11-17-2018, 09:55 PM
(11-17-2018, 11:22 AM)ZerBea Wrote: v4.pcapng looking good:
$ hcxpcaptool -o test.hccapx -z test.16800 v4.pcapng
reading from v4.pcapng
summary:
file name....................: v4.pcapng
file type....................: pcapng 1.0
file hardware information....: mips
file os information..........: Linux 3.18.84
file application information.: hcxdumptool 5.0.0
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: big endian
read errors..................: flawless
packets inside...............: 151
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 142
beacons (with ESSID inside)..: 3
probe requests...............: 4
probe responses..............: 8
association requests.........: 3
association responses........: 5
authentications (OPEN SYSTEM): 89
authentications (BROADCOM)...: 5
EAPOL packets................: 39
EAPOL PMKIDs.................: 5
best handshakes..............: 1 (ap-less: 1)
1 handshake(s) written to test.hccapx
5 PMKID(s) written to test.16800
inside of test.16800 is a PMKID from this network ESSID "shit wifi" and the PSK is not 123456789!
$ whoismac -p 07b4xxxx....xxxx*e84e06xxxxxx*f0a225c4c261*736869742077696669
ESSID..: shit wifi
MAC_AP.: e84e06xxxxxx
VENDOR.: EDUP INTERNATIONAL (HK) CO., LTD
MAC_STA: f0a225c4c261
VENDOR.: Private
From the -E option of hcxpcaptool I noticed that there is also an ESSID "Shit Wifi". Unfortunately we have no handshake and no PMKID from this network.
Strange, well I created multiple networks with the same password as I was having issues grabbing the handshake.
When I run the conversion I get this summary:
Code:
summary:
--------
file name....................: v4.pcapng
file type....................: pcapng 1.0
file hardware information....: mips
file os information..........: Linux 3.18.84
file application information.: hcxdumptool 5.0.0
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: big endian
read errors..................: yes
packets inside...............: 151
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 141
beacons (with ESSID inside)..: 3
probe requests...............: 4
probe responses..............: 8
association requests.........: 3
association responses........: 5
authentications (OPEN SYSTEM): 88
authentications (BROADCOM)...: 5
EAPOL packets................: 39
EAPOL PMKIDs.................: 5
best handshakes..............: 1 (ap-less: 0)
5 PMKID(s) written to v4.16800
I double checked and the password should be
123456789 however I could reset all the wifi and passwords to try a redump, but Im thinking the issue is much bigger then having a incorrect password, of course Im probably wrong haha