hashcat Forum
Understanding EAPOL 4-Way Handshake and PMKID cracking - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Understanding EAPOL 4-Way Handshake and PMKID cracking (/thread-9089.html)

Pages: 1 2


RE: Understanding EAPOL 4-Way Handshake and PMKID cracking - powermi - 04-01-2020

is automatic determined by default on Hashcat?

tried to hcxpcapng old hashes already broken, no difference running them against my dictionary with NC=0 or 8.

Thanks for the explanation.


RE: Understanding EAPOL 4-Way Handshake and PMKID cracking - ZerBea - 04-01-2020

nc is determined by the message_pair (last field in 22000 line):
Code:
bitmask for message pair field:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
3: x (unused)
4: ap-less attack (set to 1) - no nonce-error-corrections necessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary
Default nc for automatic is 0 (not necessary) or 8 (necessary).