+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat-plus Support (https://hashcat.net/forum/forum-23.html)
+--- Thread: can't crack wpa even if key is in dictionary (/thread-2207.html)
can't crack wpa even if key is in dictionary - Ajeje - 04-05-2013
Hi, i've used hashcat for a while and i'm super-happy with it, it worked several times for me.
However, on this specific network, it can't find the wpa key even if it is in the dictionary. It goes through the dictionary then says "Exhausted"
![[Image: THBgvCW.jpg]](http://i.imgur.com/THBgvCW.jpg)
The WPA key is "mercedes1" (no quotes).. Here's the .hccap file: https://mega.co.nz/#!dBRlgRaD!ed3mxHF6NUyMCRODSNQis245JmVRDfnk-Pt8Ljkl6F4
Thank you for your help.
RE: can't crack wpa even if key is in dictionary - Rolf - 04-06-2013
I have tried to reproduce using plus and hc, and also with third party software.
None found the password as "mercedes1"
Mayhaps its not "mercedes1" ?
Or the hccap is corrupted.
RE: can't crack wpa even if key is in dictionary - atom - 04-06-2013
cant crack it either. i agree to what rolf said
RE: can't crack wpa even if key is in dictionary - Ajeje - 04-06-2013
An online hash cracking service found the password for me, and it is indeed "mercedes1".
Here is a screenshot from the router configuration file
![[Image: GWcd7Lk.jpg]](http://i.imgur.com/GWcd7Lk.jpg)
I submitted the .cap file to the site (not the .hccap), maybe that's the problem?
Here's the .cap file I submitted to the service:
https://mega.co.nz/#!sBoWzYxK!CH98XwYbB6uGQ7054_1MpAlQ8KpUQMNv_I-ElOdTVag
RE: can't crack wpa even if key is in dictionary - Hash-IT - 04-06-2013
(04-06-2013, 12:54 PM)Ajeje Wrote: An online hash cracking service found the password for me, and it is indeed "mercedes1".
I submitted the .cap file to the site (not the .hccap), maybe that's the problem?
Try making a new password in your router 0123456789 for example. Re capture it and test that.
RE: can't crack wpa even if key is in dictionary - The Mechanic - 04-06-2013
Way to many captures in that file, aircrack didnt find it, pyrit missed it until --all-handshakes was used. Get a clean capture then convert the file
Code:
#1: AccessPoint 02:24:01:4e:f6:22 ('business'):
#1: Station 00:1f:c0:cb:64:cd
#2: Station 00:1a:73:08:f3:09, 13 handshake(s):
#1: HMAC_MD5_RC4, bad, spread 5
#2: HMAC_MD5_RC4, bad, spread 6
#3: HMAC_MD5_RC4, bad, spread 6
#4: HMAC_MD5_RC4, bad, spread 7
#5: HMAC_MD5_RC4, bad, spread 7
#6: HMAC_MD5_RC4, bad, spread 7
#7: HMAC_MD5_RC4, bad, spread 7
#8: HMAC_MD5_RC4, bad, spread 8
#9: HMAC_MD5_RC4, bad, spread 8
#10: HMAC_MD5_RC4, bad, spread 8
#11: HMAC_MD5_RC4, bad, spread 9
#12: HMAC_MD5_RC4, bad, spread 9
#13: HMAC_MD5_RC4, bad, spread 10
#3: Station 00:3c:f0:83:07:54
#4: Station 00:16:37:44:0d:f2
#5: Station 00:96:28:c8:63:89
#6: Station 00:b8:ae:cd:61:7f
#7: Station 00:cb:7b:69:35:7b
#8: Station 00:48:4f:c3:3b:21
#9: Station 00:0a:cd:04:8b:f5
