hashcat
advanced password recovery

**ZerBea** · (This post was last modified: 04-26-2022, 02:40 PM by ZerBea.)

Got the hash via PM and analyzed it. There are non XDIGIT characters inside.
ANONCE data field is broken:
....75s48....
EAPOL data field is broken, too:
....614ss55d....
It should be XDIGITs only, but there is the character "s" inside.
Have you edited the file?
If not can I have the dump file to make sure the conversion tool haven't failed.

JamesIsLegend11 · (This post was last modified: 04-26-2022, 02:40 PM by JamesIsLegend11.)

No i didnt edit anything.

Idk why its broken cuz i did everything thats here https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2

**ZerBea** · (This post was last modified: 04-26-2022, 02:43 PM by ZerBea.)

Can I have the cap file, please?
Have you used the online service to convert it or hcxpcapngtool?

JamesIsLegend11 · 04-26-2022, 02:44 PM

im doing the whole process again like its here https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 so give me one sec

**ZerBea** · 04-26-2022, 02:48 PM

Ok.
You can delete the old hash file, because it is damaged.

JamesIsLegend11 · 04-26-2022, 04:44 PM

ok i did everything like here https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 with same tools and its still same

**ZerBea** · (This post was last modified: 04-26-2022, 05:16 PM by ZerBea.)

Have you used the online service (running an older version of hcxpcapngtool):
https://hashcat.net/cap2hashcat/
or hcxpcapngtool from git?

At the moment, I don't know why your hash file is damaged. Usually this could happen by editing it (search and replace function of the editor) by sed, by awk or by grep, but this is not the case, because you haven't edited it.
It also could happen during the download of the hash file from the online converter, if you use this service.

To make sure that it isn't a bug in hcxpcapngtool (that would be ugly, because I just released v 6.2.7):
Can I have the original cap file please?

JamesIsLegend11 · 04-26-2022, 05:54 PM

I used this tools from github
https://github.com/ZerBea/hcxtools

and did everything like in here
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2

**ZerBea** · (This post was last modified: 04-26-2022, 06:54 PM by ZerBea.)

I would really like to help you, but this

Code:
and did everything like in here

https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2

isn't very helpful for me to help you.

I know the wiki, because I initial wrote it (the beautiful style format was done by another user of this forum). It describe several ways to attack a target, to capture the traffic and to convert it to hash format 22000.
And it describe several ways to use hashcat on the hash file.

At the moment, I only know that the hash file is damaged (by whatever).
But to reproduce it, I need the dump file (cap, pcap, pcapng). Than I can walk step by step through the chain to find the issue.
Step by step means:
create an empty folder
cd into the folder
download the dump file to that folder
convert it by hcpcapngtool (hcxpcapngtool -o test.hc22000 dumpfile.pcapng)
run hashcat on that hash file (hashcat -m 22000 test.hc22000 -a 3 ?d?d?d?d?d?d?d?d)

If I run into the same issue, I have to fix hcxpcapngtool.
If not, either your installation is broken, your hardware is broken or your workflow is wrong.

BTW;
Do you know Albert Einstein and his definition of "insanity"?
https://ezinearticles.com/?Einstein---De...y&id=12047
I don't want to go this way. Instead I hunt step by step for the issue.

JamesIsLegend11 · 04-26-2022, 06:50 PM

i can tell you every command i used if it help

Login
Username/Email:
Password:	Lost Password?
	Remember me

hashcat advanced password recovery

hashcat
advanced password recovery