cracking wpa2
#1
Exclamation 
Hi guys, im trying to crack my wifi network and see if its possible. I tried this https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
and also many other options with hashcat but every time i get to this command
"hashcat -m 22000 hash.hc22000 -a 3 ?d?d?d?d?d?d?d?d"
it ust doesnt work, every time i get this errors "Hash ´hash.hc22000´: Separator unmatched"
and "No hashes loaded."

I already looked if tools are working good, and also looked on hash and everything looks good, i think something is wrong with hashcat but im not sure

Thanks for any help
Reply
#2
The hash file is damaged and had not passed hashcat's integrity check.
Remove it, before you start a new attempt to convert from your dump file (pcapng, pcap, cap).
Please notice that hcxpcapngtool doesn't run an integrity check and append the new hashes to an existing file. If the existing file is damaged, the new one will be damaged, too.
That behavior is mentioned in --help:
Code:
$ hcxpcapngtool --help
...
Output is appended to existing files.

Usually this problem occurs if you edit the hash file in a wrong way (adding white spaces, non xdigit characters, control characters, ... - yes, some editors will do this by default) or if you use 2 different options on the same file:
$ hcxpcapngtool -o hash.hc22000 -E hash.hc.22000
Double check your command line!

To check that hashcat is working as expected, get the hash from examples here
https://hashcat.net/wiki/doku.php?id=example_hashes
and store it to a hc22000 hash file (we use echo to do this job):
Code:
$ echo "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***" > hash.hc22000
$ hashcat -m 22000 hash.hc22000 -a 3 hashcat!
hashcat (v6.2.5-428-gdf8af2d10) starting
...
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: hash.hc22000
Time.Started.....: Fri May 13 18:06:21 2022 (0 secs)
Time.Estimated...: Fri May 13 18:06:21 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:       27 H/s (1.44ms) @ Accel:8 Loops:256 Thr:512 Vec:1
Recovered.Total..: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 63c Fan: 37% Util: 83% Core:1847MHz Mem:5005MHz Bus:16

Started: Fri May 13 18:06:19 2022
Stopped: Fri May 13 18:06:22 2022

Now let's damage the hash file a little bit by appending a white space at the end of the hash line:
Code:
$ echo "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964*** " > hash.hc22000
$ hashcat -m 22000 hash.hc22000 -a 3 hashcat!
hashcat (v6.2.5-428-gdf8af2d10) starting
...
Hashfile 'hash.hc22000' on line 1 (WPA*01...4*686173686361742d6573736964*** ): Token encoding exception
No hashes loaded.

Started: Fri May 13 18:08:12 2022
Stopped: Fri May 13 18:08:12 2022

BTW:
Just take a look at both hash files. At first glance, the second one is looking fine, but "the devil is in the detail".
Reply
#3
Yes i tested this
$ echo "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***" > hash.hc22000
$ hashcat -m 22000 hash.hc22000 -a 3 hashcat!

and it works good


I also looked on the hashes, but im not sure where is problem my hash have WPA*02 and hash is long and have in it like 50 zeros
Reply
#4
The format of WPA*02 is the same, but contain a MIC, an ANONCE and an EAPOL (usually M2) message instead of a PMKID. Many zeros are absolutely normal for an EAPOL message.
As I mentioned before, your hash file is damaged by what ever. Delete it and convert it again by hcxpcapngtool.

To find out if hcxpcaptool is working es expected get this example from here:
https://github.com/evilsocket/pwnagotchi...-598597214
Code:
$ wget https://github.com/evilsocket/pwnagotchi/files/4328457/nctest.zip
$ unzip -j nctest.zip
$ hcxpcapngtool -o eapol.22000 -E wordlist test.pcap
$ hashcat -m 22000 --nonce-error-corrections=8 eapol.22000 wordlist

Take a look at eapol.22000 and you'll see that it is a WPA*02 hash line and it contain many zeroes.
hashcat status will inform you that the PSK was successful recovered.

If that is working, you have to check your environment and your workflow, because something damage your hash files. Unfortunately this can have many causes.


As an alternative you can use hashcat online converter:
https://hashcat.net/cap2hashcat/

For a test, I uploaded "test.pcap" there and compared the results by diff:
Code:
$ diff eapol.22000 6381_1652513795.hc22000
$
As expected, both files are identical.

BTW:
The most common mistake for beginners (Linux newbees, working for the first time in a Linux terminal and running command line options) is using a wrong working directory. This will result in hashcat's warning "Separator unmatched":
Code:
$ hashcat -m 22000 not_exist.hc22000 wordlist
hashcat (v6.2.5-400-gf31dcc5d1) starting
...
Hash 'not_exist.hc22000': Separator unmatched
No hashes loaded.

Started: Sun May 15 08:10:58 2022
Stopped: Sun May 15 08:10:58 2022

Linux commands like pwd (show working directory) an ls (show content of the current directory) are helpful to check the working directory and the content of it.
Reply
#5
sorry for late late response but i tryed everything over again and when im trying this command to conver dump """sudo hcxpcapngtool -o hash.hc22000 -E essidlist dumpfile.pcapng"""

i get error, it convert it but gives me error "not available due to missing radiotap header

thx for any help
Reply
#6
I think you mean this message:
Code:
frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
not available due to missing radiotap header

The tool that you used to dump the WiFi traffic removed the radiotap header, hcxpcapngtool detected the absence and told you that it is not possible to calculate a frequency statistic. That doesn't affect the conversion of the EAPOL messages to hc22000 format.
But if you would like to retrieve as much as possible information, I recommend to use a dump tool that doesn't remove this header.

A state of the art dump tool will provide this information and the output looks like this:
Code:
frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
2412: 2871     2417: 25     2422: 7116     2427: 19    
2432: 790      2437: 5536   2442: 24       2447: 14    
2452: 23       2457: 10     2462: 4005     2467: 1    
2472: 5


BTW:
There is no need to run hcxpcapngtool as super user (sudo).
Reply