New hccapx format explained

[philsmd]

@c4pOne you should definitely make sure you are using the latest version of hashcat-utils (v1.5 or higher), because as you can read/see here https://github.com/hashcat/hashcat-utils/releases, the windows binaries had some minor problem related to the mingw compiler.

[abdou99]

Hi
i tested the hccapx structure on some precracked handshake
however, looking at the .hccapx hex, 0x08 expected to be 1, but it's 00
something must be wrong??

[philsmd]

@abdou99 If you are talking about this screenshot https://hashcat.net/wiki/hccapx#screenshot (you didn't say that explicitly), than you should read the section below the image:

authenticated | 0x08 | set to 1 if the handshake message 3 was part of the cap file, 0 instead means unauthenticated

that means, both values are possible and of course it depends if the authentication was successfull or not (that's why it is called "authenticated")

[abdou99]

@abdou99 If you are talking about this screenshot https://hashcat.net/wiki/hccapx#screenshot (you didn't say that explicitly), than you should read the section below the image:

authenticated | 0x08 | set to 1 if the handshake message 3 was part of the cap file, 0 instead means unauthenticated

that means, both values are possible and of course it depends if the authentication was successfull or not (that's why it is called "authenticated")

If you are saying that both values: 0 and 1 are crackable
so what's the news?
value = 0 ==> 50% Crackable
value = 1 ==> 100% Crackable

is that what are you referring to?

[atom]

If you are saying that both values: 0 and 1 are crackable
so what's the news?
value = 0 ==> 50% Crackable
value = 1 ==> 100% Crackable

is that what are you referring to?

He's not. Please read the entire thread carefully to understand what's going on here. We're dealing with a workaround, that requires a good understanding of the problem.

[c4p0ne]

@c4pOne you should definitely make sure you are using the latest version of hashcat-utils (v1.5 or higher), because as you can read/see here https://github.com/hashcat/hashcat-utils/releases, the windows binaries had some minor problem related to the mingw compiler.

Yes. That worked. The tiny few lines of code from 1.4 (which I was using) to 1.5 have allowed the outputting of .hccapx files with plenty of handshakes.... Although, during the parsing of large files I'm getting these hideous beeping sounds coming through my speakers.

[c4p0ne]

You know what'd be nice? If there were an option to output all handshakes in separate .hccapx files according to their SSID names. E.g. Kropotkin.hccapx (4 hs), Bakunin.hccapx (12 hs), Proudhon.hccapx (1 hs), etc. Just a thought.

[hawaii]

I've had this functionality scripted around `wpaclean` for a while -- it would be very nice to have it as a flag on cap2hccapx as it makes it easier to keep track of cap files.

[atom]

You can use the 3rd (optional) parameter of cap2hccapx to select a specific ESSID only.

[hawaii]

He wants a bulk dump. Feed in a single cap, get out 30 separate hccapx files named by SSID. This way you can manage individual network handshakes. If you have to combine them later, you're not running handshakes you've already exhausted and you can run handshakes from specific networks.

It's easily scripted, but it would be a nice function to have.