Maybe a good idea to add an option to hashcat - [ Outfile Formats ] -
to print either the short form:
or the long form:
Most parts of the WPA*02* hash line are zeroed. To save disk space, for me, the short form is enough to identify and find the hash via MIC or PMKID running bash tools.
I strongly recommend to archive the pcapng files, because they contain much more information than a hash file.
Also you should know, that in case of hcxdumptool attacks neither MAC_AP, nor MAC_CLIENT, nor ANONCE, nor SNONCE, nor EAPOL data, nor PMKID nor MIC is unique!
We are talking about hash files > 1GB (and more).
That is the main reason why hashcat stores only the PBKDF2 data (PMK, ESSID, PSK) in the potfile. That will keep the potfile small in case of really big hash files. If you are experienced, the PBKDF2 result is all you need, because the PMK is uniq on a WPA1/WPA2/WPA2 keyver 3 network that uses this algo to calculate the PMK from a PSK.
Please read more here (why we came to this decision):
https://github.com/hashcat/hashcat/issues/1816
Please do not wonder about the low hash rate. I prefer running more machines with a single small and cheap GPU running smaller wordlists calculated by hcxtools, than one machine with 8 big GPUs running on an excessive wordlists downloaded from the internet.
BTW:
Please use the example hashes from here if you post an example:
https://hashcat.net/wiki/doku.php?id=example_hashes
because it is against the forum rules to comment real hashes
to print either the short form:
Code:
MIC/PMKID:MAC_AP:MAC_CLIENT:ESSID:PSKCode:
complete hash line:PSKMost parts of the WPA*02* hash line are zeroed. To save disk space, for me, the short form is enough to identify and find the hash via MIC or PMKID running bash tools.
I strongly recommend to archive the pcapng files, because they contain much more information than a hash file.
Also you should know, that in case of hcxdumptool attacks neither MAC_AP, nor MAC_CLIENT, nor ANONCE, nor SNONCE, nor EAPOL data, nor PMKID nor MIC is unique!
We are talking about hash files > 1GB (and more).
Code:
Session..........: hashcat
Status...........: Quit
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: db1.22000
Time.Started.....: Mon Dec 21 09:26:12 2020 (3 secs)
Time.Estimated...: Thu Dec 24 05:33:54 2020 (2 days, 20 hours)
Guess.Base.......: File (wl)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 188.0 kH/s (10.05ms) @ Accel:8 Loops:64 Thr:1024 Vec:1
Recovered........: 3578/649153 (0.55%) Digests, 6/205190 (0.00%) Salts
Remaining........: 645575 (99.45%) Digests, 205184 (100.00%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:21,1285,30860 (Min,Hour,Day)
Progress.........: 2855496/46122813390 (0.01%)
Rejected.........: 2462280/2855496 (86.23%)
Restore.Point....: 0/224781 (0.00%)
Restore.Sub.#1...: Salt:3 Amplifier:0-1 Iteration:0-6
Candidates.#1....: $HEX[0000000000000000] -> $HEX[533238303531393730]
Hardware.Mon.#1..: Temp: 41c Util: 94% Core:1905MHz Mem:4001MHz Bus:8
or
Session..........: hashcat
Status...........: Running
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: db2.22000
Time.Started.....: Mon Dec 21 09:27:18 2020 (1 sec)
Time.Estimated...: Sun Dec 27 20:27:44 2020 (6 days, 11 hours)
Guess.Base.......: File (wl)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 188.2 kH/s (10.04ms) @ Accel:8 Loops:64 Thr:1024 Vec:1
Recovered........: 0/1233439 (0.00%) Digests, 0/467282 (0.00%) Salts
Remaining........: 1233439 (100.00%) Digests, 467282 (100.00%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day)
Progress.........: 5738456/105036115242 (0.01%)
Rejected.........: 5607384/5738456 (97.72%)
Restore.Point....: 0/224781 (0.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:896-960
Candidates.#1....: $HEX[0000000000000000] -> $HEX[533238303531393730]
Hardware.Mon.#1..: Temp: 43c Util: 27% Core:1830MHz Mem:4001MHz Bus:8That is the main reason why hashcat stores only the PBKDF2 data (PMK, ESSID, PSK) in the potfile. That will keep the potfile small in case of really big hash files. If you are experienced, the PBKDF2 result is all you need, because the PMK is uniq on a WPA1/WPA2/WPA2 keyver 3 network that uses this algo to calculate the PMK from a PSK.
Please read more here (why we came to this decision):
https://github.com/hashcat/hashcat/issues/1816
Please do not wonder about the low hash rate. I prefer running more machines with a single small and cheap GPU running smaller wordlists calculated by hcxtools, than one machine with 8 big GPUs running on an excessive wordlists downloaded from the internet.
BTW:
Please use the example hashes from here if you post an example:
https://hashcat.net/wiki/doku.php?id=example_hashes
because it is against the forum rules to comment real hashes