Hi kexec.
I see that you successfully converted it to hccapx using hcxpcaptool, so it is a bug in hashcat's cap2hccapx?
hcxpcaptool is completely different to other tools, so it will convert your cap.
And if you clean up your cap by wireshark (remove useless garbage), cap2hccapx will convert it, too:
$ ./cap2hccapx Madagaskar.pcap test.hccapx
Networks detected: 1
[*] BSSID=00:24:38:28:e7:c0 ESSID=Madagaskar (Length: 10)
--> STA=00:87:01:c8:f5:66, Message Pair=0, Replay Counter=1
Written 1 WPA Handshakes to: test.hccapx
And why you needed to pass a wordlist to hcxpcaptool if you converted it only?
We didn't pass a wordlist to hcxpcaptool. Instead we retrieved a possible list with passwords from hcxpcaptool (see readme about features).
In combination with hcxdumptool, we are able to retrieve passwords, identities, usernames and more from the WiFi traffic. You can pass this lists to hashcat (raw or modifed by rules).
If I understand correctly, if I have M1+M2 handshakes only (= unauthorized), then someone unsuccessfully attempted to connect to the wifi (with a wrong password). But I can still crack this used password, am I right?
Yes, you understand it correctly. M1 and M2 matches each other, so you are able to crack this hash - it is 100%valid but, in this case, unauthorized.
Sorry for noob questions, but i tried to compile hcxtools on KaliLinux, but ended up with an error:...
There are no stupid questions but only stupid answers!
From the readme:
To install requirements on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) use the following 'apt-get install libpcap-dev libcurl4-openssl-dev libssl-dev zlib1g-dev'
You should consider to install hcxpcaptool, too, because it's the successor of wlandump-ng (but requiere latest kernel and latest driver).
I see that you successfully converted it to hccapx using hcxpcaptool, so it is a bug in hashcat's cap2hccapx?
hcxpcaptool is completely different to other tools, so it will convert your cap.
And if you clean up your cap by wireshark (remove useless garbage), cap2hccapx will convert it, too:
$ ./cap2hccapx Madagaskar.pcap test.hccapx
Networks detected: 1
[*] BSSID=00:24:38:28:e7:c0 ESSID=Madagaskar (Length: 10)
--> STA=00:87:01:c8:f5:66, Message Pair=0, Replay Counter=1
Written 1 WPA Handshakes to: test.hccapx
And why you needed to pass a wordlist to hcxpcaptool if you converted it only?
We didn't pass a wordlist to hcxpcaptool. Instead we retrieved a possible list with passwords from hcxpcaptool (see readme about features).
In combination with hcxdumptool, we are able to retrieve passwords, identities, usernames and more from the WiFi traffic. You can pass this lists to hashcat (raw or modifed by rules).
If I understand correctly, if I have M1+M2 handshakes only (= unauthorized), then someone unsuccessfully attempted to connect to the wifi (with a wrong password). But I can still crack this used password, am I right?
Yes, you understand it correctly. M1 and M2 matches each other, so you are able to crack this hash - it is 100%valid but, in this case, unauthorized.
Sorry for noob questions, but i tried to compile hcxtools on KaliLinux, but ended up with an error:...
There are no stupid questions but only stupid answers!
From the readme:
To install requirements on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) use the following 'apt-get install libpcap-dev libcurl4-openssl-dev libssl-dev zlib1g-dev'
You should consider to install hcxpcaptool, too, because it's the successor of wlandump-ng (but requiere latest kernel and latest driver).