hashcat Forum
2500 vs 2501 - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: 2500 vs 2501 (/thread-10151.html)



2500 vs 2501 - Erod707 - 06-07-2021

Hello, I have wifi pcap that I converted to hccapx. Whats the difference between 2500 and 2501? Which one do I use with wordlist. Thanks in advance.

Does this look correct?

hashcat -m 2500 /home/parrot/Downloads/4381_1623990219.hccapx /home/parrot/Documents/rockyou.txt

or is it better to use this as shown on the example?

hascat -a 0 -m 400 /home/parrot/Downloads/4381_1623990219.hccapx /home/parrot/Documents/rockyou.txt


RE: 2500 vs 2501 - ZerBea - 06-07-2021

Difference:
EAPOL MESSAGE PAIRS (known as 4way handshake):
2500 recover PSK
2501 verify existing PMK

PMKID:
16800 recover PSK
16801 verify existing PMK

Both modes are deprecated. Successor is PMKID + EAPOL MESSAGE PAIRS:
22000 recover PSK
22001 verify existing PMK

My recommendation:
use hash mode 22000 with wordlist (either a pre-calculated wordlist by hcxtools or your own), rules, masks or a combination of that

explanation:
PSK = Pre-Shared-Key (password) 8 - 63 charakters
PMK = Plan-Master-Key 32 bytes

WiFi (WPA1/WPA2/WPA2 key version 3) related hash modes:
Code:
2500  | WPA-EAPOL-PBKDF2                                    | Network Protocols
2501  | WPA-EAPOL-PMK                                       | Network Protocols
16800 | WPA-PMKID-PBKDF2                                    | Network Protocols
16801 | WPA-PMKID-PMK                                       | Network Protocols
22000 | WPA-PBKDF2-PMKID+EAPOL                              | Network Protocols
22001 | WPA-PMK-PMKID+EAPOL                                 | Network Protocols

Don't be disappointed if you are not able to recover the PSK, using the rockyou wordlist.
This list is old (very old) and not related to WiFi.

I suggest to create/calculate a wordlist tailored to your target (PSK from WiFi traffic, ESSID combinations, MAC_AP combinations, known pattern of the default PSK, OSINT by ebay or DuckDuckGo picture search).

Also you can try this (WiFi related lists):
from here https://wpa-sec.stanev.org
https://wpa-sec.stanev.org/dict/cracked.txt.gz
https://wpa-sec.stanev.org/dict/rkg.txt.gz

or here: https://3wifi.stascorp.com
https://3wifi.stascorp.com/3wifi-dic-2021-06-03.7z


RE: 2500 vs 2501 - Erod707 - 06-14-2021

Thank you for the information!