Hashcat 6.1.1 Potfile Mac Adress Problem
#1
Hi mates.

Before i was using 5.10 version of hashcat that i update it to 6.1.1

I have an interesting problem.

I used below command to scan a text file.

hashcat.exe -w 3 -m 2500 --session=test 26147_1615879990.hccapx out.txt

I cracked it and when i opened hashcat. Potfile has was stange.
There is no router name and no mac adress? Why
I work with a lot of cap files so this is too hard to find which file was cracked


Example hash

12a740d5f2a79efafdc049f13e88e82116f46c921dfd5843adcfbece6f3ca70f*5475726b54656c656b6f6d5f5445454146:[Password]


before in hashcat 5.1.0 version cracked hashes were like this:


105daf136ab8d60ae95bfe6df529afc1:a0e4cb9f3be1:bc307dc3b8e6:merve:[password]

How can i fix this problem?
Thanks
Reply
#2
The pot file entry is the result of PBKDF2 calculation (hash mode 22000, 16800, 2500):
Code:
PMK * ESSID in HEX : PSK
The PMK is unique for a complete network! That include the AP and all CLIENTs
Storing this unique result, only, will keep the pot file small.
hascat doesn't need further information to verify the NETWORK key!

Running hashcat with option -o will print what you expect to see:
Code:
PMKID or MIC : MAC_AP : MAC_STA : ESSID : PSK
The PMKID is unique for a single CLIENT of the NETWORK, only.
The MIC is unique for a single AUTHENTICATION of a single CLIENT of the NETWORK, only.
Storing this dynamic values to a pot file will bloat it and decrease speed.

This is valid for so long until the PSK or the ESSID changed. In that case you must hunt for the new PMK (which is the result of PBKDF2).
More information is here:
https://hashcat.net/forum/thread-9893.html
and here:
https://github.com/hashcat/hashcat/issue...-446869779
and of course here:
$ hashcat --help

If you understand PBKDF2, the pot file is not longer so strange as you might think.
Reply