05-07-2021, 11:21 AM (This post was last modified: 05-07-2021, 11:28 AM by StillBlue.)
(05-06-2021, 12:55 PM)x34cha Wrote: Are you using wget to download tge hccap from github? Are you downloading the github page on accident? Try uploading to transfer.sh and then wget the file in ssh.
hccapx was transferring to the instant fine as can be seen in a screenshot posted above. I did wonder if it was somehow getting corrupted enroute, but I don't think it was.
Thanks for the link to transfer.sh though, that looks very useful.
(05-06-2021, 11:38 PM)Snoopy Wrote: its late, but
in your screenshots the mode/kernel tells that the minimum and maximum length for the password is 64, so ot has to be length 64
if you look at examples for 2501 it tells: Password: a288fcf0caaacda9a9f58633ff35e8992a01d9c10ba5e02efdf8cb5d730ce7bc
so your given mask is way to short and i think hahscat just skips to try these short mask because it does not meet the required length
Interesting. I hadn't noticed that minimum password length bit. On my first screenshots thought when using 2500 I have minimum length of 8. Would that not be correct for my mask?
05-07-2021, 11:30 AM (This post was last modified: 05-07-2021, 11:33 AM by StillBlue.)
Actually, I think I see.
I had messed up my command?
Should have been:-
./hashcat -m 2500 handshake.hccapx -a 3 -1 ABCDEFGHJKMNPQRTUVWXY346789 ?1?1?1?1?1?1?1?1
So as you say, where I had missed the 1 off the end on my original command, the mask was too short so HC hasn't bothered as it's less than the minimum WPA2 password length.
I couldn't see my mistake no matter how hard I looked the other day. Feel a bit silly now, but at least it's put my mind to rest what was going on there.
if the examples work and your file not, the last thing i could think of is encoding problems with upload/download and linebreaks/linefeeds diffs between windows and linux, but this should not be the problem due to the binary-data (binary transfer shouldnt change anything)
if the examples work and your file not the last thing i could think of is encoding problems with upload/download and linebreaks/linefeeds diffs between windows and linux, but this should not be the problem due to the binary-data (binary transfer shouldnt change anything)
I have already tested the instance with the example hashes, and it worked fine with both.
On my local machine I was running hashcat in Windows 10, and it was happy working on that hccapx, for whatever reason the Linux version isn't. It's very odd though, as I captured it again with hcxdumptool and converted it to hccapx and that one wouldn't work in the instance either.
I did half wonder if somehow transferring it with github has messed it up.
try md5sum the file on linux and windows and see the results, like i said, binary data should not be altered when transfered between win<->*nix but who knows...
05-07-2021, 03:51 PM (This post was last modified: 05-07-2021, 04:14 PM by ZerBea.)
"Strange, I just recaptured, converted to hccapx using aircrack, uploaded to github, wget onto my instance, tried again, and still the same error.
Something strange is afoot here."
I suggest to convert to hashmode 22000 format (no longer binary format like deprecated hccapx format).
In addition to that, I suggest to use the PMKID: https://hashcat.net/forum/thread-7717.html
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
(05-07-2021, 03:51 PM)ZerBea Wrote: "Strange, I just recaptured, converted to hccapx using aircrack, uploaded to github, wget onto my instance, tried again, and still the same error.
Something strange is afoot here."
I suggest to convert to hashmode 22000 format (no longer binary format like deprecated hccapx format).
In addition to that, I suggest to use the PMKID: https://hashcat.net/forum/thread-7717.html
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Started: Fri May 7 16:10:53 2021
Stopped: Fri May 7 16:10:55 2021
Have given it a go on the website using that to convert the cap to hccapx and still the same issue, also tried hcxtools to convert the cap and still the same issue.
I will give HCXDumpTool a go in a bit and see if that makes any difference.
It's very strange that it works fine on my Windows setup (well did till the GPU gave out), but refuses to work on a cloud setup.
I will have another play, I have a few routers hanging around to test things out on.
Strangely this TalkTalk router doesn't ever seem to generate any PMKIDs, why that is I am unsure.
05-07-2021, 05:41 PM (This post was last modified: 05-08-2021, 09:14 AM by ZerBea.)
Have given it a go on the website using that to convert the cap to hccapx and still the same issue, also tried hcxtools to convert the cap and still the same issue.
Have you converted it to hash format 22000?
Have you run the 22000 example on the cracking machine?
Does the 22000 example work there?
Can you please send me a PM including the dumpfile or a download link to the dumpfile?
BTW1:
The new (non binary) hash format 22000 should make live easier to use hashfiles converted from WiFi traffic on websites/servers which doesn't accept a binary format. It allows to add the hash in the commandline.
This feature was added after issue report: https://github.com/hashcat/hashcat/issues/2742
by commit: https://github.com/hashcat/hashcat/commi...abe98195de
So, it is mandatory to use latest hashcat beta version to get benefit of it.
It works on PMKID (WPA*01*) and EAPOL (WPA*02*).
BTW2:
Although hcxdumptool/hcxtools are the recommended tools to be used in combination with hashcat, there are many other, very good tools you can use:
BTW3:
aircrack-ng is an excellent suite. It contain a nice script to set monitor mode and provide tools to capture traffic, to attack an AP and to recover the PSK - as long as you decide to stay inside the suite. If you decide to leave the suite (e.g. using the converted hash in combination with hashcat), I suggest to use one of the tools mentioned above.
(05-07-2021, 01:59 PM)Snoopy Wrote: try md5sum the file on linux and windows and see the results, like i said, binary data should not be altered when transfered between win<->*nix but who knows...
Ah, I think we have a winner. For whatever reason, wget(ting) from github appears to modify the file somehow.
