"Oh I see I have to chain them."
Yes!
The new has format (2200x) is plain HEX-ASCII. That means you will get a read able hashline (not binary hccap or hccapx).
Depending on the WiFi related filters of hcxpcapngtool, everything is converted to this hash format. WiFi related filters are filters that do not work on already converted hashes:
- filter by EAPOLTIME
- filter bei replaycount
- filter by information element (IE)
- filter by ESSID changes / damaged ESSIDs
This information is present in a cap/pcap file (and a pcapng contain much more information than a cap/pcap)
You can use Wireshark (convert by hand) or hcxpcapngtool.
After that process, we have a plain HEX ASCII hashfile, you can use hash related filters on:
- filter by ESSID
- filter by VENDOR
- filter by MAC
- filter by ....
You can use a text editor (by hand) or hcxhashtool.
If you get them by hand, you have to use hcxhashtool again to convert them to hccap.
Now we have the hashfile, which is the first file we have to feed to hashcat. For the second file (wordlist), you can use your own wordlist to feed hashcat or run hcxpsktool to generate a wordlist based on the hashfile.
We have tested this since the decision to add this new hashmode:
https://github.com/hashcat/hashcat/issues/1816
and JtR will implement it, too:
https://github.com/magnumripper/JohnTheR...ssues/4183
BTW:
I know this is hashcat forum, but for me it is amazing, that both coder (Atom and Magnum) working together, here!!!!!!!!
...and several other coder, too:
https://github.com/RealEnder/dwpa
https://github.com/kimocoder/wifite2
https://github.com/s77rt/multicapconverter
Yes!
The new has format (2200x) is plain HEX-ASCII. That means you will get a read able hashline (not binary hccap or hccapx).
Depending on the WiFi related filters of hcxpcapngtool, everything is converted to this hash format. WiFi related filters are filters that do not work on already converted hashes:
- filter by EAPOLTIME
- filter bei replaycount
- filter by information element (IE)
- filter by ESSID changes / damaged ESSIDs
This information is present in a cap/pcap file (and a pcapng contain much more information than a cap/pcap)
You can use Wireshark (convert by hand) or hcxpcapngtool.
After that process, we have a plain HEX ASCII hashfile, you can use hash related filters on:
- filter by ESSID
- filter by VENDOR
- filter by MAC
- filter by ....
You can use a text editor (by hand) or hcxhashtool.
If you get them by hand, you have to use hcxhashtool again to convert them to hccap.
Now we have the hashfile, which is the first file we have to feed to hashcat. For the second file (wordlist), you can use your own wordlist to feed hashcat or run hcxpsktool to generate a wordlist based on the hashfile.
We have tested this since the decision to add this new hashmode:
https://github.com/hashcat/hashcat/issues/1816
and JtR will implement it, too:
https://github.com/magnumripper/JohnTheR...ssues/4183
BTW:
I know this is hashcat forum, but for me it is amazing, that both coder (Atom and Magnum) working together, here!!!!!!!!
...and several other coder, too:
https://github.com/RealEnder/dwpa
https://github.com/kimocoder/wifite2
https://github.com/s77rt/multicapconverter