Hashcat question
#1
Hello,
I'm extracting successful PCAP files off of my Pwnagotchi and converting them into .hc22000. I have tried multiple word lists and even inputted my own password I was trying to crack to see if hashcat can grab it from the list, no luck. Here is the specific code I am running with everything in the appropriate folders. I also am in the hashcat directory in power working straight from that folder.

Hashcat -m 22000 <.hc22000 pcap file> <.txt password list with my exact password>

Any input would be appreciated.
Reply
#2
(06-07-2024, 05:47 AM)haroldjohn Wrote: Hello,
I'm extracting successful PCAP files off of my Pwnagotchi and converting them into .hc22000. I have tried multiple word lists and even inputted my own password I was trying to crack to see if hashcat can grab it from the list, no luck. Here is the specific code I am running with everything in the appropriate folders. I also am in the hashcat directory in power working straight from that folder.

Hashcat -m 22000 <.hc22000 pcap file> <.txt password list with my exact password>

Any input would be appreciated.

Does this example work for you?


.zip   hashcattest.zip (Size: 755 bytes / Downloads: 1)

Example is taken from https://hashcat.net/wiki/doku.php?id=example_hashes
and converted to a cap .

Download example and extract it.
Convert it to a hc22000 file - use hashcat online converter or hcxpcapngtool
Run hashcat (hashcat -m 22000 hashfile.hc22000 -a 3 "hashcat!")

Expected result:
Code:
$ hashcat -m 22000 hashfile.hc22000 -a 3 "hashcat!"
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
024022795224bffca545276c3762686f:6466b38ec3fc:225edc49b7aa:TP-LINK_HASHCAT_TEST:hashcat!
                                                         
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: hashcatsampel.hc22000
Time.Started.....: Fri Jun  7 08:23:29 2024 (0 secs)
Time.Estimated...: Fri Jun  7 08:23:29 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:      57 H/s (0.64ms) @ Accel:8 Loops:256 Thr:256 Vec:1
Recovered........: 2/2 (100.00%) Digests (total), 2/2 (100.00%) Digests (new), 2/2 (100.00%) Salts
Progress.........: 2/2 (100.00%)
Rejected.........: 0/2 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 63c Util:  6% Core:1875MHz Mem:4001MHz Bus:8

Started: Fri Jun  7 08:23:25 2024
Stopped: Fri Jun  7 08:23:30 2024

If you have the same result:
Code:
the password already has been recoverd (use hashcat --show option to show it)
the password for the NETWORKs of the dump file is not in your word list
the dump file from pwnagotchi is crappy

If you have a different result:
Code:
either hashcat or the conversion tool is broken
Reply
#3
Quote:
(06-07-2024, 05:47 AM)haroldjohn Wrote: Hello,
I'm extracting successful PCAP files off of my Pwnagotchi and converting them into .hc22000. I have tried multiple word lists and even inputted my own password I was trying to crack to see if hashcat can grab it from the list, no luck. Here is the specific code I am running with everything in the appropriate folders. I also am in the hashcat directory in power working straight from that folder.

Hashcat -m 22000 <.hc22000 pcap file> <.txt password list with my exact password>

Any input would be appreciated.

Does this example work for you?



Example is taken from https://hashcat.net/wiki/doku.php?id=example_hashes merge fruit
and converted to a cap .

Download example and extract it.
Convert it to a hc22000 file - use hashcat online converter or hcxpcapngtool
Run hashcat (hashcat -m 22000 hashfile.hc22000 -a 3 "hashcat!")

Expected result:
Code:
$ hashcat -m 22000 hashfile.hc22000 -a 3 "hashcat!"
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
024022795224bffca545276c3762686f:6466b38ec3fc:225edc49b7aa:TP-LINK_HASHCAT_TEST:hashcat!
                                                         
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: hashcatsampel.hc22000
Time.Started.....: Fri Jun  7 08:23:29 2024 (0 secs)
Time.Estimated...: Fri Jun  7 08:23:29 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:      57 H/s (0.64ms) @ Accel:8 Loops:256 Thr:256 Vec:1
Recovered........: 2/2 (100.00%) Digests (total), 2/2 (100.00%) Digests (new), 2/2 (100.00%) Salts
Progress.........: 2/2 (100.00%)
Rejected.........: 0/2 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 63c Util:  6% Core:1875MHz Mem:4001MHz Bus:8

Started: Fri Jun  7 08:23:25 2024
Stopped: Fri Jun  7 08:23:30 2024

If you have the same result:
Code:
the password already has been recoverd (use hashcat --show option to show it)
the password for the NETWORKs of the dump file is not in your word list
the dump file from pwnagotchi is crappy

If you have a different result:
Code:
either hashcat or the conversion tool is broken

Thanks for your answer. I got it.
Reply
#4
CAN SOMEONE PLEASE HELP ME !!!!!!


i cant use hashcat a second time for any other hc22000 files with rockyou.txt , got a new pcap file and changed the password list name but everytime i run it shows my last session , ive tried everything , i unistaled hashcat and even wiped my computer it still remebers . i cant do anything only worled the 1st time and now wont let me try anything else . this is what i get
ETAL API (Metal 343.19)
========================
* Device #1: Apple M3, 2688/5461 MB, 8MCU

OpenCL API (OpenCL 1.2 (Apr 13 2024 11:09:23)) - Platform #1 [Apple]
====================================================================
* Device #2: Apple M3, skipped

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

INFO: All hashes found as potfile and/or empty entries! Use --show to display them.

Started: Mon Jun 24 18:36:44 2024
Stopped: Mon Jun 24 18:36:44 2024
mac@Macs-MacBook-Air hashcat %
Reply
#5
Relax lol. You can either use "--potfile-disable" or change your potfile path with "--potfile-path new.potfile"
Reply