The format of WPA*02 is the same, but contain a MIC, an ANONCE and an EAPOL (usually M2) message instead of a PMKID. Many zeros are absolutely normal for an EAPOL message.
As I mentioned before, your hash file is damaged by what ever. Delete it and convert it again by hcxpcapngtool.
To find out if hcxpcaptool is working es expected get this example from here:
https://github.com/evilsocket/pwnagotchi...-598597214
Take a look at eapol.22000 and you'll see that it is a WPA*02 hash line and it contain many zeroes.
hashcat status will inform you that the PSK was successful recovered.
If that is working, you have to check your environment and your workflow, because something damage your hash files. Unfortunately this can have many causes.
As an alternative you can use hashcat online converter:
https://hashcat.net/cap2hashcat/
For a test, I uploaded "test.pcap" there and compared the results by diff:
As expected, both files are identical.
BTW:
The most common mistake for beginners (Linux newbees, working for the first time in a Linux terminal and running command line options) is using a wrong working directory. This will result in hashcat's warning "Separator unmatched":
Linux commands like pwd (show working directory) an ls (show content of the current directory) are helpful to check the working directory and the content of it.
As I mentioned before, your hash file is damaged by what ever. Delete it and convert it again by hcxpcapngtool.
To find out if hcxpcaptool is working es expected get this example from here:
https://github.com/evilsocket/pwnagotchi...-598597214
Code:
$ wget https://github.com/evilsocket/pwnagotchi/files/4328457/nctest.zip
$ unzip -j nctest.zip
$ hcxpcapngtool -o eapol.22000 -E wordlist test.pcap
$ hashcat -m 22000 --nonce-error-corrections=8 eapol.22000 wordlistTake a look at eapol.22000 and you'll see that it is a WPA*02 hash line and it contain many zeroes.
hashcat status will inform you that the PSK was successful recovered.
If that is working, you have to check your environment and your workflow, because something damage your hash files. Unfortunately this can have many causes.
As an alternative you can use hashcat online converter:
https://hashcat.net/cap2hashcat/
For a test, I uploaded "test.pcap" there and compared the results by diff:
Code:
$ diff eapol.22000 6381_1652513795.hc22000
$BTW:
The most common mistake for beginners (Linux newbees, working for the first time in a Linux terminal and running command line options) is using a wrong working directory. This will result in hashcat's warning "Separator unmatched":
Code:
$ hashcat -m 22000 not_exist.hc22000 wordlist
hashcat (v6.2.5-400-gf31dcc5d1) starting
...
Hash 'not_exist.hc22000': Separator unmatched
No hashes loaded.
Started: Sun May 15 08:10:58 2022
Stopped: Sun May 15 08:10:58 2022Linux commands like pwd (show working directory) an ls (show content of the current directory) are helpful to check the working directory and the content of it.