+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: .cap hash extraction (/thread-3630.html)
.cap hash extraction - keen2learn - 08-22-2014
hoping for help
i had an idea playing with hashcat where it says
Added hashes from file bt.hccap: 1 (1 salts)
is there a way you can make hashcat display the loaded hash/salt or is there any program or website i can use to extract the hash/salt
i tried the following
editcap -v -D 0 BTHub3-MQZX.cap /dev/null wich gave me loads of hashes to many to list
wireshark (had a look around reading a big manual on how to use)
capinfos BTHub3-MQZX.cap which gave me 1 SHA1, RIPEMD160, MD5
md5sum BTHub3-MQZX.cap and bt.hccap gave me MD5 hash ee82e86b4e10b3e9aa761e89fe3fff60 and 6efcd68a648a0255606eef37f9e15f45 respectively
tested all hashes with all different -m 0 - 7600 (hashcat did not work took some time) i know the caps good i tried in aircrack and cowpatty with small passlist
and got KEY FOUND! [ 8d9bb4aee3 ]
i stripped my cap down to just the 4 eapol packets which i then ran the stripped cap through the above programs got different hashes c91ab0c98f27612b40e9a5a7d22107f1
!!!!someone please tell me if i can get the hash/salt from my cap file you should be able to if it can load it then you should be able to see it or if those programs gave the right hash were did i go so wrong!!!!
should stress if you dont want to tell me how (the full command) to do it please point me in the right direction and i will figger it out my self
thanks
newbie but keen2learn
RE: .cap hash extraction - undeath - 08-22-2014
use the -J option on aircrack to export as hccap. Requires latest aircrack version. https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
RE: .cap hash extraction - keen2learn - 08-22-2014
thanks for the quick response undeath
i will try to explain what i want in more detail
i used aircrack -J command and got bt.hccap ran the following command
./hashcat-cli32.bin -1 abed3489 -m 2500 --pw-min=10 -s 574776396 -a3 bt.hccap ?1?1?1?1?1?1?1?1?1?1
and got the password
what i want is were it says
Added hashes from file bt.hccap: 1 (1 salts)
Activating quick-digest mode for single-hash with salt
is there a command i can use like (making this up)
./hashcat-cli32.bin -a3 bt.hccap --show-hash --show-salt
so it will display the following
bt.hccap
hash:ee82e86b4e10b3e9aa761e89fe3fff60 (but display the hash it loads in bruteforce)
salt:BTHub3-MQZX
or is there another program or website i can use to achieve this
hope that is a bit clearer question
thanks again undeath
keen2learn
RE: .cap hash extraction - undeath - 08-22-2014
WPA is more complex than simple hash and salt, that's why there is the hccap file. For the hccap file format look here: https://hashcat.net/wiki/doku.php?id=hccap
RE: .cap hash extraction - keen2learn - 08-22-2014
thanks agian for the quick response undeath
throught i was so on to something here extracting the has because it takes a lot less time cracking a hash than the full .hccap. shame
could you please explain what hashcat uses and what its doing in brute force to crack the password
is there a faster way of cracking wpa/wpa2 wireless key 8d9bb4aee3 other than bruteforce on a dual core laptop was told evil twin ap
which is faster the above hashcat code or cat /dev/urandom| tr -dc 'abde3489' | fold -w 10| head -n 999999181801204736 | aircrack-ng -b 00:8A:AE:99:4F:E4 -w - BTHub3-MQZX.cap (1150.23 k/s)
keen2learn
RE: .cap hash extraction - keen2learn - 08-25-2014
sorry to be annoying but on to something else understanding hashes, i used the following:
./hashcat-cli32.bin -1 ABCDEFGHIJKLMNOPQRSTUVWXYZ -m (all below) --pw-min=8 --pw-max=8 -a3 hash ?1?1?1?1?1?1?1?1
10 = md5($pass.$salt)
20 = md5($salt.$pass)
30 = md5(unicode($pass).$salt)
40 = md5($salt.unicode($pass))
50 = HMAC-MD5 (key = $pass)
60 = HMAC-MD5 (key = $salt)
100 = SHA1
110 = sha1($pass.$salt)
120 = sha1($salt.$pass)
130 = sha1(unicode($pass).$salt)
140 = sha1($salt.unicode($pass))
150 = HMAC-SHA1 (key = $pass)
160 = HMAC-SHA1 (key = $salt)
and i get
Skipping line: <44hex hash removed by epixoip> (separator unmatched)
what does (separator unmatched) mean relating to the above hash types
if possible can someone tell me what hash type/types it could be help narrow it down
thanks
keen2learn
RE: .cap hash extraction - epixoip - 08-25-2014
you are specifying a salted hash mode without supplying the hash and salt in "hash
alt" format. it looks like you are just concatenating the salt with the hash.
RE: .cap hash extraction - undeath - 08-25-2014
(08-22-2014, 08:32 PM)keen2learn Wrote: throught i was so on to something here extracting the has because it takes a lot less time cracking a hash than the full .hccap. shame
you can trust the hashcat developers to attack a certain password storage algorithm in the fastest way possible. There are no possible "hacks" or tricks to make this faster (using hashcat) or to convert hash types. This is a very ignorant view on the whole process of hashcracking because it implies the developers (as well as the people developing PSA or cryptographic hashes) don't know what they are doing.
Assume you were right with your assumption: why would anyone try to crack a WPA handshake if he could just convert it to md5 or sha1 and crack it a thousand times faster? Why would anyone have bothered with coming up with the WPA handshake mechanism if the very same thing can be done a thousand times faster?
You're trying being "clever" here but I can assure you, there are people working on this who are a damn times more clever than you are. (please don't read this as an insult, these people are simply tits. esp atom, the hashcat main developer)
RE: .cap hash extraction - keen2learn - 08-26-2014
sorry if i offended you or the developers in any way not my intentions i was trying to be clever (a bit to clever for 13) leave it to u guys i think
thanks
keen2learn
RE: .cap hash extraction - undeath - 08-26-2014
Don't get me wrong, questioning established standards isn't wrong. However, randomly sprouting unreflected ideas is. If you want to give constructive comments and discussions you should read on about how things work. Don't try to make things better you have no idea about how they work.