Posts: 2
Threads: 1
Joined: Jun 2024
Hello,
I'm extracting successful PCAP files off of my Pwnagotchi and converting them into .hc22000. I have tried multiple word lists and even inputted my own password I was trying to crack to see if hashcat can grab it from the list, no luck. Here is the specific code I am running with everything in the appropriate folders. I also am in the hashcat directory in power working straight from that folder.
Hashcat -m 22000 <.hc22000 pcap file> <.txt password list with my exact password>
Any input would be appreciated.
Posts: 1,024
Threads: 2
Joined: Jun 2017
06-07-2024, 08:29 AM
(This post was last modified: 06-07-2024, 09:07 AM by ZerBea.)
(06-07-2024, 05:47 AM)haroldjohn Wrote: Hello,
I'm extracting successful PCAP files off of my Pwnagotchi and converting them into .hc22000. I have tried multiple word lists and even inputted my own password I was trying to crack to see if hashcat can grab it from the list, no luck. Here is the specific code I am running with everything in the appropriate folders. I also am in the hashcat directory in power working straight from that folder.
Hashcat -m 22000 <.hc22000 pcap file> <.txt password list with my exact password>
Any input would be appreciated.
Does this example work for you?
hashcattest.zip (Size: 755 bytes / Downloads: 0)
Example is taken from
https://hashcat.net/wiki/doku.php?id=example_hashes
and converted to a cap .
Download example and extract it.
Convert it to a hc22000 file - use hashcat online converter or hcxpcapngtool
Run hashcat (hashcat -m 22000 hashfile.hc22000 -a 3 "hashcat!")
Expected result:
Code:
$ hashcat -m 22000 hashfile.hc22000 -a 3 "hashcat!"
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
024022795224bffca545276c3762686f:6466b38ec3fc:225edc49b7aa:TP-LINK_HASHCAT_TEST:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: hashcatsampel.hc22000
Time.Started.....: Fri Jun 7 08:23:29 2024 (0 secs)
Time.Estimated...: Fri Jun 7 08:23:29 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 57 H/s (0.64ms) @ Accel:8 Loops:256 Thr:256 Vec:1
Recovered........: 2/2 (100.00%) Digests (total), 2/2 (100.00%) Digests (new), 2/2 (100.00%) Salts
Progress.........: 2/2 (100.00%)
Rejected.........: 0/2 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 63c Util: 6% Core:1875MHz Mem:4001MHz Bus:8
Started: Fri Jun 7 08:23:25 2024
Stopped: Fri Jun 7 08:23:30 2024
If you have the same result:
Code:
the password already has been recoverd (use hashcat --show option to show it)
the password for the NETWORKs of the dump file is not in your word list
the dump file from pwnagotchi is crappy
If you have a different result:
Code:
either hashcat or the conversion tool is broken
Posts: 2
Threads: 1
Joined: Jun 2024
Quote: (06-07-2024, 05:47 AM)haroldjohn Wrote: Hello,
I'm extracting successful PCAP files off of my Pwnagotchi and converting them into .hc22000. I have tried multiple word lists and even inputted my own password I was trying to crack to see if hashcat can grab it from the list, no luck. Here is the specific code I am running with everything in the appropriate folders. I also am in the hashcat directory in power working straight from that folder.
Hashcat -m 22000 <.hc22000 pcap file> <.txt password list with my exact password>
Any input would be appreciated.
Does this example work for you?
Example is taken from https://hashcat.net/wiki/doku.php?id=example_hashes merge fruit
and converted to a cap .
Download example and extract it.
Convert it to a hc22000 file - use hashcat online converter or hcxpcapngtool
Run hashcat (hashcat -m 22000 hashfile.hc22000 -a 3 "hashcat!")
Expected result:
Code:
$ hashcat -m 22000 hashfile.hc22000 -a 3 "hashcat!"
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
024022795224bffca545276c3762686f:6466b38ec3fc:225edc49b7aa:TP-LINK_HASHCAT_TEST:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: hashcatsampel.hc22000
Time.Started.....: Fri Jun 7 08:23:29 2024 (0 secs)
Time.Estimated...: Fri Jun 7 08:23:29 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 57 H/s (0.64ms) @ Accel:8 Loops:256 Thr:256 Vec:1
Recovered........: 2/2 (100.00%) Digests (total), 2/2 (100.00%) Digests (new), 2/2 (100.00%) Salts
Progress.........: 2/2 (100.00%)
Rejected.........: 0/2 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 63c Util: 6% Core:1875MHz Mem:4001MHz Bus:8
Started: Fri Jun 7 08:23:25 2024
Stopped: Fri Jun 7 08:23:30 2024
If you have the same result:
Code:
the password already has been recoverd (use hashcat --show option to show it)
the password for the NETWORKs of the dump file is not in your word list
the dump file from pwnagotchi is crappy
If you have a different result:
Code:
either hashcat or the conversion tool is broken
Thanks for your answer. I got it.
Posts: 1
Threads: 0
Joined: Jun 2024
06-25-2024, 12:43 AM
(This post was last modified: 06-25-2024, 12:49 AM by thisiswhatitis.
Edit Reason: TITLE
)
CAN SOMEONE PLEASE HELP ME !!!!!!
i cant use hashcat a second time for any other hc22000 files with rockyou.txt , got a new pcap file and changed the password list name but everytime i run it shows my last session , ive tried everything , i unistaled hashcat and even wiped my computer it still remebers . i cant do anything only worled the 1st time and now wont let me try anything else . this is what i get
ETAL API (Metal 343.19)
========================
* Device #1: Apple M3, 2688/5461 MB, 8MCU
OpenCL API (OpenCL 1.2 (Apr 13 2024 11:09:23)) - Platform #1 [Apple]
====================================================================
* Device #2: Apple M3, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
INFO: All hashes found as potfile and/or empty entries! Use --show to display them.
Started: Mon Jun 24 18:36:44 2024
Stopped: Mon Jun 24 18:36:44 2024
mac@Macs-MacBook-Air hashcat %
Posts: 117
Threads: 1
Joined: Apr 2021
Relax lol. You can either use "--potfile-disable" or change your potfile path with "--potfile-path new.potfile"
