Hi,
I have a router that has been decommissioned from a local company. The SSID is SMC-1 and the WPA password is motorhomes. I used hashcat and rockyou.txt to crack and all is good.
I then wanted to breakdown the cap file using wireshark to get the 5 packets (1 + 4 messages) but something I find odd and not what is documented anywhere else.
Attached is a zip file with 3 files in.
The first is the original cap file. (smc1-07.cap)
The Second is the 5 packets I thought I needed for hashcat to crack, it does not! (smc1-07-5packets.cap)
The Third is a cap file with message 1,1 and 4 which hashcat will crack - makes no sense (smc1-07-4packets.cap)
I have included a wordlist and the hccapx files for completeness.
To find my packets I used the wireshark filter of:
eapol or wlan.fc.type_subtype==0x08
Each file has been put through the converter on the hashcat.net site before submitting to hashcat (running on Windows 7).
Please can someone explain why the 3rd cap file works but the 2nd does not.
Thank you
BusiFix
I have a router that has been decommissioned from a local company. The SSID is SMC-1 and the WPA password is motorhomes. I used hashcat and rockyou.txt to crack and all is good.
I then wanted to breakdown the cap file using wireshark to get the 5 packets (1 + 4 messages) but something I find odd and not what is documented anywhere else.
Attached is a zip file with 3 files in.
The first is the original cap file. (smc1-07.cap)
The Second is the 5 packets I thought I needed for hashcat to crack, it does not! (smc1-07-5packets.cap)
The Third is a cap file with message 1,1 and 4 which hashcat will crack - makes no sense (smc1-07-4packets.cap)
I have included a wordlist and the hccapx files for completeness.
To find my packets I used the wireshark filter of:
eapol or wlan.fc.type_subtype==0x08
Each file has been put through the converter on the hashcat.net site before submitting to hashcat (running on Windows 7).
Please can someone explain why the 3rd cap file works but the 2nd does not.
Thank you
BusiFix