cracking wpa2 - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: cracking wpa2 (/thread-10780.html) |
cracking wpa2 - JamesIsJames - 05-13-2022 Hi guys, im trying to crack my wifi network and see if its possible. I tried this https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 and also many other options with hashcat but every time i get to this command "hashcat -m 22000 hash.hc22000 -a 3 ?d?d?d?d?d?d?d?d" it ust doesnt work, every time i get this errors "Hash ´hash.hc22000´: Separator unmatched" and "No hashes loaded." I already looked if tools are working good, and also looked on hash and everything looks good, i think something is wrong with hashcat but im not sure Thanks for any help RE: cracking wpa2 - ZerBea - 05-13-2022 The hash file is damaged and had not passed hashcat's integrity check. Remove it, before you start a new attempt to convert from your dump file (pcapng, pcap, cap). Please notice that hcxpcapngtool doesn't run an integrity check and append the new hashes to an existing file. If the existing file is damaged, the new one will be damaged, too. That behavior is mentioned in --help: Code: $ hcxpcapngtool --help Usually this problem occurs if you edit the hash file in a wrong way (adding white spaces, non xdigit characters, control characters, ... - yes, some editors will do this by default) or if you use 2 different options on the same file: $ hcxpcapngtool -o hash.hc22000 -E hash.hc.22000 Double check your command line! To check that hashcat is working as expected, get the hash from examples here https://hashcat.net/wiki/doku.php?id=example_hashes and store it to a hc22000 hash file (we use echo to do this job): Code: $ echo "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***" > hash.hc22000 Now let's damage the hash file a little bit by appending a white space at the end of the hash line: Code: $ echo "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964*** " > hash.hc22000 BTW: Just take a look at both hash files. At first glance, the second one is looking fine, but "the devil is in the detail". RE: cracking wpa2 - JamesIsJames - 05-13-2022 Yes i tested this $ echo "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***" > hash.hc22000 $ hashcat -m 22000 hash.hc22000 -a 3 hashcat! and it works good I also looked on the hashes, but im not sure where is problem my hash have WPA*02 and hash is long and have in it like 50 zeros RE: cracking wpa2 - ZerBea - 05-14-2022 The format of WPA*02 is the same, but contain a MIC, an ANONCE and an EAPOL (usually M2) message instead of a PMKID. Many zeros are absolutely normal for an EAPOL message. As I mentioned before, your hash file is damaged by what ever. Delete it and convert it again by hcxpcapngtool. To find out if hcxpcaptool is working es expected get this example from here: https://github.com/evilsocket/pwnagotchi/issues/835#issuecomment-598597214 Code: $ wget https://github.com/evilsocket/pwnagotchi/files/4328457/nctest.zip Take a look at eapol.22000 and you'll see that it is a WPA*02 hash line and it contain many zeroes. hashcat status will inform you that the PSK was successful recovered. If that is working, you have to check your environment and your workflow, because something damage your hash files. Unfortunately this can have many causes. As an alternative you can use hashcat online converter: https://hashcat.net/cap2hashcat/ For a test, I uploaded "test.pcap" there and compared the results by diff: Code: $ diff eapol.22000 6381_1652513795.hc22000 BTW: The most common mistake for beginners (Linux newbees, working for the first time in a Linux terminal and running command line options) is using a wrong working directory. This will result in hashcat's warning "Separator unmatched": Code: $ hashcat -m 22000 not_exist.hc22000 wordlist Linux commands like pwd (show working directory) an ls (show content of the current directory) are helpful to check the working directory and the content of it. RE: cracking wpa2 - JamesIsJames - 06-02-2022 sorry for late late response but i tryed everything over again and when im trying this command to conver dump """sudo hcxpcapngtool -o hash.hc22000 -E essidlist dumpfile.pcapng""" i get error, it convert it but gives me error "not available due to missing radiotap header thx for any help RE: cracking wpa2 - ZerBea - 06-02-2022 I think you mean this message: Code: frequency statistics from radiotap header (frequency: received packets) The tool that you used to dump the WiFi traffic removed the radiotap header, hcxpcapngtool detected the absence and told you that it is not possible to calculate a frequency statistic. That doesn't affect the conversion of the EAPOL messages to hc22000 format. But if you would like to retrieve as much as possible information, I recommend to use a dump tool that doesn't remove this header. A state of the art dump tool will provide this information and the output looks like this: Code: frequency statistics from radiotap header (frequency: received packets) BTW: There is no need to run hcxpcapngtool as super user (sudo). |