understanding wpa hashes
#1
I tried to test someĀ  handshakes that i captured but had no luck with hashcat. So I thought I would try them using https://www.onlinehashcrack.com/wpa

I submitted the pcap file but that site said:
"No valid EAPOL handshake or PMKID found in the submitted file."

I am new to testing this stuff. I captured some handshakes with a pwnagotchi and others using wifite.

How can I tell if the pcap file (or the converted hccapx file) is worth using against hashcat?
Reply
#2
Basic stuff/knowledge:
PMKID attack is described here
https://hashcat.net/forum/thread-7717.html

4way handshake is described here
https://www.wifi-professionals.com/2019/...-handshake

Open your dump file, by Wireshark and set eapol filter. Now you can see the 4way handhakes, if present in your dump file.

Use hcxpcapngtool to convert the hashes for use with hashcat:
$ hcxdumptool -o hash.22000 your_dumpfile

Than run hashcat:
$ hashcat -m 22000 hash.22000 your_wordlist
and take a look at the status output.

BTW:
hccapx is an old binary format and you shouldn't use it any longer.
Hash mode 22000 is supported by bettercap. pwnagotchi is based on bettercap, so this mode will work, too.
Reply