hashcat Forum Support hashcat v
understanding wpa hashes

Threaded Mode
understanding wpa hashes
skypickle Offline
Junior Member
**
Posts: 4
Threads: 3
Joined: May 2021
#1
06-18-2021, 04:59 AM (This post was last modified: 06-18-2021, 05:41 AM by skypickle.)
I tried to test someĀ  handshakes that i captured but had no luck with hashcat. So I thought I would try them using https://www.onlinehashcrack.com/wpa

I submitted the pcap file but that site said:
"No valid EAPOL handshake or PMKID found in the submitted file."

I am new to testing this stuff. I captured some handshakes with a pwnagotchi and others using wifite.

How can I tell if the pcap file (or the converted hccapx file) is worth using against hashcat?
Find
Reply
ZerBea Offline
Moderator
*****
Posts: 1,042
Threads: 2
Joined: Jun 2017
#2
06-18-2021, 11:47 PM
Basic stuff/knowledge:
PMKID attack is described here
https://hashcat.net/forum/thread-7717.html

4way handshake is described here
https://www.wifi-professionals.com/2019/...-handshake

Open your dump file, by Wireshark and set eapol filter. Now you can see the 4way handhakes, if present in your dump file.

Use hcxpcapngtool to convert the hashes for use with hashcat:
$ hcxdumptool -o hash.22000 your_dumpfile

Than run hashcat:
$ hashcat -m 22000 hash.22000 your_wordlist
and take a look at the status output.

BTW:
hccapx is an old binary format and you shouldn't use it any longer.
Hash mode 22000 is supported by bettercap. pwnagotchi is based on bettercap, so this mode will work, too.
Find
Reply