understanding wpa hashes - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: understanding wpa hashes (/thread-10172.html)

understanding wpa hashes - skypickle - 06-18-2021 I tried to test some  handshakes that i captured but had no luck with hashcat. So I thought I would try them using https://www.onlinehashcrack.com/wpa I submitted the pcap file but that site said: "No valid EAPOL handshake or PMKID found in the submitted file." I am new to testing this stuff. I captured some handshakes with a pwnagotchi and others using wifite. How can I tell if the pcap file (or the converted hccapx file) is worth using against hashcat? RE: understanding wpa hashes - ZerBea - 06-18-2021 Basic stuff/knowledge: PMKID attack is described here https://hashcat.net/forum/thread-7717.html 4way handshake is described here https://www.wifi-professionals.com/2019/01/4-way-handshake Open your dump file, by Wireshark and set eapol filter. Now you can see the 4way handhakes, if present in your dump file. Use hcxpcapngtool to convert the hashes for use with hashcat: $ hcxdumptool -o hash.22000 your_dumpfile Than run hashcat: $ hashcat -m 22000 hash.22000 your_wordlist and take a look at the status output. BTW: hccapx is an old binary format and you shouldn't use it any longer. Hash mode 22000 is supported by bettercap. pwnagotchi is based on bettercap, so this mode will work, too.