Status: Exhausted when exact password is supplied
#1
Hi all,

Just wanted to run this past you to see if I am missing something here. I am trying to "hack" my own WiFi just to establish a workable baseline process.

First, I am collecting come hashes

Code:
sudo hcxdumptool -i wlan0 -o pmkid-dump --active_beacon --enable_status=15

Then I convert them to hashcat format
Code:
hcxpcapngtool pmkid-dump -o pmkid-only -E wordlist

And after that I run hashcat with only 1 character brute-force mask, specifying the rest of the password verbatim (assume the actual password is myAwesomePASS1):

Code:
hashcat -m 22000 pmkid-only -a 3 myAwesomePASS\?d

Yet hashcat output is:

Code:
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: pmkid-only
Time.Started.....: Thu Jan 13 10:38:31 2022 (0 secs)
Time.Estimated...: Thu Jan 13 10:38:31 2022 (0 secs)
Guess.Mask.......: myAwesomePASS?d [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........:      21 H/s (0.05ms) @ Accel:8 Loops:2 Thr:512 Vec:1
Recovered........: 3/5 (60.00%) Digests, 1/2 (50.00%) Salts
Progress.........: 20/20 (100.00%)
Rejected.........: 0/20 (0.00%)
Restore.Point....: 10/10 (100.00%)
Restore.Sub.#2...: Salt:1 Amplifier:0-1 Iteration:1-3
Candidates.#2....: myAwesomePASS1 -> myAwesomePASS5

Any pointers? Thanks!
Reply
#2
your file holds more than 1 salt which means you captured more than just your own wifi.

Recovered........: 3/5 (60.00%) Digests, 1/2 (50.00%) Salts

Check your potfile (open with a text editor of your choice) and you should see your passwords with your SSID in hex.
Reply
#3
(01-13-2022, 04:48 AM)slyexe Wrote: Recovered........: 3/5 (60.00%) Digests, 1/2 (50.00%) Salts

Gaaaah I'm blind! Thanks for that!
Reply
#4
By default options hcxdumptool will receive all and hcxpcapngtool will convert all.
Filtering of hashes has to be done later on after conversion to hc22000 either by hcxhashtool or by bash tools.
The hc22000 hash line is explained in section "Working with hash files", here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2

BTW:
That is hcxtools philosophy and I have good reasons to do it this way:
Everything that get lost on reception or conversion is lost forever.
Reply