Hello all.
Until now I have only tested WPA hashes, and they have been extracted from a airodump-ng's capture file using tshark or aircrack-ng (-J option).
I wanna go one step beyond, and in an effort to undestand and learning a bit of the inners of hash file extraction, I wanna strip (if possible) a real hash from a .cap WireShark's capture file.
I have captured those types of authentication:
- VNC (RealVNC).
- SSH2 (OpenSSH).
- SMB (connection to SAMBA server).
so I would like to know the way of obtaining a single hash from any of those .cap files.
Is there any automation for this task? Or can I copy&paste directly any data from some of the captured package/s?
I have tested EtterCap, TShark and Cain&Abel with no results. None of them seems to give a valid hash string.
Any ideas or URL to check for? I can post .cap files or some of their data if needed.
Thanks you a lot.
Until now I have only tested WPA hashes, and they have been extracted from a airodump-ng's capture file using tshark or aircrack-ng (-J option).
I wanna go one step beyond, and in an effort to undestand and learning a bit of the inners of hash file extraction, I wanna strip (if possible) a real hash from a .cap WireShark's capture file.
I have captured those types of authentication:
- VNC (RealVNC).
- SSH2 (OpenSSH).
- SMB (connection to SAMBA server).
so I would like to know the way of obtaining a single hash from any of those .cap files.
Is there any automation for this task? Or can I copy&paste directly any data from some of the captured package/s?
I have tested EtterCap, TShark and Cain&Abel with no results. None of them seems to give a valid hash string.
Any ideas or URL to check for? I can post .cap files or some of their data if needed.
Thanks you a lot.