Code:
$ wget https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/wpa-Induction.pcap
wget https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/wpa-Induction.pcap
--2024-04-23 09:21:44-- https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/wpa-Induction.pcap
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving wiki.wireshark.org (wiki.wireshark.org)... 2606:4700:20::681a:bf0, 2606:4700:20::681a:af0, 2606:4700:20::ac43:4b27, ...
Connecting to wiki.wireshark.org (wiki.wireshark.org)|2606:4700:20::681a:bf0|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://gitlab.com/wireshark/wireshark/-/wikis/uploads/__moin_import__/attachments/SampleCaptures/wpa-Induction.pcap [following]
--2024-04-23 09:21:44-- https://gitlab.com/wireshark/wireshark/-/wikis/uploads/__moin_import__/attachments/SampleCaptures/wpa-Induction.pcap
Resolving gitlab.com (gitlab.com)... 2606:4700:90:0:f22e:fbec:5bed:a9b9, 172.65.251.78
Connecting to gitlab.com (gitlab.com)|2606:4700:90:0:f22e:fbec:5bed:a9b9|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 179298 (175K) [application/octet-stream]
Saving to: 'wpa-Induction.pcap'
wpa-Induction.pcap 100%[=============================>] 175.10K --.-KB/s in 0.09s
2024-04-23 09:21:45 (1.85 MB/s) - 'wpa-Induction.pcap' saved [179298/179298]
Code:
$ hcxpcapngtool -o induction.hc22000 wpa-Induction.pcap
hcxpcapngtool 6.3.4-7-gb3b3b0d reading from wpa-Induction.pcap...
summary capture file
--------------------
file name................................: wpa-Induction.pcap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 04.01.2007 07:14:45
timestamp maximum (GMT)..................: 04.01.2007 07:15:26
duration of the dump tool (seconds)......: 40
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianness (capture system)..............: little endian
packets inside...........................: 1093
frames with correct FCS..................: 1080
packets received on 2.4 GHz..............: 1093
WIRELESS DISTRIBUTION SYSTEM.............: 1
ESSID (total unique).....................: 2
BEACON (total)...........................: 398
BEACON on 2.4 GHz channel (from IE_TAG)..: 1
PROBEREQUEST (undirected)................: 12
PROBEREQUEST (directed)..................: 1
PROBERESPONSE (total)....................: 26
DISASSOCIATION (total)...................: 1
AUTHENTICATION (total)...................: 2
AUTHENTICATION (OPEN SYSTEM).............: 2
ASSOCIATIONREQUEST (total)...............: 1
ASSOCIATIONREQUEST (PSK).................: 1
RESERVED MANAGEMENT frame................: 4
WPA encrypted............................: 280
EAPOL messages (total)...................: 4
EAPOL RSN messages.......................: 4
EAPOLTIME gap (measured maximum msec)....: 4
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 1
EAPOL M2 messages (total)................: 1
EAPOL M3 messages (total)................: 1
EAPOL M4 messages (total)................: 1
EAPOL M4 messages (zeroed NONCE).........: 1
EAPOL pairs (total)......................: 2
EAPOL pairs (best).......................: 1
EAPOL pairs written to 22000 hash file...: 1 (RC checked)
EAPOL M12E2 (challenge)..................: 1
RSN PMKID (total)........................: 1
RSN PMKID (from zeroed PMK)..............: 1 (not converted by default options - use --all if needed)
frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
2412: 1093
Information: limited dump file format detected!
This file format is a very basic format to save captured network data.
It is recommended to use PCAP Next Generation dump file format (or pcapng for short) instead. The PCAP Next Generation dump file format is an attempt to overcome the limitations of the currently widely used (but very limited) libpcap (cap, pcap) format.
https://www.wireshark.org/docs/wsug_html_chunked/AppFiles.html#ChAppFilesCaptureFilesSection
https://github.com/pcapng/pcapng
Information: missing frames!
This dump file does not contain enough EAPOL M1 frames.
It always happens if the capture file was cleaned or it could happen if filter options are used during capturing.
That makes it impossible to calculate nonce-error-correction values.
Duration of the dump tool was a way too short to capture enough additional information.
session summary
---------------
processed cap files...................: 1
Code:
$ hashcat -m 22000 induction.hc22000 -a 3 Induction
hashcat (v6.2.6-848-gc1a10518f) starting
...
a462a7029ad5ba30b6af0df391988e45:000c4182b255:000d9382363a:Coherer:Induction
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: induction.hc22000
Time.Started.....: Tue Apr 23 09:24:47 2024 (0 secs)
Time.Estimated...: Tue Apr 23 09:24:47 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: Induction [9]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 87 H/s (0.45ms) @ Accel:8 Loops:256 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: Induction -> Induction
Hardware.Mon.#1..: Temp: 30c Fan: 0% Util: 41% Core:2595MHz Mem:10802MHz Bus:16
Started: Tue Apr 23 09:24:45 2024
Stopped: Tue Apr 23 09:24:48 2024