|
hccapx file not cracking
|
08-27-2019, 04:29 PM
I used aircrack to capture a handshake of my network. I ran cap2hccapx to convert the file. I created a dictionary file with the password for the wifi. I ran hashcat64 -m 2500 -a 0 capture.hccapx dictionary.txt. Although I know the password is in the dictionary file, hashcat does not crack the password. I also ran a BF on the file, but it won't crack that way either.
What am I doing wrong? 
08-27-2019, 04:47 PM
To answer what went wrong, we must take a closer look into the cap file. Please attach the cap file (zip compressed) and, if possible, some information about the tool which did the capturing.
08-27-2019, 05:11 PM
I used airodump-ng to capture the handshake along with the aireplay-ng -0 attack.
08-27-2019, 05:15 PM
Ok. Now we must follow the path from the content of the cap file up to the conversion to hccapx format. Therefore we need the cap file.
08-27-2019, 05:21 PM
Sorry, I thought I did that, but I didn't click the button. Here you go. I included the original cap file and the converted hccapx file.
Thanks. The cap file is ok and contain a complete handshake M1, M2, M3 and 4xM4 (zeroed SNONCE). cap2hccapx converted it correct.
Additional the M1 contain a valid PMKID and you can run hashcat -m 16800 against it. Next step is to make sure, OpenCL and/or CUDA isn't broken. What GPU do you use? What driver is installed? Also you can try the attached PMKID against your dictionary. Is the key recovered?
08-27-2019, 05:45 PM
I have two AMD R9-290X installed in my system. I am using Windows 10. I do get an error that OPENCL kernel self-test failed. Since I am cracking other password hashes, I guess I ignorantly assumed it would be ok to run it anyway.
My driver version is from 7/30/19 26.20.13001.25001
Ok, lets see if you're up to it:
Please download example 2500 hash from here: https://hashcat.net/misc/example_hashes/hashcat.hccapx Password: hashcat! copy password to your wordlist and run hashcat against it Is the password recovered? You can test also hashmode -m 16800 running the wordlist against this PMKID 2582a8281bf9d4308d6f5731d0e61c61*4604ba734d4e*89acf0e761f4*ed487162465a774bfba60eb603a39f3a Password: hashcat! Is the password recovered, too?
08-27-2019, 05:58 PM
Still no recovery. Should I be looking in the direction of a driver problem?
Here is the results: Session..........: hashcat Status...........: Exhausted Hash.Type........: WPA-EAPOL-PBKDF2 Hash.Target......: 8381533406003807685881523 (AP:ae:f5:0f:22:80:1c STA:98:7b:dc:f9:f9:50) Time.Started.....: Tue Aug 27 10:57:25 2019 (2 secs) Time.Estimated...: Tue Aug 27 10:57:27 2019 (0 secs) Guess.Base.......: File (testpass.txt) Guess.Queue......: 1/1 (100.00%) Speed.#1.........: 1 H/s (0.61ms) @ Accel:64 Loops:32 Thr:64 Vec:1 Speed.#2.........: 0 H/s (0.00ms) @ Accel:64 Loops:32 Thr:64 Vec:1 Speed.#*.........: 1 H/s Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts Progress.........: 2/2 (100.00%) Rejected.........: 1/2 (50.00%) Restore.Point....: 0/2 (0.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Restore.Sub.#2...: Salt:0 Amplifier:0-0 Iteration:0-32 Candidates.#1....: hashcat! -> hashcat! Candidates.#2....: [Copying] Hardware.Mon.#1..: Util: 9% Core:1050MHz Mem:1350MHz Bus:16 Hardware.Mon.#2..: Util: 0% Core:1000MHz Mem:1250MHz Bus:16
08-27-2019, 06:13 PM
Yes. Your driver is broken.
hashcat (v5.1.0-1397-g7f4df9eb) starting... Session..........: hashcat Status...........: Cracked Hash.Name........: WPA-EAPOL-PBKDF2 Hash.Target......: 8381533406003807685881523 (AP:ae:f5:0f:22:80:1c STA:98:7b:dc:f9:f9:50) Time.Started.....: Tue Aug 27 18:11:13 2019 (0 secs) Time.Estimated...: Tue Aug 27 18:11:13 2019 (0 secs) Guess.Mask.......: hashcat! [8] Guess.Queue......: 1/1 (100.00%) Speed.#1.........: 29 H/s (0.38ms) @ Accel:16 Loops:64 Thr:1024 Vec:1 Recovered........: 1/1 (100.00%) Digests Progress.........: 1/1 (100.00%) Rejected.........: 0/1 (0.00%) Restore.Point....: 0/1 (0.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: hashcat! -> hashcat! Hardware.Mon.#1..: Temp: 58c Fan: 40% Util: 55% Core:1860MHz Mem:5005MHz Bus:16 aef50f22801c:987bdcf9f950:8381533406003807685881523:hashcat! What is your hashcat version? |
|
« Next Oldest | Next Newest »
|
