Hashcat + wlangenpmkocl how to convert back to plaintext ?
#35
(02-28-2021, 11:12 PM)ZerBea Wrote: Regarding your example, there is nothing to extract. It is a proprietary ESSID.
To get a feeling for PSKs in the clear, get this example:
https://github.com/evilsocket/pwnagotchi...nctest.zip
Decompress it, convert it and run hashcat:
Code:
$ hcxpcapngtool -o eapol.22000 -E wordlist test.pcap
$ hashcat -m 22000 --nonce-error-corrections=8 eapol.22000 wordlist
and you'll know what I mean.

Open the pcap with Wireshark and take a look at frame 2, to get a feeling how this frames could look like.
It wiil take a while, but I'm sure you'll get a sense for it.

Please notice:
The example is from a feature request and was converted to pcap format, because there are still some tools in the wildness which are not able to read the new pcapng format.
That does not apply to tools like Wireshark and tshark. They use pcapng as default format:
https://www.wireshark.org/docs/wsug_html...ction.html
https://wiki.wireshark.org/FileFormatReference

BTW:
It is definitely not a good idea to ignore this frames (e.g. by filter options) or to remove them from a capture file.
hcxpcapngtool will print a warning, if the absence of this frame types is detected:
https://hashcat.net/forum/thread-9908-po...l#pid51792

Ah thank you will read up on it now.
Confirmed your pmktool works from start to finish without any problems (5.10.0-k*ali3-amd64). That's a nice assembly line you've got there.
Now for the live exercise though. This time "I don't know the key" so I need to revert to the prior step to get that hash but this time once we get that hash string to put it through your tool. Meanwhile going to read the links you posted.
Reply


Messages In This Thread
RE: Hashcat + wlangenpmkocl how to convert back to plaintext ? - by pr0ph3t - 02-28-2021, 11:23 PM