05-07-2021, 05:35 PM
(05-07-2021, 03:51 PM)ZerBea Wrote: "Strange, I just recaptured, converted to hccapx using aircrack, uploaded to github, wget onto my instance, tried again, and still the same error.
Something strange is afoot here."
Do not use aircrack-ng to convert to hashcat formats, because aircrack-ng has several unfixed issues in detection of handshakes:
https://github.com/aircrack-ng/aircrack-ng/issues/2079
https://github.com/aircrack-ng/aircrack-ng/issues/2136
https://github.com/aircrack-ng/aircrack-ng/issues/1993
I suggest to convert to hashmode 22000 format (no longer binary format like deprecated hccapx format).
In addition to that, I suggest to use the PMKID:
https://hashcat.net/forum/thread-7717.html
Most of TALKTALK routers transmit a PMKID:
https://wpa-sec.stanev.org/?search=TALKTALK
example (PMKID in hashmode 22000) from:
https://hashcat.net/wiki/doku.php?id=example_hashes
Code:$ hashcat -m 22000 WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964*** -a 3 'hashcat!'
hashcat (v6.1.1-320-g9b7c2f8f5) starting...
CUDA API (CUDA 11.3)
====================
* Device #1: NVIDIA GeForce GTX 1080 Ti, 10905/11175 MB, 28MCU
OpenCL API (OpenCL 3.0 CUDA 11.3.101) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce GTX 1080 Ti, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 491 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: 4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747...-essid
Time.Started.....: Fri May 7 16:10:54 2021 (0 secs)
Time.Estimated...: Fri May 7 16:10:54 2021 (0 secs)
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 29 H/s (0.39ms) @ Accel:16 Loops:64 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 53c Fan: 38% Util: 46% Core:1733MHz Mem:5005MHz Bus:16
Started: Fri May 7 16:10:53 2021
Stopped: Fri May 7 16:10:55 2021
Have given it a go on the website using that to convert the cap to hccapx and still the same issue, also tried hcxtools to convert the cap and still the same issue.
I will give HCXDumpTool a go in a bit and see if that makes any difference.
It's very strange that it works fine on my Windows setup (well did till the GPU gave out), but refuses to work on a cloud setup.
I will have another play, I have a few routers hanging around to test things out on.
Strangely this TalkTalk router doesn't ever seem to generate any PMKIDs, why that is I am unsure.