+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Hash Mode question (/thread-9090.html)
Hash Mode question - ScTAE - 03-31-2020
Hello,
in the hash mode parameters list I see these:
2500 | WPA-EAPOL-PBKDF2 | Network Protocols
2501 | WPA-EAPOL-PMK | Network Protocols
16800 | WPA-PMKID-PBKDF2 | Network Protocols
16801 | WPA-PMKID-PMK | Network Protocols
What are the differences between them?
I used to get a WPA handshake in a .cap file with aircrack (disconnecting a user and waiting for his reconnection), convert it in a .hccap file an then run hashcat with hash mode 2500.
Are some of these hash easier/harder to get/crack?
Thank you.
RE: Hash Mode question - undeath - 03-31-2020
PMK modes are for SSID-specific lookup tables (poor man's rainbow table) and are generally only useful in very specific circumstances.
PMKID is a slightly different attack on WPA that is generally more robust but does not work with every router. For more info see here: https://hashcat.net/forum/thread-7717.html
Don't use aircrack. hcxtools are much more robust for capturing and extracting relevant data.
hccap is old and deprecated, a successor format is hccapx. The next stable version of hashcat (>5.1.0) will replace hccapx with a text-based format.
also see ZerBea's answer here: https://hashcat.net/forum/thread-9089.html