s0lst1c3 / eaphammer

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
GNU General Public License v3.0
2.21k stars 313 forks source link

[Question]: How to crack authentications with hashcat #34

Closed vincentcox closed 6 years ago

vincentcox commented 6 years ago

I tried several things to crack the hashcat format which is presented by the tool.

I tried the following command:

hashcat -a3 -m5600  aa::::c0b646c32fec94b73aece504aa2ce1c90265c7706acca598:e4f86460a2d31df7 ?l?l --force --username

The password is normally "aa", but I was trying to see if I could retrieve this test password with hashcat.

Any ideas?

Great tool by the way!

kmackinley commented 6 years ago

What error are you receiving when trying the syntax above?

s0lst1c3 commented 6 years ago

Hey @vincentcox! I'd be happy to help out with that! Can you please run the output of the following two commands and then paste me the output?

First Command: hashcat -a3 -m5600 aa::::c0b646c32fec94b73aece504aa2ce1c90265c7706acca598:e4f86460a2d31df7 '?l?l'

Second Command: hashcat -a3 -m5600 aa::::c0b646c32fec94b73aece504aa2ce1c90265c7706acca598:e4f86460a2d31df7 ?l?l --force --username

Thanks!

vincentcox commented 6 years ago

Thanks for the replies! The output:

D:\Downloads_browser\hashcat-4.1.0\hashcat-4.1.0>hashcat64.exe -a3 -m5600 aa::::c0b646c32fec94b73aece504aa2ce1c90265c7706acca598:e4f86460a2d31df7 '?l?l'
hashcat (v4.1.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080, 2048/8192 MB allocatable, 20MCU

Hash 'aa::::c0b646c32fec94b73aece504aa2ce1c90265c7706acca598:e4f86460a2d31df7': Salt-length exception
No hashes loaded.

Started: Fri Mar 09 09:10:18 2018
Stopped: Fri Mar 09 09:10:19 2018
s0lst1c3 commented 6 years ago

Hey @vincentcox!

Try changing -m 5600 to -m 5500.

EAPHammer outputs a NetNTLMv1 hash. Using -m 5600 tells hashcat to expect a NetNTLMv2 hash, which will cause an error. To tell hashcat to expect a NetNTLMv1 hash, use -m 5500. ;)

The hashcat website has a useful reference page with a complete list of hash modes, including example hashes.

https://hashcat.net/wiki/doku.php?id=example_hashes

Let me know if that fixes the issue.

vincentcox commented 6 years ago

Thanks for the reply! I still get an error however:

hashcat64.exe -a3 -m5500 aa::::c0b646c32fec94b73aece504aa2ce1c90265c7706acca598:e4f86460a2d31df7 ?l?l --force --username
hashcat (v4.1.0) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080, 2048/8192 MB allocatable, 20MCU

Hash 'aa::::c0b646c32fec94b73aece504aa2ce1c90265c7706acca598:e4f86460a2d31df7': Line-length exception
No hashes loaded.

Started: Fri Mar 09 14:29:31 2018
Stopped: Fri Mar 09 14:29:31 2018
s0lst1c3 commented 6 years ago

Try running the command without the --username flag. Worked for me.

screen shot 2018-03-13 at 1 53 36 am
vincentcox commented 6 years ago

Thanks for helping out! That did the trick indeed.

s0lst1c3 commented 6 years ago

No problem!