09-04-2022, 09:52 AM
Hello, I am having problem with cracking my own wi-fi network. Password has 11 characters and i made a custom list of chars that contain all characters needed in a plain text format with extension hcchr as it says in the documentation.
I used hcxdumptool for catching the handshake in .pcapng format and converted it to hc22000 for hashcat.
When I run the command
"hashcat.exe -a 3 -m 22000 --session pause -1 chars.hcchr hash.hc22000 ?1?1?1?1?1?1?1?1?1?1?1"
it works fine but when it finishes I get Exausted status, the output is below:
Session..........: pause
Status...........: Exhausted
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: hash.hc22000
Time.Started.....: Fri Sep 02 19:00:49 2022 (1 day, 5 hours)
Time.Estimated...: Sun Sep 04 00:31:41 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?1?1?1?1?1?1?1?1?1?1 [11]
Guess.Charset....: -1 chars.hcchr, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 380.1 kH/s (2.20ms) @ Accel:4 Loops:256 Thr:512 Vec:1
Recovered........: 0/4 (0.00%) Digests
Progress.........: 100000000000/100000000000 (100.00%)
Rejected.........: 0/100000000000 (0.00%)
Restore.Point....: 10000000000/10000000000 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:9-10 Iteration:3-7
Candidate.Engine.: Device Generator
Candidates.#1....: x4vppxvxvxv -> xxvxvxvxvxv
Hardware.Mon.#1..: Temp: 73c Fan: 95% Util: 95% Core:1919MHz Mem:7293MHz Bus:16
Also output of converted file is below:
summary capture file
--------------------
file name................................: dumpfile.pcapng
version (pcapng).........................: 1.0
operating system.........................: Linux 5.15.0-kali3-amd64
application..............................: hcxdumptool 6.2.7-11-g81e9aee
interface name...........................: wlan0
interface vendor.........................: 18cdb6
openSSL version..........................: 1.0
weak candidate...........................: 12345678
MAC ACCESS POINT.........................: 000ku404m836 (incremented on every new client)
MAC CLIENT...............................: abtg73bcbb1d
REPLAYCOUNT..............................: 64601
ANONCE...................................: e9436bfe1f19cb40ed99fa6cd9gh92b245871h7j14d260d9b895b9419c7f1
SNONCE...................................: 970de99c8e955n792648u5e135b40dfakt76j78c05e527cdf3330393654b7
timestamp minimum (GMT)..................: 30.08.2022 15:53:15
timestamp maximum (GMT)..................: 30.08.2022 15:57:40
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianness (capture system)...............: little endian
packets inside...........................: 2161
frames with correct FCS..................: 2137
packets received on 2.4 GHz..............: 2127
packets received on 5 GHz................: 10
ESSID (total unique).....................: 34
BEACON (total)...........................: 50
BEACON on 2.4 GHz channel (from IE_TAG)..: 1 4 5 6 8 11 13
BEACON on 5/6 GHz channel (from IE-TAG)..: 36 43
ACTION (total)...........................: 285
PROBEREQUEST.............................: 10
PROBEREQUEST (directed)..................: 4
PROBERESPONSE (total)....................: 26
AUTHENTICATION (total)...................: 34
AUTHENTICATION (OPEN SYSTEM).............: 33
AUTHENTICATION (unknown).................: 1
ASSOCIATIONREQUEST (total)...............: 7
ASSOCIATIONREQUEST (PSK).................: 7
REASSOCIATIONREQUEST (total).............: 1
REASSOCIATIONREQUEST (PSK)...............: 1
EAPOL messages (total)...................: 1720
EAPOL RSN messages.......................: 1623
EAPOL WPA messages.......................: 97
EAPOLTIME gap (measured maximum usec)....: 7283839
EAPOL ANONCE error corrections (NC)......: working
REPLAYCOUNT gap (suggested NC)...........: 3
EAPOL M1 messages (total)................: 1682
EAPOL M2 messages (total)................: 15
EAPOL M3 messages (total)................: 14
EAPOL M4 messages (total)................: 9
EAPOL pairs (total)......................: 32
EAPOL pairs (best).......................: 6
EAPOL ROGUE pairs........................: 2
EAPOL pairs written to 22000 hash file...: 6 (RC checked)
EAPOL M12E2 (challenge)..................: 2
EAPOL M32E2 (authorized).................: 4
PMKID (useless)..........................: 738
PMKID (total)............................: 445
PMKID (best).............................: 19
PMKID ROGUE..............................: 15
PMKID written to 22000 hash file.........: 19
frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
2322: 445 2453: 41 2443: 5 7257:602
2454 665 2487: 141 2475: 8 7332: 9
5232: 1 5247: 3 2476: 485 2482: 152
2481: 6 5151: 6 7251: 1 7253: 2
3174: 8
session summary
---------------
processed pcapng files................: 1
I also removed all data that is not related to my own wifi from the file.
