Jump to content

do I have to clean my .cap before cracking it?


Recommended Posts

Posted

hi! I would like to know if I need to clean my wpa handshake captured with aircrack-ng before converting it to hccap for cracking it in hascat? When I use the tool wpaclean in kali-linux It seems to remove important part of 4 ways handshake... Can I just use the file with all the junk traffic and the full handhsake inside it without having problems? I dont want to spend a day to crack a broken handshake.




https://goo.gl/photos/R6C3uqt3p8UtiKsp6

If I got the 4 way handshake like this picture for the same client I should be ok even with a .cap file not clean?

Posted

I have cleaned cap files before. When the are super large and only want the relevant information...

processing extremely large pcap files eat up resources and causes delay results if you plan on processing the file multiple times over and over again...

You should be fine.

Posted

Most tools just pull the hashes out and work on those so once the process starts the rest of the pcap is forgotten.

Posted

Ive run large pcap files and they will skyrocket my cpu temps (95C), but smaller ones will keep it more reasonable(75C)

Posted

Thx for all the responsse! I can confirm that this is working without a problem! hascat is pulling the important information from the pcap file by himself and crack the password like diginija said. I prefer not cleaning the file to prevent myself from beaking an otherwise perfect handshake!

Posted

You could always just extract the handshake yourself in Wireshark. Load the file, filter by eap and then save the packets that are left as pcap, not pcapng.

Posted

I capture a new handhsake yesterday, But it seem I had a lot of broken one before aircrack-ng finaly detect a good one. By looking at the last 4 packet with the eapol filter in wireshark I was able to see that it was a good handshake because the packet 1,2,3,4 were here. I also check that the replay value was the same for the first 2 packet and the same for the last 2 packet and I make sur that the nouce value was the the same for the first and third packet.

I followed this page to make sure everything was good : http://aircrack-ng.org/doku.php?id=wpa_capture&DokuWiki=074d5917c87bb3032d8c42de85f2e8da

After that I selected the 4 good eapol packet and selected one brocast becon frame and put it in a new file like on the pictures.

https://goo.gl/photos/qUrziqhd9wChXsLA6

https://goo.gl/photos/hcFQa4S9uLqoJ9Sb8

Do you guys see any error in the way I am making sure that the .cap handshake is good before converting it to hccap?

Posted

what is indicating that the handshake is broken?

Did you save the capture from wireshark? if so, did you use pcapng or traditional pcap format?

Posted

aircrack-ng doesn't see any problems:

$ aircrack-ng bell919.cap
Opening /home/robin/Desktop/bell919.cap
Read 5 packets.
   #  BSSID              ESSID                     Encryption
   1  54:64:D9:EA:47:8F  BELL919                   WPA (1 handshake)
Choosing first network as target.
Opening bell919.cap

We have to assume you have permission to test this AP so have the person who knows the PSK put it in a file and test that it will work.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...