How to view SSID of cracked PMKID (16800) PCAP?
#1
Hi all, 

I've got a grouped pcap file of about 11 Wifi PMKID captures. 

I've run this with Hashcat and cracked a couple with the below: 

Code:
./hashcat64 -m 16800 -o .\output\results.txt .\handshakes\all.pmkid .\wordlist\1stAttackWordlist.txt

The results in the output file are like: 

Code:
cf5ae152s57d97ba4336e13162f34ac7*807d1452c6e4*0ace1b4b5967*43616d616e64417269:P@ssw9rd
etc...
etc...

Why doesn't Hashcat save the SSID with it, or how can I tell what cracked hash belongs to which SSID? 

Any help appreciated. 
Cheers
Reply
#2
the SSID is within the output, CamandAri is the SSID

hint: hexadecimal
Reply
#3
(01-12-2020, 09:08 AM)philsmd Wrote: the SSID is within the output, CamandAri is the SSID

hint: hexadecimal

Ahh awesome thanks, yes I can see it if I convert it from hexadecimal to text. Would be nice if Hashcat added the SSID in plain text with the password at the end. 

But cheers, thanks for the help Smile
Reply
#4
Are you running an older version of hashcat?

$ hashcat -V
v5.1.0-1569-g74c1bf81+

potfile: PMK * ESSID : PSK
Code:
5b13d4babb3714ccc62c9f71864bc984efd6a55f237c7a87fc2151e1ca658a9d*ed487162465a774bfba60eb603a39f3a:hashcat!
That is exactly the result of the PBKDF2 calculation. It is no longer necessary to pay the price (PBKDF2 calculation time) again if we have a PMK. That will save us GPU time. Also, the calculated PMKs can be used on hashmode 2501, 16801 and 22001 in case we have hashes using the same SALT (ESSID). That will save us more GPU time.

outfile (-o) - only hexyfied if necessary, otherwise in ASCII: MAC_AP : MAC_STA : ESSID : PSK
Code:
4604ba734d4e:89acf0e761f4:$HEX[ed487162465a774bfba60eb603a39f3a]:hashcat!
That is human readable and contain detailed information about the content of the hash.
Reply