Plugins 2500/2501 and 16800/16801 are deprecated

[ZerBea]

The MESSAGEPAIR FIELD is a bitmask field.

Code:

bitmask of message pair field:
2,1,0:
000 = M1+M2, EAPOL from M2 (challenge)
001 = M1+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed
010 = M2+M3, EAPOL from M2 (authorized)
011 = M2+M3, EAPOL from M3 (authorized) - unused
100 = M3+M4, EAPOL from M3 (authorized) - unused
101 = M3+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed
3: reserved
4: ap-less attack (set to 1) - nonce-error-corrections not required
5: LE router detected (set to 1) - nonce-error-corrections required only on LE
6: BE router detected (set to 1) - nonce-error-corrections required only on BE
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections mandatory

Once you understand it, it's very easy to use:
There is only one challenge MESSAGEPAIR.
The remaining ones are authorized.

Let's exclude all challenges and get all other MESSAGEPAIR (authorized) combinations:

Code:

$ cat test.hc22000 | grep "$WPA\*02\*" | grep -v 0$ > all_authorized.hc22000

https://linuxconfig.org/bash-scripting-t...-beginners

There is absolutely no need to blow up a hash line with redundant information.

If you really can't read a messagepair field value, bash can make it more visual for you:

Code:

$ cat test.hc22000 | grep "$WPA\*02\*" | grep -v 0$ | sed -e 's/$/ authorized/' > visual_style.hc22000
$ cat test.hc22000 | grep "$WPA\*02\*" | grep 0$ | sed -e 's/$/ challenge/' > visual_style.hc22000

Before feeding hashcat with this line, remove the extension:

Code:

$ cat visual_style.hc22000 | sed -e 's/ authorized//' > hash.hc22000
$ cat visual_style.hc22000 | sed -e 's/ challenge//' > hash.hc22000