Optimizing WPA recovery
#1
Hi there
Got stuck on optimizing recovery process for multiple handshakes with the same ssid name.
I've read some forum posts here and got lost at all. Could anyone explain me in simple words is there any way to run recovery for multiple wpa/wpa2 items (with the same ssid) with no speed loss?
My sniffer spat out around 50 handshakes in a couple of weeks for the ap I need and I don't know now which one is correct. I tried Passcape utility and it was running at ~380 Kp/s on my gtx2060 for all of them simultaneously! But I need to do the same using the Hashcat. I know it has different modes for that. The question is how to automate loading an hccapx file with more than one items and run them all simultaneously with no speed loss? Any advice/link would be appreciated.

Thanks
P.S. Here's some scarce info how it works from the Passcape site. Lack of details though.
Reply
#2
you can simply concatenate hccapx files
Reply
#3
Thank you. So if I run 50 x hccapx file, it will take exactly the same time to go through all items as if for 1 x hccapx, right?
Reply
#4
The recommended way is to capture the network traffic with https://github.com/ZerBea/hcxdumptool and convert the capture to hashes with hcxpcapngtool of https://github.com/ZerBea/hcxtools .

The new -m 22000 hash type, which is currently only available in beta at the moment of this writing (https://hashcat.net/beta/), has many advantages and uses a different hash format (it's not the hccapx format).

In theory, hcxpcapngtool can help you filter out "hashes" that aren't good or not belonging to a certain network etc.
If the hashes all belong to the same ESSID (network name) the speed shouldn't suffer too much... but if hcxtools report that a specific hash/message-pair is valid and has all the handshakes done correctly, the hash should be alright and the hash should be crackable (because we know the AP accepted the password). This means in such a case, a single hash would be enough, i.e. it doesn't help much if you have multiple hashes for the same network if we have one valid/complete handshake capture (and corresponding -m 22000 hash).

BTW: the -m 22000 is a very clever/new kernel which is able to combine multiple "attacks" and avoids duplicate work etc. It's very optimized (like all hashcat kernels)
Reply
#5
Thanks a lot, Phil! Seems that it's a full clone of the passcape's supermode (or whatever called) and it is exactly what I need.
Reply