search

ZerBea / hcxtools

A small set of tools to convert packets from capture files to hash files for use with Hashcat or John the Ripper.
MIT License
2.03k stars 393 forks source link

problem to convert the pcapng and write the hash in a file nothing happened #64

Closed shaftcut closed 6 years ago

shaftcut commented 6 years ago

I have a problem with hcxpcaptool , i can read the packet , i have the pmkids but i cannot convert into a 16800 hash and write it in a file , nothing happened , but with the -Z command for 16801 hash it works ... i use the last version and my os is ubuntu . thx for your help

:~/hcxtools-master# ./hcxpcaptool -z test.16800 pmkid.pcapng start reading from pmkid.pcapng

summary:

file name....................: pmkid.pcapng file type....................: pcapng 1.0 file hardware information....: Intel(R) Core(TM) iX CPU X XXX @ X.XXGHz (with SSE4.2) file os information..........: Linux 4.15.0-33-generic file application information.: Dumpcap (Wireshark) 2.4.5 (Git v2.4.5 packaged as 2.4.5-1) network type.................: DLT_EN10MB (1) endianess....................: little endian read errors..................: flawless packets inside...............: 16 skipped packets..............: 0 packets with FCS.............: 0 EAPOL packets................: 17 EAPOL PMKIDs.................: 1

If i use -Z command it works ...

:~/hcxtools-master# ./hcxpcaptool -Z test.16800 pmkid.pcapng start reading from pmkid.pcapng

summary:

file name....................: pmkid.pcapng file type....................: pcapng 1.0 file hardware information....: Intel(R) Core(TM) iX CPU X XXX @ X.XXGHz (with SSE4.2) file os information..........: Linux 4.15.0-33-generic file application information.: Dumpcap (Wireshark) 2.4.5 (Git v2.4.5 packaged as 2.4.5-1) network type.................: DLT_EN10MB (1) endianess....................: little endian read errors..................: flawless packets inside...............: 16 skipped packets..............: 0 packets with FCS.............: 0 EAPOL packets................: 17 EAPOL PMKIDs.................: 1

1 PMKID(s) written to test.16800

ZerBea commented 6 years ago

This isn't an issue of hcxdumptool or hcxtools. Your capfile is cleaned. Do not clean capfiles or use tools which clean capfiles!

For hashmode -16800 you need to capture an ESSID and a PMKID!!! Your summary shows that you didn't captured the correspondending ESSID. Only EAPOL frames are inside the cap file - so only -Z (PMK mode without ESSID) will work. Please use hachcat forum for your questions. here: https://hashcat.net/forum/thread-7717-post-41797.html#pid41797

shaftcut commented 6 years ago

Thanks for your fast help , I will check that .

By the way how do you see my capture is clean ?

ZerBea commented 6 years ago

Some iportant frames missing in your cap: beacons (with ESSID inside)..: 1 probe responses..............: 1 association requests.........: 42 association responses........: 1121