Hashcat not cracking even though dictionary has the password (wifi wpa)
#1
Cap file attached password is: 68707095

Here are the issues:

I have my wpa hccapx file with valied handshake with 100% quality

I tried to crack the password for a test run. So, I tried in my wifi. The password was a 8 digit number. made a 858mb worldlist with 8digit numbers. The dictionary contained the password. But hashcat failed to crack it !


Dictionary Attack: (dictionary contains password)

command:

hashcat64.exe -m 2500 --self-test-disable test8.hccapx 8pass.txt
pause

result:

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: gfx902, 4048/7212 MB allocatable, 8MCU

Hashes: 3 digests; 2 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Salt
* Slow-Hash-SIMD-LOOP

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

Watchdog: Temperature abort trigger set to 90c

Dictionary cache hit:
* Filename..: 8pass.txt
* Passwords.: 100000000
* Bytes.....: 900000000
* Keyspace..: 100000000





Session..........: hashcat
Status...........: Running
Hash.Type........: WPA-EAPOL-PBKDF2
Hash.Target......: test8.hccapx
Time.Started.....: Sat Jun 22 19:13:00 2019 (12 secs)
Time.Estimated...: Sat Jun 22 19:50:17 2019 (37 mins, 5 secs)
Guess.Base.......: File (8pass.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    44691 H/s (10.92ms) @ Accel:128 Loops:32 Thr:64 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 524288/100000000 (0.52%)
Rejected.........: 0/524288 (0.00%)
Restore.Point....: 524288/100000000 (0.52%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:1-3
Candidates.#1....: 00524288 -> 00589823
Hardware.Mon.#1..: Util:65536% Core: 400MHz Mem:1500MHz Bus:16





Brute force Attack: (8digit number bruteforce which has the password)


command:

hashcat64.exe -m 2500 -a3 --self-test-disable test8.hccapx ?d?d?d?d?d?d?d?d
pause

result:


Session..........: hashcat
Status...........: Running
Hash.Type........: WPA-EAPOL-PBKDF2
Hash.Target......: test8.hccapx
Time.Started.....: Sat Jun 22 18:21:42 2019 (37 mins, 33 secs)
Time.Estimated...: Sat Jun 22 19:00:09 2019 (54 secs)
Guess.Mask.......: ?d?d?d?d?d?d?d?d [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    43351 H/s (11.48ms) @ Accel:64 Loops:16 Thr:256 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 97648640/100000000 (97.65%)
Rejected.........: 0/97648640 (0.00%)
Restore.Point....: 9699328/10000000 (96.99%)
Restore.Sub.#1...: Salt:0 Amplifier:5-6 Iteration:1328-1344
Candidates.#1....: 46226473 -> 47688683
Hardware.Mon.#1..: Util:65536% Core:1100MHz Mem:1500MHz Bus:16

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA-EAPOL-PBKDF2
Hash.Target......: test8.hccapx
Time.Started.....: Sat Jun 22 18:21:42 2019 (38 mins, 27 secs)
Time.Estimated...: Sat Jun 22 19:00:09 2019 (0 secs)
Guess.Mask.......: ?d?d?d?d?d?d?d?d [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    43347 H/s (3.30ms) @ Accel:64 Loops:16 Thr:256 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 100000000/100000000 (100.00%)
Rejected.........: 0/100000000 (0.00%)
Restore.Point....: 10000000/10000000 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:9-10 Iteration:1-3
Candidates.#1....: 68620297 -> 67646497
Hardware.Mon.#1..: Util:65536% Core: 400MHz Mem:1500MHz Bus:16

Started: Sat Jun 22 18:21:33 2019
Stopped: Sat Jun 22 19:00:11 2019


Attached Files
.zip   cap file.zip (Size: 69.15 KB / Downloads: 4)
Reply
#2
It's an AMD driver problem. Nothing you can't do. But that's why we've add the self-test to make you aware. For some reason you disabled it.
Reply
#3
To find out, what's going on, we also need the cap file (uncleaned). Please compress it with zip and attach it here.
Reply
#4
(06-22-2019, 03:31 PM)ZerBea Wrote: To find out, what's going on, we also need the cap file (uncleaned). Please compress it with zip and attach it here.


attached
Reply
#5
(06-22-2019, 03:30 PM)atom Wrote: It's an AMD driver problem. Nothing you can't do. But that's why we've add the self-test to make you aware. For some reason you disabled it.


hashcat (v5.1.0) starting...

