zz2Fac3zz Posted January 9, 2014 Share Posted January 9, 2014 I'm having trouble capturing a successful pcap file. I've tried using the site survey app as well as doing it manually, but when ever I get a WPA handshake and write it to a .cap file. The .cap file wont load the saved handshake. If I try to convert the .cap file to a .hccap I get a " [error ] unable to find valid handshakes." I've tested it in Kali and every thing works fine. Has anyone successfully tried to crack a captured handshake from the pineapple? Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 10, 2014 Author Share Posted January 10, 2014 I've even tried capturing the handshake with a usb wireless card attached to the pineapple. Still unable to find a valid handshake. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 10, 2014 Share Posted January 10, 2014 Are you just looking to capture it? Is your airodump-ng channel hopping and missing it? Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 10, 2014 Author Share Posted January 10, 2014 No airodump-ng says it captures the handshake and aircrack will see the handshake, but if I try to convert the .cap to a .hccap so I can crack it with hashcat. I get [error ] unable to find valid handshakes. And if I open the .cap file captured from the pineapple with wireshark and search for eapol the WPA key capture is blank. If I capture the handshake of the same network from my pc I can convert the file no problem. Even if I use the same usb adapter and version of airodump-ng for both. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 10, 2014 Share Posted January 10, 2014 Have you read through this? http://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 10, 2014 Author Share Posted January 10, 2014 (edited) Yeah, the aircrack-ng -J option is no longer around. But you can convert files with https://hashcat.net/cap2hccap/ or I downloaded the cap2hccap program. I've captured and cracked dozens of 4 way handshakes with my pc. Its just when ever I capture a handshake with the pineapple its always looks ok but is actually invalid. That's why I'm curious if anyone has not just captured a wpa handshake with the pineapple but actually cracked that captured .cap file. (or is able to convert it to .hccap) Edited January 10, 2014 by zz2Fac3zz Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 11, 2014 Share Posted January 11, 2014 If I get a free moment, I will try and test. Hit up IRC #pineapple and see if someone there can help or test on their setup. Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 11, 2014 Author Share Posted January 11, 2014 Am I taking crazy pills? Pineapple PC Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 12, 2014 Author Share Posted January 12, 2014 I've tested it out with the mark iv as well and I'm still unable to capture a valid handshake. Has anyone actually captured and cracked a 4 way handshake with the wifi pineapple? Quote Link to comment Share on other sites More sharing options...
Sailor Posted January 12, 2014 Share Posted January 12, 2014 I've tested it out with the mark iv as well and I'm still unable to capture a valid handshake. Has anyone actually captured and cracked a 4 way handshake with the wifi pineapple? I cannot tell from the screenshots if you have followed the right steps to capture a handshake (the last step I see is a deauth, but that doesn't guarantee that there is a reconnect from this client). And yes, sure this is possible. Try using the wifite python script (search on this forum). This automates the steps required to capture a handshake. Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 12, 2014 Author Share Posted January 12, 2014 I'm sure I'm doing all the correct steps to capture the handshake, and I've used the wifite script as well as the site survey infusion. It always looks like a successful capture but when I try and convert it to a .hccap no dice. I've tried this on multiple networks and interfaces as well. Have you actually (Not just in theory) converted a captured handshake from the pineapple to a .hccap? Quote Link to comment Share on other sites More sharing options...
Sailor Posted January 12, 2014 Share Posted January 12, 2014 (edited) I'm sure I'm doing all the correct steps to capture the handshake, and I've used the wifite script as well as the site survey infusion. It always looks like a successful capture but when I try and convert it to a .hccap no dice. I've tried this on multiple networks and interfaces as well. Have you actually (Not just in theory) converted a captured handshake from the pineapple to a .hccap? Nope, sorry. I never converted a capture file to hccap, I have just (succesfully) used the cap file in aircrack-ng. Maybe it would help to try the --ivs option in airodump-ng? This would only capture the required packets for cracking. Edited January 12, 2014 by Sailor Quote Link to comment Share on other sites More sharing options...
NullNull Posted January 12, 2014 Share Posted January 12, 2014 Maybe it would help to try the --ivs option in airodump-ng? This would only capture the required packets for cracking. This will only work when cracking WEP, for WPA all packets need to be captured in order to have a successfull 4-way-handshake. Quote Link to comment Share on other sites More sharing options...
