Posts: 4
Threads: 1
Joined: Oct 2020
10-24-2020, 02:27 PM
hello friends
I am new here and very happy to be.
I have a little question.
why hashcat dont stop the cracking work after finding the password ?
I searched for answers on the web but not finding anything.
I have a handshake for my ancien wifi router with 8 numbers password (28449430) and I liked to guessit with hashcat, so, I started to crack the handshake. it was successful BUT after hashcat found the password he continued the process of cracking. And finally, he displayed EXHAUSTED !!!!
very strange !! any explanation or solution please ..
hhhh.jpg (Size: 172.63 KB / Downloads: 6)
hhhfff.jpg (Size: 181.81 KB / Downloads: 7)
Posts: 2,267
Threads: 16
Joined: Feb 2013
10-24-2020, 03:45 PM
(This post was last modified: 10-24-2020, 03:47 PM by philsmd.)
It's because of the "Recovered" line, only 2 of 3 are found
Code:
Recovered........: 2/3 (66.67%) Digests
This could mean several things, but most likely that your file oor.hccapx doesn't contain only one network, but multiple.
In theory there could also be the case that you recorded a handshake that only deals with one specific network (and access point AP, if we oversimplify it a little bit) but the recorded handshake was recorded when somebody (or a device) used the wrong password or something like this.... so there are multiple scenarios. I'm pretty sure if you use the recommend way of capturing the network traffic with hcxdumptool / hcxtools a lot of incomplete and wrong handshakes are already identified and only the correct/meaninful ones are within the hccapx output. So you should probably use that way of capturing.
Of course you would need to analyze the .hccapx file (also see
https://hashcat.net/wiki/doku.php?id=hccapx and you could use hcxtools also here) to find out which (different ?!) networks are listed in the oor.hccapx file.
So hashcat has found 2 of 3 correct matches and therefore it's correct that it reports that NOT ALL of them are cracked and therefore it's exhausted with 2/3 cracked hashes.
Posts: 4
Threads: 1
Joined: Oct 2020
10-24-2020, 06:28 PM
(10-24-2020, 03:45 PM)philsmd Wrote: It's because of the "Recovered" line, only 2 of 3 are found
Code:
Recovered........: 2/3 (66.67%) Digests
This could mean several things, but most likely that your file oor.hccapx doesn't contain only one network, but multiple.
In theory there could also be the case that you recorded a handshake that only deals with one specific network (and access point AP, if we oversimplify it a little bit) but the recorded handshake was recorded when somebody (or a device) used the wrong password or something like this.... so there are multiple scenarios. I'm pretty sure if you use the recommend way of capturing the network traffic with hcxdumptool / hcxtools a lot of incomplete and wrong handshakes are already identified and only the correct/meaninful ones are within the hccapx output. So you should probably use that way of capturing.
Of course you would need to analyze the .hccapx file (also see https://hashcat.net/wiki/doku.php?id=hccapx and you could use hcxtools also here) to find out which (different ?!) networks are listed in the oor.hccapx file.
So hashcat has found 2 of 3 correct matches and therefore it's correct that it reports that NOT ALL of them are cracked and therefore it's exhausted with 2/3 cracked hashes.
thank you very much PHIL
you explain me a lot of the things
I will execute your advice and try the methods that you recommended to me
.
the way I use to capture handshake is The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) linux airodump-ng + aireplay-ng. is that a bad thing ??
is hcxdumptool better than airodump-ng ??
thank you again
Posts: 1,044
Threads: 2
Joined: Jun 2017
10-25-2020, 08:35 AM
(This post was last modified: 10-25-2020, 03:29 PM by ZerBea.)
Both suites (aircrack-ng and hcxdumptool/hcxtools) have advantages and disadvantages. So this question isn't easy to answer:
airodump-ng, besside-ng, wpaclean, and aireplay-ng are designed to get EAPOL handshakes and PMKIDs to be used by aircrack-ng and to get full benefit of aircrack-ng.
hcxdumptool/hcxtools is designed to be used by hashcat and JtR and to get full benefit of both of them.
I recommend to make up your own mind, by reading both git repositories:
https://github.com/aircrack-ng
https://github.com/ZerBea
Especially the issue section (issues: open and closed) will give you an answer about limitations of both tools.
In addition to that, you can get information about the features of both tools here:
https://forum.aircrack-ng.org/
https://hashcat.net/forum/thread-6661.html
And you can try the example (hash mode 22000) from here:
https://github.com/evilsocket/pwnagotchi...-598597214
The PMKID attack is described here:
https://hashcat.net/forum/thread-7717.html
Posts: 4
Threads: 1
Joined: Oct 2020
Ok ZerBea ! thankyou for your answer.
I will read those articles and then decide which tool is good.
thank you again
Posts: 1,044
Threads: 2
Joined: Jun 2017
Please share your experiences with with us and tell me, how you decided. I'm very interested in that, because it helps a lot to improve hcxdumptool/hcxtools as WiFi pre-processor to be used by hashcat and JtR.
Posts: 4
Threads: 1
Joined: Oct 2020
(10-27-2020, 08:38 AM)ZerBea Wrote: Please share your experiences with with us and tell me, how you decided. I'm very interested in that, because it helps a lot to improve hcxdumptool/hcxtools as WiFi pre-processor to be used by hashcat and JtR.
Ok my friend !!!!
this 2 months I am busy at work
; but after that I will return to wifi & The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and will post and share every experience and result here.
You are my hero
Posts: 1,044
Threads: 2
Joined: Jun 2017