hashcat Forum
Cap file convert to hccapx HELP - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Cap file convert to hccapx HELP (/thread-8962.html)



Cap file convert to hccapx HELP - Uraniumhazee - 02-12-2020

İ cant convert this file to hccapx or  PMKID files

can some one help me?
i dont know how to use hcxtools

https://s2.dosya.tc/server12/021cqr/TurkTelekom_ZPUY9-C8-54-4B-59-41-68.cap.html

Thanks


RE: Cap file convert to hccapx HELP - Uraniumhazee - 02-12-2020

(02-12-2020, 06:06 PM)ZerBea Wrote: https://www.onlinehashcrack.com/tools-cap-to-hccapx-converter.php
running hcxtools!

This tool is under maintenance. Please note that the hccapx format is now DEPRECATED.
Sad


RE: Cap file convert to hccapx HELP - ZerBea - 02-12-2020

Ok, thanks.
Please note that the hccapx format is now DEPRECATED
-> I know: hccapx is a dinosaur (R.i.P)
https://github.com/hashcat/hashcat/issues/1816


RE: Cap file convert to hccapx HELP - skalderis - 02-12-2020

@Uraniumhazee
I think its against forum rules posting your hashes.

Code:
Zero value timestamps detected in file: TurkTelekom_ZPUY9-C8-54-4B-59-41-68.cap.
This prevents correct EAPOL-Key timeout calculation.
Do not use preprocess the capture file with tools such as wpaclean.

Edit: used cap2hccapx from hashcat-utils


RE: Cap file convert to hccapx HELP - ZerBea - 02-12-2020

@Uraniumhazee
Here you told us, that you're using wifislax:
https://hashcat.net/forum/thread-8959-post-47563.html#pid47563
This is the forum of wifislax:
https://foro.seguridadwireless.net/
Maybe it's a bug inside wifislax. I recommend to ask there, why the timestamps are zeroed and why some frames are not present in the cap file. Also it's a good idea to ask which tools are used, to identify what caused the issue exactly.
A zeroed timestamp is definitely a bug. Maybe the wifislax developer doesn't know about this issue.
If you like, please attach the warning from cap2hccapx (@skalderis) and the detailed warning from hcxpcapngtool:
Code:
$ hcxpcapngtool TurkTelekom_ZPUY9-C8-54-4B-59-41-68.cap
reading from TurkTelekom_ZPUY9-C8-54-4B-59-41-68.cap...

summary capture file
--------------------
file name................................: TurkTelekom_ZPUY9-C8-54-4B-59-41-68.cap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 01.01.1970 01:00:00
timestamp maximum (GMT)..................: 01.01.1970 01:00:00
link layer header type...................: DLT_IEEE802_11 (105)
endianess (capture system)...............: little endian
packets inside...........................: 3
BEACON (total)...........................: 1
EAPOL messages (total)...................: 2
EAPOL RSN messages.......................: 2
ESSID (total unique).....................: 1
EAPOLTIME gap (measured maximum usec)....: 4999998
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages........................: 1
EAPOL M2 messages........................: 1
EAPOL pairs (total)......................: 1
EAPOL pairs (best).......................: 1
EAPOL M12E2..............................: 1
PMKID (total)............................: 1
PMKID (best).............................: 1
packets with zeroed timestamps...........: 3

Warning: missing frames!
This dump file contains no important frames like
authentication, association or reassociation.
That makes it hard to recover the PSK.

Warning: missing frames!
This dump file contains no undirected proberequest frames.
An undirected proberequest may contain information about the PSK.
That makes it hard to recover the PSK.

Warning: missing frames!
This dump file doesn't contain enough EAPOL M1 frames.
That makes it impossible to calculate nonce-error-correction values.

Warning: missing timestamps!
This dump file contains frames with zeroed timestamps.
That prevent calculation of EAPOL TIMEOUT values.

as well as the warning from wpapcap2john (JtR):
Code:
$ wpapcap2john -vv TurkTelekom_ZPUY9-C8-54-4B-59-41-68.cap
**
** Warning: TurkTelekom_ZPUY9-C8-54-4B-59-41-68.cap seems to be processed with some dubious tool like
** 'wpaclean'. Important information may be lost.
**

as well as the result from muticapconverter:
Code:
$ ./multicapconverter.py --input=TurkTelekom_ZPUY9-C8-54-4B-59-41-68.cap --export=hcwpax --all
[!] No Networks found