skipping file: (null) (invalid eapol size)
#1
I'm using Unbuntu 18.04 ,and I finally have Hashcat up and working as far as I know, but I keep getting, Skipping file: (Null) (Invalid Eapol size). If the size of the file matters then one is 1.28 kb and the other is 786 bytes. The command I am using is Hashcat -m 2500 -a 0  /Home/my user name/the hccapx file/ /home/my user name/ crackstation.txt. The only thing I could find about this problem was that the file needed to be converted from .cap to hccapx I did that and I am still getting the skipping file null invalid eapol size message. What can I do to fix this?
Reply
#2
Sounds like your capture file (.cap) was cleaned with wpa_clean or is corrupt. I'd suggest looking at using hcxdumptool which is located @ https://github.com/ZerBea/ and use that to capture your data.
Reply
#3
TThank you for the suggestion I tried that but I cant get it to run on unbuntu 18.04. I did get hashcat working and no longer giving me that error. I got the latest on to install and work but the problem was it was running 2.00 instead of the new one. I got rid of 2.00 and now it works like a charm. Is there any other advice you could give me as to what to use? I am just starting out and everything I read says to use the same tools and a lot of them dont work. Any help would be greatly appreciated. Thank you again.
Reply
#4
hcxdumptool and hcxtools are working fine on UBUNTU 18.04 (as used here):
https://www.nomotion.net/blog/cracking-w...id-method/
and they will be official part in next UBUNTU versions (19.10):
https://packages.ubuntu.com/eoan/hcxdumptool
Reply
#5
I got it to work on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali), hope you get this and have an answer. First time I started  hcxdumptool it worked perfectly I thought I followed the guid I found exactly apparently I didnt because after I shut it down and went to run it again I cant get anything not a handshake nothing. The first time I kept getting my wifi also but after the first time I couldn't even get that. What is the exact command line I should use if you cant tell me that could you at least point me to a good source. The site for hcxdumptool is a little vague and not to clear at least not how I'm reading it, seems like there's 10 answers to the same question and none if them are right. Thanks again for the earlier info.
Reply
#6
On the first run, you need some steps to identify a suitable interface, to check driver and to check that packet injection is working. Also you must identify processes that interferes with hcxdumptool:
Identify interface:
$ hcxdumptool -I
wlan interfaces:
c83a35cb08e3 wlp3s0f0u11u1 (rt2800usb)

If you receive a warning like this:
warning: NetworkManager is running with pid 415
warning: wpa_supplicant is running with pid 515
stop this processes:
$ sudo systemctl stop NetworkManager.service
$ sudo systemctl stop wpa_supplicant.service

check driver
$ sudo hcxdumptool -i wlp3s0f0u11u1 --check_driver
starting driver test...
driver tests passed - all required ioctl() system calls are supported by driver
restoring old driver settings

check that packet injection is working (run it at least 13 * 5 seconds):
$ sudo hcxdumptool -i wlp3s0f0u11u1 --do_rcascan
INFO: cha=6, rx=351, rx(dropped)=0, tx=47, err=0, aps=21 (13 in range)

If the values increase and APs are in range, start your attack:
$ hcxdumptool -i wlp3s0f0u11u1 -o test.pcapng --enable_status=1
otherwise hcxdumptool will inform you that packet injection possible is not working as expected.

If you finished and hcxdumptool terminated, restart your processes
$ sudo systemctl start NetworkManager.service
$ sudo systemctl start wpa_supplicant.service

If hcxdumptool is not able to set monitor mode for example on this driver:
https://github.com/aircrack-ng/rtl8188eus
run ip link and iw before you start hcxdumptool:
$ sudo ip link set wlp3s0f0u11u1 down
$ sudo iw dev wlp3s0f0u11u1 set type monitor
$ sudo ip link set wlp3s0f0u11u1 up
$ sudo iw dev wlp3s0f0u11u1 info


BTW:
Most (nearly all) occurring issues are related to the driver (driver doesn't support monitor mode and full packet injection) and the system configuration (running services that take access to the interface).
The driver of your device must support both: monitor mode and full packet injection!
Otherwise hcxdumptool will fail!

