Understanding EAPOL 4-Way Handshake and PMKID cracking
#11
is automatic determined by default on Hashcat?

tried to hcxpcapng old hashes already broken, no difference running them against my dictionary with NC=0 or 8.

Thanks for the explanation.
Reply
#12
nc is determined by the message_pair (last field in 22000 line):
Code:
bitmask for message pair field:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
3: x (unused)
4: ap-less attack (set to 1) - no nonce-error-corrections necessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary
Default nc for automatic is 0 (not necessary) or 8 (necessary).
Reply