#10: Station 00:79:3e:80:f4:4d
#11: Station 00:c4:63:6a:00:3a
#12: Station 00:38:89:f3:d2:64
#13: Station 00:bd:e8:87:e9:90
#14: Station 00:84:ba:2b:a8:2b
#15: Station 00:26:38:ab:aa:94
#16: Station 00:cd:8a:ff:6c:84
#17: Station 00:66:1c:80:70:2d
#18: Station 00:27:92:e2:6f:1a
#19: Station 00:ef:e4:31:f3:70
#20: Station 00:1d:6f:9a:da:64
#21: Station f0:1c:13:cc:d6:bd, 52 handshake(s):
#1: HMAC_MD5_RC4, good, spread 1
#2: HMAC_MD5_RC4, good, spread 1
#3: HMAC_MD5_RC4, good, spread 1
#4: HMAC_MD5_RC4, good, spread 1
#5: HMAC_MD5_RC4, good, spread 1
#6: HMAC_MD5_RC4, good, spread 1
#7: HMAC_MD5_RC4, good, spread 1
#8: HMAC_MD5_RC4, good, spread 1
#9: HMAC_MD5_RC4, good, spread 3
#10: HMAC_MD5_RC4, good, spread 3
#11: HMAC_MD5_RC4, good, spread 3
#12: HMAC_MD5_RC4, good, spread 4
#13: HMAC_MD5_RC4, good, spread 4
#14: HMAC_MD5_RC4, good, spread 5
#15: HMAC_MD5_RC4, good, spread 5
#16: HMAC_MD5_RC4, good, spread 6
#17: HMAC_MD5_RC4, good, spread 6
#18: HMAC_MD5_RC4, good, spread 6
#19: HMAC_MD5_RC4, good, spread 7
#20: HMAC_MD5_RC4, good, spread 9
#21: HMAC_MD5_RC4, good, spread 10
#22: HMAC_MD5_RC4, good, spread 10
#23: HMAC_MD5_RC4, good, spread 10
#24: HMAC_MD5_RC4, good, spread 10
#25: HMAC_MD5_RC4, good, spread 10
#26: HMAC_MD5_RC4, good, spread 11
#27: HMAC_MD5_RC4, good, spread 11
#28: HMAC_MD5_RC4, good, spread 11
#29: HMAC_MD5_RC4, good, spread 14
#30: HMAC_MD5_RC4, good, spread 15
#31: HMAC_MD5_RC4, good, spread 15
#32: HMAC_MD5_RC4, good, spread 17
#33: HMAC_MD5_RC4, good, spread 17
#34: HMAC_MD5_RC4, good, spread 17
#35: HMAC_MD5_RC4, good, spread 18
#36: HMAC_MD5_RC4, good, spread 21
#37: HMAC_MD5_RC4, good, spread 21
#38: HMAC_MD5_RC4, good, spread 21
#39: HMAC_MD5_RC4, good, spread 22
#40: HMAC_MD5_RC4, good, spread 23
#41: HMAC_MD5_RC4, good, spread 23
#42: HMAC_MD5_RC4, good, spread 23
#43: HMAC_MD5_RC4, good, spread 25
#44: HMAC_MD5_RC4, good, spread 28
#45: HMAC_MD5_RC4, good, spread 29
#46: HMAC_MD5_RC4, good, spread 33
#47: HMAC_MD5_RC4, bad, spread 23
#48: HMAC_MD5_RC4, bad, spread 29
#49: HMAC_MD5_RC4, bad, spread 34
#50: HMAC_MD5_RC4, bad, spread 41
#51: HMAC_MD5_RC4, bad, spread 45
#52: HMAC_MD5_RC4, bad, spread 53
#22: Station 00:18:cd:c4:17:39
#23: Station 00:90:9d:6f:13:a5
#24: Station 00:50:c5:3c:d7:ae
#25: Station 00:b2:51:9f:fa:39
#26: Station 00:47:f3:26:b7:06
#27: Station 00:75:61:bd:f5:55
#28: Station 00:d8:af:81:28:22
#29: Station 00:26:19:a8:d1:c3
#30: Station 00:68:0e:47:e8:7e
#31: Station 00:ad:b6:84:5b:74
#32: Station 00:57:c1:48:88:b4RE: can't crack wpa even if key is in dictionary - atom - 04-07-2013
I cant say it often enough.
Use the "wpaclean" utility before converting!
See how it works afterwards:
Code:
root@sf:~/crackers/aircrack-ng/src# ./wpaclean x.cap /root/sniff_dump-11.cap
Pwning /root/sniff_dump-11.cap (1/1 100%)
Net 02:24:01:4e:f6:22 business
Done
root@sf:~/crackers/aircrack-ng/src# ./aircrack-ng -J x x.cap
Opening x.cap
Read 3 packets.