ADL_Overdrive_Caps(): -8

ADL_Overdrive_Caps(): -8

ADL_Overdrive_Caps(): -8

ADL_Overdrive_Caps(): -8

ADL_Overdrive_Caps(): -8

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: gfx902, 4048/7212 MB allocatable, 8MCU

Hashes: 3 digests; 2 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Salt
* Slow-Hash-SIMD-LOOP

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

Watchdog: Temperature abort trigger set to 90c

* Device #1: ATTENTION! OpenCL kernel self-test failed.

Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver

Aborting session due to kernel self-test failure.

You can use --self-test-disable to override this, but do not report related errors.

Started: Sat Jun 22 19:41:00 2019
Stopped: Sat Jun 22 19:41:07 2019
Reply
#6
Yes, cap file and hccapx is ok:

$ hcxpcaptool -o test.hccapx test.cap
reading from test.cap
summary:
file name........................: test.cap
file type........................: pcap 2.4
file hardware information........: unknown
file os information..............: unknown
file application information.....: unknown
network type.....................: DLT_IEEE802_11 (105)
endianness.......................: little endian
read errors......................: flawless
packets inside...................: 9884
skipped packets (damaged)........: 0
packets with GPS data............: 0
packets with FCS.................: 0
beacons (total)..................: 1
probe responses..................: 37
association requests.............: 5
association responses............: 4
authentications (OPEN SYSTEM)....: 11
authentications (BROADCOM).......: 4
deauthentications................: 4605
action packets...................: 47
EAPOL packets (total)............: 43
EAPOL packets (WPA2).............: 43
best handshakes..................: 2 (ap-less: 0)

2 handshake(s) written to test.hccapx

I'm able to get the correct PSK (6*******) from both clients running
hcxpsktool --wpskeys | hashcat -m 2500 test.hccapx
within a few seconds. That worked also on your attached test8.hccapx

BTW:
How did you captured the handshake?
4605 deauthentications to get a single handshake looks a little bit oversized.
Reply
#7
(06-22-2019, 05:32 PM)ZerBea Wrote: Yes, cap file and hccapx is ok:

$ hcxpcaptool -o test.hccapx test.cap
reading from test.cap
summary:                                       
file name........................: test.cap
file type........................: pcap 2.4
file hardware information........: unknown
file os information..............: unknown
file application information.....: unknown
network type.....................: DLT_IEEE802_11 (105)
endianness.......................: little endian
read errors......................: flawless
packets inside...................: 9884
skipped packets (damaged)........: 0
packets with GPS data............: 0
packets with FCS.................: 0
beacons (total)..................: 1
probe responses..................: 37
association requests.............: 5
association responses............: 4
authentications (OPEN SYSTEM)....: 11
authentications (BROADCOM).......: 4
deauthentications................: 4605
action packets...................: 47
EAPOL packets (total)............: 43
EAPOL packets (WPA2).............: 43
best handshakes..................: 2 (ap-less: 0)

2 handshake(s) written to test.hccapx

I'm able to get the correct PSK (6*******) from both clients running
hcxpsktool --wpskeys | hashcat -m 2500 test.hccapx
within a few seconds. That worked also on your attached test8.hccapx

BTW:
How did you captured the handshake?
4605 deauthentications to get a single handshake looks a little bit oversized.



used fluxion to get the handshake
[/url]https://github.com/FluxionNetwork/fluxion

[url=https://github.com/FluxionNetwork/fluxion]
Reply
#8
Thanks for the info.
Reply