Sailor Posted January 12, 2014 Share Posted January 12, 2014 This will only work when cracking WEP, for WPA all packets need to be captured in order to have a successfull 4-way-handshake. You are right! My mistake, bad suggestion, don't use --ivs Quote Link to comment Share on other sites More sharing options...
Boosted240 Posted January 12, 2014 Share Posted January 12, 2014 After seeing this thread, I decided to give it a shot. I hadn't done this yet. On a laptop w/Kali I was able to capture a handshake using wifite pretty quickly. Then I tried using the pineapple, with two different radios. No luck. I tried site survey, and wifite. I tried two different APs, both with multiple clients, they both timed out on wifite. I can't even get a capture, so you're already doing better than I am. Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 12, 2014 Author Share Posted January 12, 2014 The problem with wifite and the wifi pineapple is the pineapple doesn't come with tshark/pyrite/cowpatty by default and wifite uses them to check to make sure you have a vaild handshake. If you run wifite with the -aircrack option so it only uses aircrack to verify it should let you capture the handshake. Although if you captured it using your pineapple that capture will be junk. Aircrack will open the .cap but even if you have the correct password in your wordlist it won't crack it, and if you try and convert it to .hccap " [error ] unable to find valid handshakes." Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 12, 2014 Author Share Posted January 12, 2014 (edited) Nope, sorry. I never converted a capture file to hccap, I have just (succesfully) used the cap file in aircrack-ng. When you used the .cap file from your pineapple with aircrack-ng was it able to actually crack the file? Because I've tried with the correct password in a smaller word list and aircrack didn't crack it. Unless of course the capture came from my laptop or pc then aircrack has no problem. Edited January 12, 2014 by zz2Fac3zz Quote Link to comment Share on other sites More sharing options...
Boosted240 Posted January 12, 2014 Share Posted January 12, 2014 (edited) Okay, I created a wordlist file with just the correct key in it, and started wifite with the -aircrack and -dict options. Uploaded the file to be converted, and it can't find valid handshakes. I've done this process before, but its been awhile. I played with hashcatGUI for awhile, using my Nvidia card. Never really had much luck with it other than if I put the key in the wordlist myself. I'm using custom-WPA and super-WPA wordlists. Edited January 12, 2014 by Boosted240 Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 12, 2014 Author Share Posted January 12, 2014 So I guess the question is why can't it be converted to a .hccap? Aircrack is tremendously slow compared to hashcat and being able to use your gpu. Quote Link to comment Share on other sites More sharing options...
Boosted240 Posted January 12, 2014 Share Posted January 12, 2014 So I guess the question is why can't it be converted to a .hccap? Aircrack is tremendously slow compared to hashcat and being able to use your gpu. Agreed. I just edited my post above, I have used hashcat before, just never had much luck with it. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 12, 2014 Share Posted January 12, 2014 I think that program is borked. I have a handshake and it told me invalid handshakes. Quote Link to comment Share on other sites More sharing options...
Boosted240 Posted January 12, 2014 Share Posted January 12, 2014 I think that program is borked. I have a handshake and it told me invalid handshakes. I just grabbed a handshake with wifite using Kali on my Raspberry Pi, just to be sure it works. Used the website to convert it, worked fine. Now I'm trying to remember how to use hashcat.... Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 12, 2014 Share Posted January 12, 2014 I use command line airodump-ng on the pineapple to get the handshake. Then I transferred the file to my computer and tried to convert. No go. I wonder if that convert script needs updating or has a weird parsing error. My SSID was "WiFi Hacking Test Network" lol. Pictures are attached of my test. My conclusion would be the conversion program needs some work. Quote Link to comment Share on other sites More sharing options...
zz2Fac3zz Posted January 13, 2014 Author Share Posted January 13, 2014 You know what I'm guessing because the Pineapple doesn't actually have a GPU aircrack is writing the .cap file differently. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 13, 2014 Share Posted January 13, 2014 You know what I'm guessing because the Pineapple doesn't actually have a GPU aircrack is writing the .cap file differently. I am pretty sure that doesn't matter. Contact the creator of the conversion program, supply him your pcap, and see if he can identify a bug. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.