Posts: 8
Threads: 1
Joined: Jun 2017
Hello every one , i capture a handshake with wifislax using handshaker
when i go to convert it Cap to hccapx i had this message :
Zero value timestamps detected in file: in/28216_1498269703.cap.
This prevents correct EAPOL-Key timeout calculation.
Do not use preprocess the capture file with tools such as wpaclean.
Please help me !
Posts: 1,042
Threads: 2
Joined: Jun 2017
cap2hccapx is working fine.
As far as I know, handshaker is a script that starts
several different tools to capture a handshake.
The result is a cleaned cap, containing only a beacon (or proberesponse)
and a handshake (mostly not replaycount checked) and a zero value
timestamp (00:00:00).
cap2hccapx is working on "uncleaned" caps (because there are much more important informations inside than in a cleaned cap).
Solution:
Do not use tools that cleans caps!!!!
Posts: 8
Threads: 1
Joined: Jun 2017
(06-24-2017, 07:20 AM)ZerBea Wrote: cap2hccapx is working fine.
As far as I know, handshaker is a script that starts
several different tools to capture a handshake.
The result is a cleaned cap, containing only a beacon (or proberesponse)
and a handshake (mostly not replaycount checked) and a zero value
timestamp (00:00:00).
cap2hccapx is working on "uncleaned" caps (because there are much more important informations inside than in a cleaned cap).
Solution:
Do not use tools that cleans caps!!!!
thank you , but what i can use to capture the handshak ? .CAP files ?
Posts: 1,042
Threads: 2
Joined: Jun 2017
You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result).
Posts: 8
Threads: 1
Joined: Jun 2017
(06-24-2017, 08:44 PM)ZerBea Wrote: You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result).
thanks dude
Posts: 8
Threads: 1
Joined: Jun 2017
(06-24-2017, 08:44 PM)ZerBea Wrote: You can use hcxtools to capture.
You can use wlancap2hcx to convert.
wlancap2hcx will give you a warning that the cap was cleaned, but will convert it (but expect not a good result).
dude , can you Show me how i use hcxtools , to capture and convert it ,
Posts: 1,042
Threads: 2
Joined: Jun 2017
06-26-2017, 09:21 PM
(This post was last modified: 06-26-2017, 09:25 PM by ZerBea.)
No problem:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
-o -> your hccapx file (new hashes will be appended)
*.cap -> do this from all cap files (or *.pcap from all pcap files or *.pcapng from all pcapng files)
if RADIUS authentications are inside your cap:
-m -> iSCSI CHAP authentication, MD5(CHAP): use hashcat -m 4800
-n -> NetNTLMv1 authentication: use hashcat -m 5500
-u -> extract also user names, domain names or identities
wlancap2hcx is designed for use with wlandum-ng or wlanresponse.
To get full advantage of all options use this tools to capture!
Cheers
Posts: 8
Threads: 1
Joined: Jun 2017
(06-26-2017, 09:21 PM)ZerBea Wrote: No problem:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
-o -> your hccapx file (new hashes will be appended)
*.cap -> do this from all cap files (or *.pcap from all pcap files or *.pcapng from all pcapng files)
if RADIUS authentications are inside your cap:
-m -> iSCSI CHAP authentication, MD5(CHAP): use hashcat -m 4800
-n -> NetNTLMv1 authentication: use hashcat -m 5500
-u -> extract also user names, domain names or identities
wlancap2hcx is designed for use with wlandum-ng or wlanresponse.
To get full advantage of all options use this tools to capture!
Cheers
thanks <3
