wpa2

[ZerBea]

Ok, thanks.
The command lines are ok.
Have you removed the old file "dumpfile.pcapng" before running hcxdumptool?
If not, hcxdumptool will create a new one with ending -x, where x is the number of tries. This prevent overwriting the old dump file and make sure that we store traffic from the current session with unique random values valid for this traffic.

Code:

first run:
$ sudo hcxdumptool -i wlan0 -o dumpfile.pcapng --active_beacon --enable_status=1
$ ls
dumpfile.pcapng

second run:
$ sudo hcxdumptool -i wlan0 -o dumpfile.pcapng --active_beacon --enable_status=1
$ ls
dumpfile.pcapng-0

third run:
$ sudo hcxdumptool -i wlan0 -o dumpfile.pcapng --active_beacon --enable_status=1
$ ls
dumpfile.pcapng-1

Have you removed the old file "hash.hc22000" before running hcxpcapngtool?
If not, all new hashes are appended to the damaged file.

To make sure, that you are not running on old files, I recommend to remove all files from your working directory, before doing a new attempt.


To make sure, your installation is ok, please run the example from here:
https://github.com/evilsocket/pwnagotchi...-598597214
This are the command lines:
$ wget https://github.com/evilsocket/pwnagotchi...nctest.zip
$ unzip -j nctest.zip
$ hcxpcapngtool -o eapol.22000 -E wordlist test.pcap
output should look like this:

Code:

$ hcxpcapngtool -o eapol.22000 -E wordlist test.pcap
hcxpcapngtool 6.2.7-1-g74374b3 reading from test.pcap...

summary capture file
--------------------
file name.................................: test.pcap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 06.02.2020 12:23:49
timestamp maximum (GMT)..................: 06.02.2020 12:24:52
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianess (capture system)...............: little endian
packets inside...........................: 6
packets received on 2.4 GHz..............: 5
ESSID (total unique).....................: 2
BEACON (total)...........................: 1
BEACON on 2.4 GHz channel (from IE_TAG)..: 5
PROBEREQUEST.............................: 1
EAPOL messages (total)...................: 4
EAPOL RSN messages.......................: 4
EAPOLTIME gap (measured maximum usec)....: 16624455
EAPOL ANONCE error corrections (NC)......: working
REPLAYCOUNT gap (suggested NC)...........: 62482
EAPOL M1 messages (total)................: 3
EAPOL M2 messages (total)................: 1
EAPOL pairs (total)......................: 1
EAPOL pairs (best).......................: 1
EAPOL pairs written to 22000 hash file....: 1 (RC checked)
EAPOL M12E2 (challenge)..................: 1

frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
2432: 5

$ hashcat -m 22000 --nonce-error-corrections=8 eapol.22000 wordlist
output should look similar to this:

Code:

hashcat (v6.2.5-400-gf31dcc5d1) starting
...
OpenCL info removed to keep the post small
...
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: eapol.22000
Time.Started.....: Tue Apr 26 23:30:15 2022 (0 secs)
Time.Estimated...: Tue Apr 26 23:30:15 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (wordlist)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:       30 H/s (1.41ms) @ Accel:8 Loops:256 Thr:512 Vec:1
Recovered.Total..: 1/1 (100.00%) Digests
Progress.........: 2/2 (100.00%)
Rejected.........: 1/2 (50.00%)
Restore.Point....: 0/2 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: v+#gqu5g9pqnp%+7jbf%2uex+8hlo3ms -> v+#gqu5g9pqnp%+7jbf%2uex+8hlo3ms
Hardware.Mon.#1..: Temp: 59c Fan: 36% Util: 46% Core:1885MHz Mem:5005MHz Bus:16
...

hashcat should have recovered the PSK:
Recovered.Total..: 1/1 (100.00%) Digests