Question regarding 22000 hashes
#6
Impossible means that this bit combinations are not coded in hcxpcapngtool. If you see this bit combination, something may have went wrong.

0x10 came from a hcxdumptool AP-LESS attack, because hcxdumptool requested this M2 from a CLIENT.
This is normal behavior, because, dependent on the options, hcxdumptool respond to every authentication attempt of a CLIENT and request as much as possible M2s (from which we can recover the PSK that was typed in or the PSK that is stored in e.g. the wpa_supplicant.conf of the CLIENT).
To identify this M1M2ROGUE EAPOLMESSAGEPAIRS later on (offline), bit 4 is set (AP-LESS attack).

Please notice:
hcxdumptool and hcxtools are analysis tools and M2s of CLIENTs are are ideal for analyses purpose.
Conversely, this means that the user of this tools should exactly know how to handle the output of them.
This applies to the attack options of hcxdumptool, the conversion options of hcxpcapngtool and the filter options of hcxhashtool.
Reply


Messages In This Thread
Question regarding 22000 hashes - by birdysan - 10-02-2021, 01:32 PM
RE: Question regarding 22000 hashes - by ZerBea - 10-02-2021, 02:09 PM
RE: Question regarding 22000 hashes - by birdysan - 10-02-2021, 02:55 PM
RE: Question regarding 22000 hashes - by ZerBea - 10-02-2021, 04:30 PM
RE: Question regarding 22000 hashes - by birdysan - 10-02-2021, 05:30 PM
RE: Question regarding 22000 hashes - by ZerBea - 10-02-2021, 06:26 PM