The hash file is damaged and had not passed hashcat's integrity check.
Remove it, before you start a new attempt to convert from your dump file (pcapng, pcap, cap).
Please notice that hcxpcapngtool doesn't run an integrity check and append the new hashes to an existing file. If the existing file is damaged, the new one will be damaged, too.
That behavior is mentioned in --help:
Usually this problem occurs if you edit the hash file in a wrong way (adding white spaces, non xdigit characters, control characters, ... - yes, some editors will do this by default) or if you use 2 different options on the same file:
$ hcxpcapngtool -o hash.hc22000 -E hash.hc.22000
Double check your command line!
To check that hashcat is working as expected, get the hash from examples here
https://hashcat.net/wiki/doku.php?id=example_hashes
and store it to a hc22000 hash file (we use echo to do this job):
Now let's damage the hash file a little bit by appending a white space at the end of the hash line:
BTW:
Just take a look at both hash files. At first glance, the second one is looking fine, but "the devil is in the detail".
Remove it, before you start a new attempt to convert from your dump file (pcapng, pcap, cap).
Please notice that hcxpcapngtool doesn't run an integrity check and append the new hashes to an existing file. If the existing file is damaged, the new one will be damaged, too.
That behavior is mentioned in --help:
Code:
$ hcxpcapngtool --help
...
Output is appended to existing files.Usually this problem occurs if you edit the hash file in a wrong way (adding white spaces, non xdigit characters, control characters, ... - yes, some editors will do this by default) or if you use 2 different options on the same file:
$ hcxpcapngtool -o hash.hc22000 -E hash.hc.22000
Double check your command line!
To check that hashcat is working as expected, get the hash from examples here
https://hashcat.net/wiki/doku.php?id=example_hashes
and store it to a hc22000 hash file (we use echo to do this job):
Code:
$ echo "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***" > hash.hc22000
$ hashcat -m 22000 hash.hc22000 -a 3 hashcat!
hashcat (v6.2.5-428-gdf8af2d10) starting
...
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: hash.hc22000
Time.Started.....: Fri May 13 18:06:21 2022 (0 secs)
Time.Estimated...: Fri May 13 18:06:21 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 27 H/s (1.44ms) @ Accel:8 Loops:256 Thr:512 Vec:1
Recovered.Total..: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 63c Fan: 37% Util: 83% Core:1847MHz Mem:5005MHz Bus:16
Started: Fri May 13 18:06:19 2022
Stopped: Fri May 13 18:06:22 2022Now let's damage the hash file a little bit by appending a white space at the end of the hash line:
Code:
$ echo "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964*** " > hash.hc22000
$ hashcat -m 22000 hash.hc22000 -a 3 hashcat!
hashcat (v6.2.5-428-gdf8af2d10) starting
...
Hashfile 'hash.hc22000' on line 1 (WPA*01...4*686173686361742d6573736964*** ): Token encoding exception
No hashes loaded.
Started: Fri May 13 18:08:12 2022
Stopped: Fri May 13 18:08:12 2022BTW:
Just take a look at both hash files. At first glance, the second one is looking fine, but "the devil is in the detail".