Newbie - my try didn´t work for WPA
#5
There is no need to run hashcat on a VM. Your Windows version is doing this fine.

"So I need instruction to do it’s right to convert the .CAP file to a .HC2200 file".
This will do it:
Code:
$ hcxpcapngtool -o hash.hc22000 handshake.cap
You don't need the -E option on your cap file. It is useless because your very limited cap file doesn't contain this kind of frames.

If you got something like this:
Code:
EAPOL pairs written to combi hash file...: 17 (RC checked)
PMKID written to combi hash file.........: 9
hashcat can work on the converted hash file.


About the warnings after conversion:
The quality of the dump file depend on the tools you have used to attack the target and to capture the traffic.
hcxpcapngtool perform an analysis of the dump file to be converted and tell you what is missing inside the file.
If you received an ERROR or a WARNING from hcxpcapngtool, your tool to attack the target and to dump the traffic to a file or your entire attack procedure may have failed!
It is not a good idea to ignore or to filter out received packets within the reception branch. Missing frames cannot be restored. They are gone for ever. It looks like your tool (some useful frames are not stored to the dump file) or your attack procedure (wrong filter options) do not take care about this.
Unfortunately you haven't mentioned what tools you use for this purpose (attack and dump).
Please notice that a successful recovery of the PSK always starts with a successful attack of the target.

This ERROR:
Code:
failed to read pcap packet header for packet 1132
means that your dump tool terminated (hard) without closing the dump file in a correct way.
Not a good style, but if it is the last packet, you can ignore it.

The missing frame warning means that your dump tool doesn't store some useful frames (which can help to recover the PSK) to the dump file. That can be a failure of the dump tool or caused by too restricted filter options.

To get rid of all this Warnings, I recommend to think about your entire attack procedure.
A good idea is to use hcxdumptool that combine several attack modes:
Code:
$ hcxdumptool -i YOUR_INTERFACE -o dumpfile.pcapng --active_beacon --enable_status=95
as described here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2

Than convert to hc22000 file by hcxpcapngtool.
Filter your target by hcxhashtool.
Run hashcat on it.


BTW:
hcxdumptool and hcxtools are designed to work prefect in combination with hashcat.
This thread (read it backwards to get the latest information) will give you an overview how they are working:
https://hashcat.net/forum/thread-6661-page-72.html
Reply


Messages In This Thread
RE: Newbie - my try didn´t work for WPA - by ZerBea - 12-22-2021, 10:11 AM