to a separate .hccapx for each ESSID was completely automated.
Thus, I created this patch and script to fullfil this need that I had. I ran across several threads in different forums with people searching for similar functionality so I thought I would create a repository and share this with anyone else who may find it useful. The repository link is below.
https://bitbucket.org/JohnDN90/hashcatpreparationtools
If you find this useful, please let me know! Also if you find a bug or fix a bug I'd appreciate feedback on that as well.
DISCLAIMER: These tools are intended for use with auditing the security of wireless networks for which you have AUTHORIZATION. This means you may either use it on wireless systems which you own or wireless systems which you obtain permission for from the network owner.