(06-22-2023, 07:27 AM)Zeroc0ol82 Wrote: Yes if the handshake is not successful
sometimes, it says handhshake captured successfully but in reality
it might turn out to be a half handshake, incomplete
This is a good point - I went through the initial capture file with Wireshark and it was the case that there was only a partial handshake (but a returned PMKID). I just re-ran the attack and have verified that the full handshake has now been captured, and verified this through both a manual inspection and by running aircrack-ng to ensure it returned 'WPA (1 handshake, with PMKID)'.
... but then I ran it through hashcat again and all hashes were contained in the potfile!
Quote:Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
INFO: All hashes found as potfile and/or empty entries! Use --show to display them.
I am wondering if the network may have some kind of MAC filtering or other mode enabled, but I do not know how to probe for this (perhaps this is off topic). I mainly just want to get to the bottom of whether or not I should accept the password returned by hashcat as being the correct one.