+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: hccapx Problem (/thread-6666.html)
hccapx Problem - Hedotensei - 06-24-2017
Hello every one , i capture a handshake with wifislax using handshaker
when i go to convert it Cap to hccapx i had this message :
Zero value timestamps detected in file: in/28216_1498269703.cap.
This prevents correct EAPOL-Key timeout calculation.
Do not use preprocess the capture file with tools such as wpaclean.
Please help me !
RE: hccapx Problem - ZerBea - 06-24-2017
cap2hccapx is working fine.
As far as I know, handshaker is a script that starts
several different tools to capture a handshake.
The result is a cleaned cap, containing only a beacon (or proberesponse)
and a handshake (mostly not replaycount checked) and a zero value
timestamp (00:00:00).
cap2hccapx is working on "uncleaned" caps (because there are much more important informations inside than in a cleaned cap).
Solution:
Do not use tools that cleans caps!!!!
RE: hccapx Problem - Hedotensei - 06-24-2017
(06-24-2017, 07:20 AM)ZerBea Wrote: cap2hccapx is working fine.
As far as I know, handshaker is a script that starts
several different tools to capture a handshake.
The result is a cleaned cap, containing only a beacon (or proberesponse)
and a handshake (mostly not replaycount checked) and a zero value
timestamp (00:00:00).
cap2hccapx is working on "uncleaned" caps (because there are much more important informations inside than in a cleaned cap).
Solution:
Do not use tools that cleans caps!!!!
thank you , but what i can use to capture the handshak ? .CAP files ?
RE: hccapx Problem - ZerBea - 06-24-2017
You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result).
RE: hccapx Problem - Hedotensei - 06-25-2017
(06-24-2017, 08:44 PM)ZerBea Wrote: You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result).
thanks dude
RE: hccapx Problem - Hedotensei - 06-26-2017
(06-24-2017, 08:44 PM)ZerBea Wrote: You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result).
dude , can you Show me how i use hcxtools , to capture and convert it ,
RE: hccapx Problem - ZerBea - 06-26-2017
No problem:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
-o -> your hccapx file (new hashes will be appended)
*.cap -> do this from all cap files (or *.pcap from all pcap files or *.pcapng from all pcapng files)
if RADIUS authentications are inside your cap:
-m -> iSCSI CHAP authentication, MD5(CHAP): use hashcat -m 4800
-n -> NetNTLMv1 authentication: use hashcat -m 5500
-u -> extract also user names, domain names or identities
wlancap2hcx is designed for use with wlandum-ng or wlanresponse.
To get full advantage of all options use this tools to capture!
Cheers
RE: hccapx Problem - Hedotensei - 06-27-2017
(06-26-2017, 09:21 PM)ZerBea Wrote: No problem:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
-o -> your hccapx file (new hashes will be appended)
*.cap -> do this from all cap files (or *.pcap from all pcap files or *.pcapng from all pcapng files)
if RADIUS authentications are inside your cap:
-m -> iSCSI CHAP authentication, MD5(CHAP): use hashcat -m 4800
-n -> NetNTLMv1 authentication: use hashcat -m 5500
-u -> extract also user names, domain names or identities
wlancap2hcx is designed for use with wlandum-ng or wlanresponse.
To get full advantage of all options use this tools to capture!
Cheers
thanks <3