Why it cant crack my own hash
#1
I tried to crack my own hash. File xxx.hccapx contains 2 WPA hanshakes.
I pass first 3 sign of password to decrease time of process.
What am i doing wrong? I tried also with: -1 ?H

Code:
┌──(root💀The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))-[/home/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/Desktop]
└─# hashcat -m 2500 -a 3  xxx.hccapx R4T?H?H?H?H?H                                                            1 ⨯
hashcat (v6.1.1) starting...

OpenCL API (OpenCL 1.2 pocl 1.5, None+Asserts, LLVM 9.0.1, RELOC, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
=============================================================================================================================
* Device #1: pthread-Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz, 13587/13651 MB (4096 MB allocatable), 8MCU

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

Hashes: 2 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 66 MB

Approaching final keyspace - workload adjusted. 

Session..........: hashcat                     
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: WIFI NAME (AP:MAC1 STA:MAC2)
Time.Started.....: Wed Feb  3 20:42:30 2021 (1 min, 37 secs)
Time.Estimated...: Wed Feb  3 20:44:07 2021 (0 secs)
Guess.Mask.......: R4T?H?H?H?H?H [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    10809 H/s (11.50ms) @ Accel:256 Loops:256 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1048576/1048576 (100.00%)
Rejected.........: 0/1048576 (0.00%)
Restore.Point....: 1048576/1048576 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: R4TE16F7 -> R4T8F8F7
Reply
#2
1) pocl isn't the best choice - use Intel compute runtime instead
you may have noticed that the robot from the forum changed the name of K A L I, because this distribution doesn't handle OpenCL (and some other things), well

2) are you able to recover the PSK from the example hash:
https://hashcat.net/misc/example_hashes/hashcat.hccapx
from the example hashes, here:
https://hashcat.net/wiki/doku.php?id=example_hashes

3) have you tried to retrieve a PMKID and recover the PSK from it?

4) have you tried hashmode 22000 instead of deprecated hashmode 2500?

5) are you sure, you captured and converted a valid EAPOL message pair?
Which tools did you use for capturing and converting?
Reply
#3
1. If no The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) then what?
2. I'll try tomorrow.
4. No i didn't know it is deprecated
5 airodump-ng and cap2hccapx
Reply
#4
Recommended distribution (from hashcat team) is UBUNTU. It is user friendly, especially for Linux beginners.
Hashmode 22000 is no longer binary format. It combine 16800 (PMKID) and 2500 (EAPOL) in one single (ASCII) file.

cap2hccapx is not able to convert WiFi traffic to 22000 format.

airodump-ng is the best choice in combination with aircrack-ng, but not the best choice to use it with hashcat.
airdodump-ng (and aireplay-ng) doesn't provide PMKID attack vector.
Reply