# BSSID ESSID Encryption
1 02:24:01:4E:F6:22 business WPA (1 handshake)
Choosing first network as target.
Opening x.cap
Reading packets, please wait...
Building Hashcat (1.00) file...
[*] ESSID (length: 8): business
[*] Key version: 1
[*] BSSID: 02:24:01:4E:F6:22
[*] STA: F0:1C:13:CC:D6:BD
[*] anonce:
23 7E AE 2C 9F 6F 54 78 1A 95 D3 4C 18 B2 1D A8
A6 C5 8F D1 80 F6 A5 EE 64 E7 29 49 65 82 FB A5
[*] snonce:
64 08 6B F3 EA D0 EE 92 33 26 33 30 AC 84 5F 1B
54 50 82 9C EE 86 F3 45 47 53 D6 C0 1D BE A5 99
[*] Key MIC:
27 51 A2 9D 08 83 A0 98 BB 11 AF F5 4D E8 95 5D
[*] eapol:
01 03 00 77 FE 01 09 00 20 00 00 00 00 00 00 00
02 64 08 6B F3 EA D0 EE 92 33 26 33 30 AC 84 5F
1B 54 50 82 9C EE 86 F3 45 47 53 D6 C0 1D BE A5
99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 18 DD 16 00 50 F2 01 01 00 00 50 F2 02 01
00 00 50 F2 02 01 00 00 50 F2 02
Successfully written to x.hccap
Quitting aircrack-ng...
root@sf:~/crackers/aircrack-ng/src# cp x.hccap /root/xy/oclHashcat-plus-0.15
root@sf:~/crackers/aircrack-ng/src# cd /root/xy/oclHashcat-plus-0.15/
root@sf:~/xy/oclHashcat-plus-0.15# echo mercedes1 > testdict
root@sf:~/xy/oclHashcat-plus-0.15# ./oclHashcat-plus64.bin -m 2500 x.hccap testdict
oclHashcat-plus v0.15 by atom starting...
Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Workload: 16 loops, 8 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Cayman, 1024MB, 830Mhz, 24MCU
Device #2: Cayman, 1024MB, 830Mhz, 24MCU
Device #3: Cayman, 1024MB, 830Mhz, 24MCU
Device #4: Cayman, 1024MB, 830Mhz, 24MCU
Device #1: Kernel ./kernels/4098/m2500.Cayman_1084.4_1084.4.kernel (1810128 bytes)
Device #2: Kernel ./kernels/4098/m2500.Cayman_1084.4_1084.4.kernel (1810128 bytes)
Device #3: Kernel ./kernels/4098/m2500.Cayman_1084.4_1084.4.kernel (1810128 bytes)
Device #4: Kernel ./kernels/4098/m2500.Cayman_1084.4_1084.4.kernel (1810128 bytes)
Cache-hit dictionary stats testdict: 10 bytes, 1 words, 1 keyspace
business:mercedes1
Session.Name...: oclHashcat-plus
Status.........: Cracked
Input.Mode.....: File (testdict)
Hash.Target....: business (02:24:01:4e:f6:22 <-> f0:1c:13:cc:d6:bd)
Hash.Type......: WPA/WPA2
Time.Started...: Sun Apr 7 09:47:08 2013 (1 sec)
Speed.GPU.#1...: 0/s
Speed.GPU.#2...: 0/s
Speed.GPU.#3...: 0/s
Speed.GPU.#4...: 0/s
Speed.GPU.#*...: 0/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 1/1 (100.00%)
Rejected.......: 0/1 (0.00%)
HWMon.GPU.#1...: 0% Util, 43c Temp, 29% Fan
HWMon.GPU.#2...: 0% Util, 41c Temp, N/A Fan
HWMon.GPU.#3...: 0% Util, 40c Temp, 29% Fan
HWMon.GPU.#4...: 0% Util, 38c Temp, N/A Fan
Started: Sun Apr 7 09:47:08 2013
Stopped: Sun Apr 7 09:47:09 2013RE: can't crack wpa even if key is in dictionary - Ajeje - 04-09-2013
Thanks a lot guys!
