Solved WPA2 Hash - but Password won't work
#1
I cracked a few WPA2 hashes with simple passwords (unknown to me when hashing began), but I am unable to use the passwords to log on to the WPA2 networks.


I wondered if there was something wrong, so I created a wordlist with the solved hashes and it cracked them again.
I even used coWPAtty on that wordlist and it cracked them again.


Could the problem be with my hashes? 
Could it be I am getting a hash collision?

It seems a collision is unlikely since one of the solved hashes was "password"
Reply
#2
I think it is much more likely that there are some further security measurements (like MAC address filtering) or that you type/input the password incorrectly (wrong configuration/setting/HEX vs preshared Key,ESSID wrong) etc.

No, collision is kinda ruled out... that would be very exceptional to say the least, forget about collision here!
Reply
#3
A captured handshake can be "validated" (it includes all 4 states, showing the password was correct) or not (meaning you just may have captured someone using the wrong password). Not sure whether hashcat shows it to you.

Also, there's obviously a chance the password was changed between the capture and your login attempt.
Reply
#4
(03-31-2017, 11:55 AM)magnum Wrote: A captured handshake can be "validated" (it includes all 4 states, showing the password was correct) or not (meaning you just may have captured someone using the wrong password). Not sure whether hashcat shows it to you.

Also, there's obviously a chance the password was changed between the capture and your login attempt.


You hit the nail on the head - I had forced a handshake capture by trying to join the network myself and typing in a possible idea. I realized this must be the problem because on one of them the "discovered" password was a word I knew I typed in to force a handshake.

The password attempt that I made was mistakenly found as the correct password. 

I didn't realize that was going to be a problem - guess you have to have a real client on the network and not fake it yourself.

PS - I had validated all of them before turning into hccapx with cowpatty to try to cut down on bad captures
Reply
#5
That is a new feature of hccapx to crack passwords captures from a Fake AP. See here for details: https://hashcat.net/forum/thread-6273.html

You can turn it off by forcing hashcat only to use the oldschool way by setting --hccapx-message-pair=2
Reply