Exactly this is the purpose of the MESSAGEPAIR field at the and of a WPA*02 line.
It will inform hashcat and the user about the kind of the hash and how to handle it.
Get all authenticated MESSAGEPAIRs:
Get all challenge MESSAGEPAIRs:
BTW:
Adding something like "challenge or authorized" to a hash line will produce overhead (especially if you have tons of hash lines). It take disc space and will make fread() slow.
Or use hcxhashtool on the hc22000 file:
To get information about the VENDOR, use hcxhashtool on the hc22000 file:
To get more information, use hcxpcapngtool -D option on the pcapng/pcap/cap file:
It will inform hashcat and the user about the kind of the hash and how to handle it.
Get all authenticated MESSAGEPAIRs:
Code:
$ cat hash.hc22000 | grep WPA.02 | grep 2$
Get all challenge MESSAGEPAIRs:
Code:
$ cat hash.hc22000 | grep WPA.02 | grep 1$
BTW:
Adding something like "challenge or authorized" to a hash line will produce overhead (especially if you have tons of hash lines). It take disc space and will make fread() slow.
Or use hcxhashtool on the hc22000 file:
Code:
--authorized : filter EAPOL pairs by status authorized (M2M3, M3M4, M1M4)
--challenge : filter EAPOL pairs by status CHALLENGE (M1M2, M1M2ROGUE)
--rc : filter EAPOL pairs by replaycount status checked
--rc-not : filter EAPOL pairs by replaycount status not checked
--apless : filter EAPOL pairs by status M1M2ROGUE (M2 requested from CLIENT)
To get information about the VENDOR, use hcxhashtool on the hc22000 file:
Code:
--info=<file> : output detailed information about content of hash file
not in combination with --vendor, --vendor-ap or --vendor-client
--info=stdout : stdout output detailed information about content of hash file
not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor=<file> : output detailed information about ACCESS POINT and CLIENT VENDORs
not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor-ap=<file> : output detailed information about ACCESS POINT VENDORs
not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor-client=<file> : output detailed information about ACCESS POINT VENDORs
not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor=stdout : stdout output detailed information about ACCESS POINT and CLIENT VENDORs
not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor-ap=stdout : stdout output detailed information about ACCESS POINT VENDORs
not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor-client=stdout : stdout output detailed information about ACCESS POINT VENDORs
not in combination with --vendor, --vendor-ap or --vendor-client
To get more information, use hcxpcapngtool -D option on the pcapng/pcap/cap file:
Code:
-D <file> : output device information list
format MAC MANUFACTURER MODELNAME SERIALNUMBER DEVICENAME UUID