Some of the issues are fixed:
https://bugzilla.kernel.org/show_bug.cgi?id=202241
https://bugzilla.kernel.org/show_bug.cgi?id=202243
https://github.com/openwrt/mt76/issues/2...-500999516

Some of them are partly fixed (or somebody is working on them):
https://github.com/aircrack-ng/rtl8812au/issues/376

Some of them are not fixed, yet:
https://bugzilla.kernel.org/show_bug.cgi?id=202541

Unfortunately many, many drivers do not support monitor mode and full packet injection. Get more information here:
https://wikidevi.com/wiki/Main_Page

For example, this driver will not support monitor mode:
https://lwn.net/Articles/786478/
Supported:
Basic STA/AP/ADHOC mode, and TDLS (STA is well tested)
so, no monitor mode on rtw88 at this point!

Last step is to convert your pcapng file using hcxpcaptool and run hashcat against the hashes:

get full advantage of hcxpcaptool (-E -I -U) in combination with hcxdumptool (attack vector PMKID, attack vector AP-LESS, attack vector EAP)

$ hcxpcaptool -o test.hccapx -E wordlist -I wordlist *.pcapng
reading from example1.pcapng
summary capture file:
file name........................: example1.pcapng
file type........................: pcapng 1.0
file os information..............: Linux 4.19.65-1-ARCH
file application information.....: hcxdumptool 5.1.7
network type.....................: DLT_IEEE802_11_RADIO (127)
endianness.......................: little endian
read errors......................: flawless
minimum time stamp...............: 19.10.2017 15:29:42 (GMT)
maximum time stamp...............: 19.10.2017 15:33:36 (GMT)
packets inside...................: 9
skipped packets (damaged)........: 0
packets with GPS data............: 0
packets with FCS.................: 0
association requests.............: 3
EAPOL packets (total)............: 5
EAPOL packets (WPA2).............: 5
EAP packets......................: 1
found............................: EAP type ID
best handshakes (total)..........: 1 (ap-less: 0)

summary output file(s):
1 handshake(s) written to test.hccapx
message pair M32E2...............: 1

reading from example2.pcapng
summary capture file:
file name........................: example2.pcapng
file type........................: pcapng 1.0
file hardware information........: armv6l
file os information..............: Linux 4.19.65-1-ARCH
file application information.....: hcxdumptool 5.1.7
network type.....................: DLT_IEEE802_11_RADIO (127)
endianness.......................: little endian
read errors......................: flawless
minimum time stamp...............: 11.08.2019 17:57:00 (GMT)
maximum time stamp...............: 11.08.2019 17:58:03 (GMT)
packets inside...................: 10
skipped packets (damaged)........: 0
packets with GPS data............: 0
packets with FCS.................: 0
beacons (total)..................: 2
probe requests...................: 1
association requests.............: 2
association responses............: 1
authentications (OPEN SYSTEM)....: 1
authentications (BROADCOM).......: 1
EAPOL packets (total)............: 3
EAPOL packets (WPA2).............: 3
best handshakes (total)..........: 1 (ap-less: 0)

summary output file(s):
1 handshake(s) written to test.hccapx
message pair M12E2...............: 1

reading from example3.pcapng
summary capture file:
file name........................: example3.pcapng
file type........................: pcapng 1.0
file os information..............: Linux 4.19.65-1-ARCH
file application information.....: hcxdumptool 5.1.7
network type.....................: DLT_IEEE802_11_RADIO (127)
endianness.......................: little endian
read errors......................: flawless
minimum time stamp...............: 26.05.2017 08:05:46 (GMT)
maximum time stamp...............: 26.05.2017 09:04:13 (GMT)
packets inside...................: 6
skipped packets (damaged)........: 0
packets with GPS data............: 0
packets with FCS.................: 0
beacons (total)..................: 2
probe responses..................: 2
EAPOL packets (total)............: 2
EAPOL packets (WPA2).............: 2
best handshakes (total)..........: 1 (ap-less: 1)

summary output file(s):
1 handshake(s) written to test.hccapx
message pair M12E2...............: 1

