11-20-2021, 04:48 PM
I am using ESP Hash Monster on a M5Stack Core2 to capture wlan packeks. I can easily capture lots of handshakes (all four messages) and occasionaly a PMKID as well. When I attempt to convert these captures to a Hashcat accepted format using hcxpcapngtool, I always get the message that frames are missing.
What exact frames do I need in order to crack a WPA2 PSK? More than the 4-way handshake and/or PMKID?
What exactly is meant by the "total/useless/best" output, and how can the PMKID be both useless and best?
Yes, these questions are not specifically Hashcat-related and they are newb for sure, so I appreciate a nudge in the right direction, or someone to point out what it is I am obviously missing. I've tried to find answers in the documentation but have come up empty so far.
Here is the output from the tool, which includes a four-way handshake, and a PMKID (I think):
summary capture file
--------------------
file name................................: 0001.pcap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 31.12.1969 19:29:03
timestamp maximum (GMT)..................: 01.01.1970 09:53:18
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11 (105)
endianess (capture system)...............: little endian
packets inside...........................: 1357
BEACON (total)...........................: 55
WPA encrypted............................: 27
EAPOL messages (total)...................: 1274
EAPOL RSN messages.......................: 1274
ESSID (total unique).....................: 28
EAPOLTIME gap (measured maximum usec)....: 666344089
EAPOL ANONCE error corrections (NC)......: working
REPLAYCOUNT gap (suggested NC)...........: 23
EAPOL M1 messages........................: 1061
EAPOL M2 messages........................: 57
EAPOL M3 messages........................: 116
EAPOL M4 messages........................: 40
EAPOL pairs (total)......................: 83
PMKID (total)............................: 1
PMKID (useless)..........................: 1
PMKID (best).............................: 1
Warning: missing frames!
This dump file contains no important frames like
authentication, association or reassociation.
That makes it hard to recover the PSK.
Warning: missing frames!
This dump file contains no undirected proberequest frames.
An undirected proberequest may contain information about the PSK.
That makes it hard to recover the PSK.
-----
I tried to attach the pcap but the forum doesn't allow them I guess.
What exact frames do I need in order to crack a WPA2 PSK? More than the 4-way handshake and/or PMKID?
What exactly is meant by the "total/useless/best" output, and how can the PMKID be both useless and best?
Yes, these questions are not specifically Hashcat-related and they are newb for sure, so I appreciate a nudge in the right direction, or someone to point out what it is I am obviously missing. I've tried to find answers in the documentation but have come up empty so far.
Here is the output from the tool, which includes a four-way handshake, and a PMKID (I think):
summary capture file
--------------------
file name................................: 0001.pcap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 31.12.1969 19:29:03
timestamp maximum (GMT)..................: 01.01.1970 09:53:18
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11 (105)
endianess (capture system)...............: little endian
packets inside...........................: 1357
BEACON (total)...........................: 55
WPA encrypted............................: 27
EAPOL messages (total)...................: 1274
EAPOL RSN messages.......................: 1274
ESSID (total unique).....................: 28
EAPOLTIME gap (measured maximum usec)....: 666344089
EAPOL ANONCE error corrections (NC)......: working
REPLAYCOUNT gap (suggested NC)...........: 23
EAPOL M1 messages........................: 1061
EAPOL M2 messages........................: 57
EAPOL M3 messages........................: 116
EAPOL M4 messages........................: 40
EAPOL pairs (total)......................: 83
PMKID (total)............................: 1
PMKID (useless)..........................: 1
PMKID (best).............................: 1
Warning: missing frames!
This dump file contains no important frames like
authentication, association or reassociation.
That makes it hard to recover the PSK.
Warning: missing frames!
This dump file contains no undirected proberequest frames.
An undirected proberequest may contain information about the PSK.
That makes it hard to recover the PSK.
-----
I tried to attach the pcap but the forum doesn't allow them I guess.