What am i doing wrong? All chars needed are in the file "chars.hcchr" so i'm confused why dont hashcat simply bruteforce the pass for wi-fi. Any help appreciated
I used hcxdumptool for catching the handshake in .pcapng format and converted it to hc22000 for hashcat.
When I run the command
"hashcat.exe -a 3 -m 22000 --session pause -1 chars.hcchr hash.hc22000 ?1?1?1?1?1?1?1?1?1?1?1"
it works fine but when it finishes I get Exausted status, the output is below:
Session..........: pause
Status...........: Exhausted
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: hash.hc22000
Time.Started.....: Fri Sep 02 19:00:49 2022 (1 day, 5 hours)
Time.Estimated...: Sun Sep 04 00:31:41 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?1?1?1?1?1?1?1?1?1?1 [11]
Guess.Charset....: -1 chars.hcchr, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 380.1 kH/s (2.20ms) @ Accel:4 Loops:256 Thr:512 Vec:1
Recovered........: 0/4 (0.00%) Digests
Progress.........: 100000000000/100000000000 (100.00%)
Rejected.........: 0/100000000000 (0.00%)
Restore.Point....: 10000000000/10000000000 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:9-10 Iteration:3-7
Candidate.Engine.: Device Generator
Candidates.#1....: x4vppxvxvxv -> xxvxvxvxvxv
Hardware.Mon.#1..: Temp: 73c Fan: 95% Util: 95% Core:1919MHz Mem:7293MHz Bus:16
Also output of converted file is below:
summary capture file
--------------------
file name................................: dumpfile.pcapng
version (pcapng).........................: 1.0
operating system.........................: Linux 5.15.0-kali3-amd64
application..............................: hcxdumptool 6.2.7-11-g81e9aee
interface name...........................: wlan0
interface vendor.........................: 18cdb6
openSSL version..........................: 1.0
weak candidate...........................: 12345678
MAC ACCESS POINT.........................: 000ku404m836 (incremented on every new client)
MAC CLIENT...............................: abtg73bcbb1d
REPLAYCOUNT..............................: 64601
ANONCE...................................: e9436bfe1f19cb40ed99fa6cd9gh92b245871h7j14d260d9b895b9419c7f1
SNONCE...................................: 970de99c8e955n792648u5e135b40dfakt76j78c05e527cdf3330393654b7
timestamp minimum (GMT)..................: 30.08.2022 15:53:15
timestamp maximum (GMT)..................: 30.08.2022 15:57:40
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianness (capture system)...............: little endian
packets inside...........................: 2161
frames with correct FCS..................: 2137
packets received on 2.4 GHz..............: 2127
packets received on 5 GHz................: 10
ESSID (total unique).....................: 34
BEACON (total)...........................: 50
BEACON on 2.4 GHz channel (from IE_TAG)..: 1 4 5 6 8 11 13
BEACON on 5/6 GHz channel (from IE-TAG)..: 36 43
ACTION (total)...........................: 285
PROBEREQUEST.............................: 10
PROBEREQUEST (directed)..................: 4
PROBERESPONSE (total)....................: 26
AUTHENTICATION (total)...................: 34
AUTHENTICATION (OPEN SYSTEM).............: 33
AUTHENTICATION (unknown).................: 1
ASSOCIATIONREQUEST (total)...............: 7
ASSOCIATIONREQUEST (PSK).................: 7
REASSOCIATIONREQUEST (total).............: 1
REASSOCIATIONREQUEST (PSK)...............: 1
EAPOL messages (total)...................: 1720
EAPOL RSN messages.......................: 1623
EAPOL WPA messages.......................: 97
EAPOLTIME gap (measured maximum usec)....: 7283839
EAPOL ANONCE error corrections (NC)......: working
REPLAYCOUNT gap (suggested NC)...........: 3
EAPOL M1 messages (total)................: 1682
EAPOL M2 messages (total)................: 15
EAPOL M3 messages (total)................: 14
EAPOL M4 messages (total)................: 9
EAPOL pairs (total)......................: 32
EAPOL pairs (best).......................: 6
EAPOL ROGUE pairs........................: 2
EAPOL pairs written to 22000 hash file...: 6 (RC checked)
EAPOL M12E2 (challenge)..................: 2
EAPOL M32E2 (authorized).................: 4
PMKID (useless)..........................: 738
PMKID (total)............................: 445
PMKID (best).............................: 19
PMKID ROGUE..............................: 15
PMKID written to 22000 hash file.........: 19
frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
2322: 445 2453: 41 2443: 5 7257:602
2454 665 2487: 141 2475: 8 7332: 9
5232: 1 5247: 3 2476: 485 2482: 152
2481: 6 5151: 6 7251: 1 7253: 2
3174: 8
session summary
---------------
processed pcapng files................: 1
I also removed all data that is not related to my own wifi from the file.
What am i doing wrong? All chars needed are in the file "chars.hcchr" so i'm confused why dont hashcat simply bruteforce the pass for wi-fi. Any help appreciated