hashcat Forum
hccapx Problem - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: hccapx Problem (/thread-6666.html)



hccapx Problem - Hedotensei - 06-24-2017

Hello every one , i capture a handshake with wifislax using handshaker 
when i go to convert it Cap to hccapx  i had this message : 

Zero value timestamps detected in file: in/28216_1498269703.cap.

This prevents correct EAPOL-Key timeout calculation.

Do not use preprocess the capture file with tools such as wpaclean.

Please help me !


RE: hccapx Problem - ZerBea - 06-24-2017

cap2hccapx is working fine.
As far as I know, handshaker is a script that starts
several different tools to capture a handshake.
The result is a cleaned cap, containing only a beacon (or proberesponse)
and a handshake (mostly not replaycount checked) and a zero value
timestamp (00:00:00).

cap2hccapx is working on "uncleaned" caps (because there are much more important informations inside than in a cleaned cap).

Solution:
Do not use tools that cleans caps!!!!


RE: hccapx Problem - Hedotensei - 06-24-2017

(06-24-2017, 07:20 AM)ZerBea Wrote: cap2hccapx is working fine.
As far as I know, handshaker is a script that starts
several different tools to capture a handshake.
The result is a cleaned cap, containing only a beacon (or proberesponse)
and a handshake (mostly not replaycount checked) and a zero value
timestamp (00:00:00).

cap2hccapx is working on "uncleaned" caps (because there are much more important informations inside than in a cleaned cap).

Solution:
Do not use tools that cleans caps!!!!

thank you , but what  i can use to capture the handshak ? .CAP files ?


RE: hccapx Problem - ZerBea - 06-24-2017

You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result).


RE: hccapx Problem - Hedotensei - 06-25-2017

(06-24-2017, 08:44 PM)ZerBea Wrote: You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result).

thanks dude


RE: hccapx Problem - Hedotensei - 06-26-2017

(06-24-2017, 08:44 PM)ZerBea Wrote: You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result).

dude , can you Show me how i use hcxtools , to capture and convert it ,


RE: hccapx Problem - ZerBea - 06-26-2017

No problem:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
-o -> your hccapx file (new hashes will be appended)
*.cap -> do this from all cap files (or *.pcap from all pcap files or *.pcapng from all pcapng files)

if RADIUS authentications are inside your cap:
-m -> iSCSI CHAP authentication, MD5(CHAP): use hashcat -m 4800
-n -> NetNTLMv1 authentication: use hashcat -m 5500
-u -> extract also user names, domain names or identities

wlancap2hcx is designed for use with wlandum-ng or wlanresponse.
To get full advantage of all options use this tools to capture!

Cheers


RE: hccapx Problem - Hedotensei - 06-27-2017

(06-26-2017, 09:21 PM)ZerBea Wrote: No problem:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
-o -> your hccapx file (new hashes will be appended)
*.cap -> do this from all cap files (or *.pcap from all pcap files or *.pcapng from all pcapng files)

if RADIUS authentications are inside your cap:
-m -> iSCSI CHAP authentication, MD5(CHAP): use hashcat -m 4800
-n -> NetNTLMv1 authentication: use hashcat -m 5500
-u -> extract also user names, domain names or identities

wlancap2hcx is designed for use with wlandum-ng or wlanresponse.
To get full advantage of all options use this tools to capture!

Cheers

thanks <3