hashcat Forum Misc General Talk v
Question about hccapx file

Thread Closed 
Threaded Mode
Question about hccapx file
veggiebiker2500 Offline
Junior Member
**
Posts: 9
Threads: 3
Joined: Apr 2018
#1
06-01-2018, 06:32 PM (This post was last modified: 06-01-2018, 06:33 PM by veggiebiker2500.)
For example,
Lets say I have a hccapx file with 5 handshakes from the same network (ssid/salt) and I have a wordlist that contains the correct WPA passcode....

Would hashcat crack the password faster if I removed 4/5 handshakes from the hccapx file? And if so, what's an easy method to remove the excess handshakes?
Find
Mem5 Offline
Posting Freak
*****
Posts: 803
Threads: 135
Joined: Feb 2011
#2
06-03-2018, 04:25 PM
I am not aware of a tool to edit hccapx.
Have a try with the philsmd's repo https://github.com/philsmd?tab=repositories
Find
royce Offline
Moderator à la mode
******
Posts: 929
Threads: 4
Joined: Jan 2015
#3
06-04-2018, 03:40 AM
I *think* you can do something along those lines with hcxtools?

https://github.com/ZerBea/hcxtools
~
Find
RealEnder Offline
Junior Member
**
Posts: 23
Threads: 1
Joined: Sep 2011
#4
06-04-2018, 07:14 AM
You can remove some handshakes with hcxtools or with any other tool, that can work with binary data, but how do you know what handshakes to remove? If there is a forced one (AP-less), you can use that without nonce correction and this might be your best bet.
If you have the same essid, PMK for each password candidate over all handshakes is computed only once and this is the heaviest part. Depending on nonce correction you're using, speed loss will be negligible with 1 vs 5 handshakes.
Find
veggiebiker2500 Offline
Junior Member
**
Posts: 9
Threads: 3
Joined: Apr 2018
#5
06-04-2018, 08:40 PM
(06-04-2018, 07:14 AM)RealEnder Wrote: You can remove some handshakes with hcxtools or with any other tool, that can work with binary data, but how do you know what handshakes to remove? If there is a forced one (AP-less), you can use that without nonce correction and this might be your best bet.
If you have the same essid, PMK for each password candidate over all handshakes is computed only once and this is the heaviest part. Depending on nonce correction you're using, speed loss will be negligible with 1 vs 5 handshakes.

I was hoping to remove all redundant handshakes with the same ssid, because I'm assuming they all tried the same WPA passcode. But you're saying hashcat doesn't do any extra calculations if the ssid of the 5 captures are the same?
Find
veggiebiker2500 Offline
Junior Member
**
Posts: 9
Threads: 3
Joined: Apr 2018
#6
06-04-2018, 08:44 PM
(06-04-2018, 03:40 AM)royce Wrote: I *think* you can do something along those lines with hcxtools?

https://github.com/ZerBea/hcxtools

I actually tried that tool in a The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) linux vm box but I couldn't get past the "makefile" command. It kept giving me errors
Find
walterlacka Offline
Member
***
Posts: 63
Threads: 10
Joined: Nov 2017
#7
06-05-2018, 02:49 PM
IIRC, I think I needed to add a library or something first.

If you poke around this forum, I think there may be a post that talks about this.
Find
Thread Closed