Plugins 2500/2501 and 16800/16801 are deprecated
#51
Exactly this is the purpose of the MESSAGEPAIR field at the and of a WPA*02 line.
It will inform hashcat and the user about the kind of the hash and how to handle it.

Get all authenticated MESSAGEPAIRs:
Code:
$ cat hash.hc22000 | grep WPA.02 | grep 2$

Get all challenge MESSAGEPAIRs:
Code:
$ cat hash.hc22000 | grep WPA.02 | grep 1$

BTW:
Adding something like "challenge or authorized" to a hash line will produce overhead (especially if you have tons of hash lines). It take disc space and will make fread() slow.

Or use hcxhashtool on the hc22000 file:
Code:
--authorized                 : filter EAPOL pairs by status authorized (M2M3, M3M4, M1M4)
--challenge                  : filter EAPOL pairs by status CHALLENGE (M1M2, M1M2ROGUE)
--rc                         : filter EAPOL pairs by replaycount status checked
--rc-not                     : filter EAPOL pairs by replaycount status not checked
--apless                     : filter EAPOL pairs by status M1M2ROGUE (M2 requested from CLIENT)

To get information about the VENDOR, use hcxhashtool on the hc22000 file:
Code:
--info=<file>                : output detailed information about content of hash file
                               not in combination with --vendor, --vendor-ap or --vendor-client
--info=stdout                : stdout output detailed information about content of hash file
                               not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor=<file>         : output detailed information about ACCESS POINT and CLIENT VENDORs
                               not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor-ap=<file>      : output detailed information about ACCESS POINT VENDORs
                               not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor-client=<file>  : output detailed information about ACCESS POINT VENDORs
                               not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor=stdout         : stdout output detailed information about ACCESS POINT and CLIENT VENDORs
                               not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor-ap=stdout      : stdout output detailed information about ACCESS POINT VENDORs
                               not in combination with --vendor, --vendor-ap or --vendor-client
--info-vendor-client=stdout  : stdout output detailed information about ACCESS POINT VENDORs
                               not in combination with --vendor, --vendor-ap or --vendor-client

To get more information, use hcxpcapngtool -D option on the pcapng/pcap/cap file:
Code:
-D <file> : output device information list
            format MAC MANUFACTURER MODELNAME SERIALNUMBER DEVICENAME UUID
Reply


Messages In This Thread
RE: Plugins 2500/2501 and 16800/16801 are deprecated - by ZerBea - 11-01-2021, 09:28 AM