Cracking a password present in wordlist doesn't work

[ZerBea]

Take a look at the MESSAGEPAIR field of the EAPOL hash line (WPA*02) and the MESSAGEPAIR field of the PMKID hash line (WPA*01).


EAPOL MESSAGEPAIR field:
An EAPOL M1M2 (challenge) is a valid MESSAGEPAIR but this does not automatically imply that it belongs to the target NETWORK.
Make sure the EAPOL is authorized:

Code:

001 = M1+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed
010 = M2+M3, EAPOL from M2 (authorized)
101 = M3+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed

PMKID MESSAGEPAIR field:
A PMKID taken from the CLIENT does not automatically imply that it belongs to the target ACCESS POINT.
Make sure the PMKID is taken from the target ACCESS POINT:

Code:

1: PMKID taken from AP

To get MESSAGEPAIR field information of PMKIDs, hcxpcapngtool 6.3.1 is mandatory!


Explanation of the MESSAGE PAIR fields is here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2


Explanation of the 4way handshake is here:
https://medium.com/@alonr110/the-4-way-h...779a315a64


Please notice that hcxdumptool is acting as an ACCESS POINT (too) that accepts every challenge of a CLIENT (depending on how many connection attempts the CLIENT started hcxdumptool will get several challenges with possible different PreSharedKeys).
The only way to distinguish the hashes is by MESSAGEPAIR field.