Jump to content

WPA Handshake .cap file will not load


zz2Fac3zz
 Share

Recommended Posts

I'm having trouble capturing a successful pcap file. I've tried using the site survey app as well as doing it manually, but when ever I get a WPA handshake and write it to a .cap file. The .cap file wont load the saved handshake. If I try to convert the .cap file to a .hccap I get a " [error ] unable to find valid handshakes." I've tested it in Kali and every thing works fine. Has anyone successfully tried to crack a captured handshake from the pineapple?

Link to comment
Share on other sites

No airodump-ng says it captures the handshake and aircrack will see the handshake, but if I try to convert the .cap to a .hccap so I can crack it with hashcat. I get [error ] unable to find valid handshakes. And if I open the .cap file captured from the pineapple with wireshark and search for eapol the WPA key capture is blank. If I capture the handshake of the same network from my pc I can convert the file no problem. Even if I use the same usb adapter and version of airodump-ng for both.

Link to comment
Share on other sites

Yeah, the aircrack-ng -J option is no longer around. But you can convert files with https://hashcat.net/cap2hccap/ or I downloaded the cap2hccap program. I've captured and cracked dozens of 4 way handshakes with my pc. Its just when ever I capture a handshake with the pineapple its always looks ok but is actually invalid.

That's why I'm curious if anyone has not just captured a wpa handshake with the pineapple but actually cracked that captured .cap file. (or is able to convert it to .hccap)

Edited by zz2Fac3zz
Link to comment
Share on other sites

I've tested it out with the mark iv as well and I'm still unable to capture a valid handshake.

Has anyone actually captured and cracked a 4 way handshake with the wifi pineapple?

I cannot tell from the screenshots if you have followed the right steps to capture a handshake (the last step I see is a deauth, but that doesn't guarantee that there is a reconnect from this client).

And yes, sure this is possible. Try using the wifite python script (search on this forum). This automates the steps required to capture a handshake.

Link to comment
Share on other sites

I'm sure I'm doing all the correct steps to capture the handshake, and I've used the wifite script as well as the site survey infusion. It always looks like a successful capture but when I try and convert it to a .hccap no dice. I've tried this on multiple networks and interfaces as well. Have you actually (Not just in theory) converted a captured handshake from the pineapple to a .hccap?

Link to comment
Share on other sites

I'm sure I'm doing all the correct steps to capture the handshake, and I've used the wifite script as well as the site survey infusion. It always looks like a successful capture but when I try and convert it to a .hccap no dice. I've tried this on multiple networks and interfaces as well. Have you actually (Not just in theory) converted a captured handshake from the pineapple to a .hccap?

Nope, sorry. I never converted a capture file to hccap, I have just (succesfully) used the cap file in aircrack-ng.

Maybe it would help to try the --ivs option in airodump-ng? This would only capture the required packets for cracking.

Edited by Sailor
Link to comment
Share on other sites

After seeing this thread, I decided to give it a shot. I hadn't done this yet.

On a laptop w/Kali I was able to capture a handshake using wifite pretty quickly.

Then I tried using the pineapple, with two different radios. No luck. I tried site survey, and wifite. I tried two different APs, both with multiple clients, they both timed out on wifite.

I can't even get a capture, so you're already doing better than I am.

Link to comment
Share on other sites

The problem with wifite and the wifi pineapple is the pineapple doesn't come with tshark/pyrite/cowpatty by default and wifite uses them to check to make sure you have a vaild handshake. If you run wifite with the -aircrack option so it only uses aircrack to verify it should let you capture the handshake. Although if you captured it using your pineapple that capture will be junk. Aircrack will open the .cap but even if you have the correct password in your wordlist it won't crack it, and if you try and convert it to .hccap " [error ] unable to find valid handshakes."

Link to comment
Share on other sites

Nope, sorry. I never converted a capture file to hccap, I have just (succesfully) used the cap file in aircrack-ng.

When you used the .cap file from your pineapple with aircrack-ng was it able to actually crack the file? Because I've tried with the correct password in a smaller word list and aircrack didn't crack it. Unless of course the capture came from my laptop or pc then aircrack has no problem.

Edited by zz2Fac3zz
Link to comment
Share on other sites

Okay, I created a wordlist file with just the correct key in it, and started wifite with the -aircrack and -dict options.

Uploaded the file to be converted, and it can't find valid handshakes. I've done this process before, but its been awhile. I played with hashcatGUI for awhile, using my Nvidia card. Never really had much luck with it other than if I put the key in the wordlist myself. I'm using custom-WPA and super-WPA wordlists.

aircrack.jpg

Edited by Boosted240
Link to comment
Share on other sites

So I guess the question is why can't it be converted to a .hccap? Aircrack is tremendously slow compared to hashcat and being able to use your gpu.

Agreed. I just edited my post above, I have used hashcat before, just never had much luck with it.

Link to comment
Share on other sites

I think that program is borked. I have a handshake and it told me invalid handshakes.

I just grabbed a handshake with wifite using Kali on my Raspberry Pi, just to be sure it works. Used the website to convert it, worked fine.

Now I'm trying to remember how to use hashcat.... :blink:

Link to comment
Share on other sites

I use command line airodump-ng on the pineapple to get the handshake. Then I transferred the file to my computer and tried to convert. No go. I wonder if that convert script needs updating or has a weird parsing error. My SSID was "WiFi Hacking Test Network" lol.

Pictures are attached of my test. My conclusion would be the conversion program needs some work.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...