Je travaille sur la fissuration d'un fichier PMKID. J'ai collecté un fichier PCAP en utilisant BetterCap.
Puis convertissez en utilisant ceci:
hcxpcaptool -z bettercap-wifi-handshakes.pcap.pmkid bettercap-wifi-handshakes.pcap
Ils semblent convertir:
summary:
--------
file name....................: bettercap-wifi-handshakes.pcap
file type....................: pcap 2.4
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_IEEE802_11_RADIO (127)
endianness...................: little endian
read errors..................: flawless
packets inside...............: 185
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 6
beacons (with ESSID inside)..: 7
probe responses..............: 6
EAPOL packets................: 172
EAPOL PMKIDs.................: 10
best handshakes..............: 5 (ap-less: 0)
4 PMKID(s) written to bettercap-wifi-handshakes.pcap.pmkid
J'essaie ensuite de courir Hashcat contre elle et il retourne "séparateur inégalé" pour toutes mes entrées. Ceci est un test simple à 2 chiffres ci-dessous. Qu'est-ce qui se passe ici?
hashcat -m16800 -a3 -w3 bettercap-wifi-handshakes.pcap.pmkid %d%d --force
hashcat (v5.1.0-849-gcf8c815c) starting...
OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz, 256/738 MB allocatable, 1MCU
Hashfile 'bettercap-wifi-handshakes.pcap.pmkid' on line 1 (048614...59a93*4d61726368303332382f322e34): **Separator unmatched**
Hashfile 'bettercap-wifi-handshakes.pcap.pmkid' on line 2 (947be6...d5bc0e*1008b148e785*443542433045): **Separator unmatched**
Hashfile 'bettercap-wifi-handshakes.pcap.pmkid' on line 3 (4128f6...4b656e6e65792773204e6574776f726b): **Separator unmatched**
Hashfile 'bettercap-wifi-handshakes.pcap.pmkid' on line 4 (462f44...4b656e6e65792773204e6574776f726b): **Separator unmatched**
Que diriez-vous de lire ChangeLog ou Menu d'aide:
02.04.2019
==========
Due to hashcat changes:
"WPA/WPA2 cracking: In the potfile, replace password with PMK in order
to detect already cracked networks across all WPA modes"
https://github.com/hashcat/hashcat/commit/b8d609ba1604f4fed62198ae5000e205dcc87f70
hcxpcaptool: added new option -k to convert dumpfile to new hashcat PMKID format
-k <file> : output PMKID file (hashcat hashmode -m 16800 new format)
-z <file> : output PMKID file (hashcat hashmode -m 16800 old format and john)
use hcxhashcattool to convert old 2500 and old 16800 potfile to new hashcat potfile Format:
-p <file> : input old hashcat potfile
accepted potfiles: 2500 or 16800
-P <file> : output new potfile file (PMK:ESSID:PSK)
hcxhashcattool -p oldhashcat.2500.pot -P newhashcat.potfile
hcxhashcattool -p oldhashcat.16800.pot -P newhashcat.potfile