New 22000 mode is USELESS GARBAGE
#8
"The hash provided in the test.pcapng.zip file was successfully cracked in the very same environment."
That means hcxpcapngtool and hashcat are working as expected.

You successfully attacked your target. That means, hcxdumptool is working as expected.

But you have to check your workflow!
You attacked the target AP
$ whoismac -m cc32e562b757
VENDOR: TP-LINK TECHNOLOGIES CO.,LTD. (UAA), unicast
Make sure, the PSK for this target is in your word list.

connected with this CLIENT:
$ whoismac -m b4cd274b31a1
VENDOR: HUAWEI TECHNOLOGIES CO.,LTD (UAA), unicast


But you converted a total different target
"Converting to hc22000"
and ran hashcat against it
$ whoismac -m 8c5bf06e6c46
VENDOR: ARRIS Group, Inc. (UAA), unicast

connected with this CLIENT:
$ whoismac -m fcc233f3f447
VENDOR: ASUSTek COMPUTER INC. (UAA), unicast

This target use a default PSK of 12 characters (0-9a-zA-Z). You will not be able to recover this PSK on CPU only if it is not inside the word list.

Please notice POCL is not the best choice running OpenCL tasks.

If you are new to hash mode 22000, it is a good idea to clean up your working directory, before starting hcxpcapngtool, because it will append everything to existing files, as mentioned at the end of --help:
Output is appended to existing files.
This is a wanted behavior, especially on headless web servers, but it could lead to situations as mentioned above.

hcxdumptool behavior is a little bit different. Because it use random values after starting, pcapng files will not be appended. Instead a sequential numbering will be appended if the file name is the same:
test.pcapng
test.pcapng-0
test.pcapng-1


hcxhashtool will give you an information about the converted hash file. That include MAC AP, MAC CLIENT and the hash itself.
Again we take the example from environment 1:
Code:
$ hcxhashtool -i test.hc22000 --info=stdout
SSID.......: TP-LINK_HASHCAT_TEST
MAC_AP.....: 6466b38ec3fc (TP-LINK TECHNOLOGIES CO.,LTD.)
MAC_CLIENT.: 225edc49b7aa (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 1
RC INFO....: NC suggested
MP M2M3 E2.: authorized
MIC........: 024022795224bffca545276c3762686f
HASHLINE...: WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2

@Atom , how about adding this example hash to:
https://hashcat.net/wiki/doku.php?id=example_hashes
in addition to the PMKID hash.
Reply


Messages In This Thread
RE: New 22000 mode is USELESS GARBAGE - by pdo - 05-28-2022, 09:03 PM
RE: New 22000 mode is USELESS GARBAGE - by ZerBea - 05-30-2022, 01:32 PM
RE: New 22000 mode is USELESS GARBAGE - by ZerBea - 05-30-2022, 06:29 PM
RE: New 22000 mode is USELESS GARBAGE - by ZerBea - 05-31-2022, 07:38 AM
RE: New 22000 mode is USELESS GARBAGE - by Snoopy - 05-31-2022, 10:52 AM
RE: New 22000 mode is USELESS GARBAGE - by ZerBea - 06-03-2022, 05:05 PM
RE: New 22000 mode is USELESS GARBAGE - by rk3y - 01-03-2023, 04:44 PM
RE: New 22000 mode is USELESS GARBAGE - by ZerBea - 01-03-2023, 06:55 PM
RE: New 22000 mode is USELESS GARBAGE - by rk3y - 01-03-2023, 07:00 PM
RE: New 22000 mode is USELESS GARBAGE - by ZerBea - 01-03-2023, 07:57 PM