$ hashcat -m 2500 test.hccapx wordlist
hashcat (v5.1.0-1397-g7f4df9eb) starting...
Session..........: hashcat
Status...........: Cracked
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: test.hccapx
Time.Started.....: Mon Aug 26 15:40:07 2019 (1 sec)
Time.Estimated...: Mon Aug 26 15:40:08 2019 (0 secs)
Guess.Base.......: File (wordlist)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 613 H/s (3.05ms) @ Accel:16 Loops:512 Thr:64 Vec:1
Recovered........: 3/3 (100.00%) Digests, 3/3 (100.00%) Salts
Progress.........: 54/54 (100.00%)
Rejected.........: 0/54 (0.00%)
Restore.Point....: 0/18 (0.00%)
Restore.Sub.#1...: Salt:2 Amplifier:0-1 Iteration:0-1
Reply
#7
Thank you very much for your speedy reply and instructions I'm going to get right on it. I'm thinking i may have updated the driver and that's the problem. I know i did just cant remember if it was before or after the first run. It ran perfect the first time that's what I dont understand. But this helps a lot I know since it did run there's parts of this I can eliminate. I have hashcat working on one of the pmkid's I got yesterday before it stopped working. With in the first minute I had at least ten. It was working that well. Thanks again.
Reply
#8
Thank you so much thank you. I beat that dead horse for nine hours yesterday couldn't get it to start. It's running like a champ right now. Everything checked out perfect, killed the services checked the driver again no driver, restarted everything checked driver perfect went straight to the attack and it's running for so.e reason killing those processes is killing my wifi driver, it makes no sense but that's what's happening. All I know is your a genius and it's running. Might not be 100 percent the right but it's running and doing exactly as it should. Thank you again.
Reply
#9
That are good news. Thanks for the feedback.
Now start to capture (over a long time) and collect hcxpcaptool -E -I -U lists and -o -k hashfiles. At regular intervals run your hashes against this lists and
https://wpa-sec.stanev.org/dict/cracked.txt.gz
https://wpa-sec.stanev.org/dict/rkg.txt.gz
Alternative you can use wlancap2wpasec to upload your pcapng (cap/pcap) files to
https://wpa-sec.stanev.org/?nets
In that case they will be checked against this wordlists:
https://wpa-sec.stanev.org/?dicts
To reduce bandwith you can compress them using gzip:
1408032 test.pcapng
$ gzip test.pcapng
205437 test.pcapng.gz

Wireshark, tshark, hcxpcaptool will understand this.
For example this will show you the content of the pcapng file
$ tshark -r test.pcapng.gz

and that one all AP-LESS attacks:
$ tshark -r test.pcapng.gz -Y frame.comment -T fields -E header=y -e frame.number -e frame.time -e wlan.sa -e frame.comment

read more about this filters here:
https://www.wireshark.org/docs/dfref/f/frame.html

hcxdumptool and hcxpcaptool are 100% compatible to wireshark familiy.
Reply
#10
TThank you again most people arent very helpful. I'm going to get started on what you have supplied me with I'll let you know how it goes. One last question if you dont mind, I have been trying and failing over and over trying to apply a rule I'm putting in -r rules/best.64.rule and I keep being told rules/best.64.rule no such file or directory I've taken out the dots taken the s off of rules every combination I can think of and it still wont work. I'm reading it and copying it right from hashcat. Hashcat -m 16800 -a 0 pmkidhash99 rockyou.txt -w 3 -r rules/best.64.rule if I take out the rule it work I put it in or ?2?2 (that's just an example) and it doesnt work. Hate to keep bugging you. Tried stack exchange was having an issue with installing The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali). I recieved six messages criticizing the structure of my question, but not even a hint at the solution. I got it but how rediculos. Common problem apparently The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) 2019.2 has a boot issue no answers though aside from some driver thing that doesnt work. Anyway thanks again.
Reply