akmartinez Posted March 14, 2023 Share Posted March 14, 2023 Hello everyone, I'm having a problem with the wpa.cap file created by besside through the Delayed-AP-Attack-Mine payload. I see the Owl loot saved the besside.log, wpa.cap, and wep.cap files. The log tells me some WPA handshakes were captured and looks like there are no errors. I followed the readme.md associated with the payload and did an "airacrack-ng -J filebase wpa.cap" and received a success message in creating a hashcat filebase.hccap file for the SSID I'm testing on. When I run "hashcat -m 2500 filebase.hccap -w /wordlist" (wordlist is not the full name/path) I get an error that mode 2500 has be deprecated and to use mode 22000. I used mode 22000 and then receive an error messaed of an unmatched separator. I'm still a little new to some of this but I tried to do some research and so far can't see what I might be doing wrong. If anyone can nudge me in the right direction I'd appreciate it. Also if it's relevant, could it be I need to do an update/upgrade on the distro and apps installed on the Owl? if that's possible? Here is some of the input/output from using aircrack-ng and hashcat... ----------$ hashcat -m 22000 filebase.hccap /usr/share/fern-wifi-cracker/extras/wordlists/common.txt hashcat (v6.2.6) starting OpenCL API (OpenCL 3.0 PoCL 3.1+debian Linux, None+Asserts, RELOC, SPIR, LLVM 14.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project] ================================================================================================================================================== * Device #1: pthread-haswell-Intel(R) Core(TM) i9-10850K CPU @ 3.60GHz, 63289/126643 MB (16384 MB allocatable), 20MCU Minimum password length supported by kernel: 8 Maximum password length supported by kernel: 63 Hashfile 'filebase.hccap' on line 1 (test): Separator unmatched Hashfile 'filebase.hccap' on line 2 (): Separator unmatched No hashes loaded. Started: Mon Mar 13 11:01:55 2023 Stopped: Mon Mar 13 11:01:55 2023 ----------aircrack-ng -J filebase wpa.cap Reading packets, please wait... Opening wpa.cap Read 12 packets. # BSSID ESSID Encryption 1 A6:04:60:xx:xx:xx hiding from forum WPA (1 handshake) 2 A6:04:60:xx:xx:xx hiding from forum WPA (1 handshake) 3 AA:04:60:xx:xx:xx hiding from forum WPA (1 handshake) 4 AA:04:60:xx:xx:xx hiding from forum WPA (1 handshake) Index number of target network ? 1 Reading packets, please wait... Opening wpa.cap Read 12 packets. 1 potential targets Building Hashcat file... [*] ESSID (length: 10): test [*] Key version: 2 [*] BSSID: A6:04:60:xx:xx:xx [*] STA: D0:E7:xx:xx:xx:xx [*] anonce: removed for forum [*] snonce: removed for forum [*] Key MIC: removed for forum [*] eapol: removed for forum Successfully written to filebase.hccap ---------- hashcat -m 22000 filebase.hccap /usr/share/fern-wifi-cracker/extras/wordlists/common.txt hashcat (v6.2.6) starting OpenCL API (OpenCL 3.0 PoCL 3.1+debian Linux, None+Asserts, RELOC, SPIR, LLVM 14.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project] ================================================================================================================================================== * Device #1: pthread-haswell-Intel(R) Core(TM) i9-10850K CPU @ 3.60GHz, 63289/126643 MB (16384 MB allocatable), 20MCU Minimum password length supported by kernel: 8 Maximum password length supported by kernel: 63 Hashfile 'filebase.hccap' on line 1 (test): Separator unmatched Hashfile 'filebase.hccap' on line 2 (): Separator unmatched No hashes loaded. Started: Mon Mar 13 11:03:09 2023 Stopped: Mon Mar 13 11:03:09 2023 Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 14, 2023 Share Posted March 14, 2023 8 hours ago, akmartinez said: When I run "hashcat -m 2500 filebase.hccap -w /wordlist" (wordlist is not the full name/path) I get an error that mode 2500 has be deprecated and to use mode 22000. Mode 2500 is (as you mention) deprecated since Hashcat 6.0.0https://hashcat.net/forum/thread-10253.html 8 hours ago, akmartinez said: I used mode 22000 and then receive an error messaed of an unmatched separator. You can't just change the "m" flag mode/type to 22000 and expect that Hashcat will accept the input file "as is". The input needs to be converted to 22000 format using this online tool (or locally/offline using hcxpcapngtool)https://hashcat.net/cap2hashcat/ However, besside-ng specifically is one of the "source tools" that should be avoided. The payload is 4 years old and things happen over time, especially fast when in the cyber sec domain. Tools evolve. 8 hours ago, akmartinez said: Also if it's relevant, could it be I need to do an update/upgrade on the distro and apps installed on the Owl? I wouldn't do that without specific knowledge and also be prepared that Owl things could break. You could try to build your own ipk:s of tools needed, but in this specific case you won't be more happy using a more recent version of besside-ng if you plan to use Hashcat since it's still something to avoid (according to Hashcat). Quote Link to comment Share on other sites More sharing options...
River Posted January 22 Share Posted January 22 I'm interested in a payload like this that's not four years old. When I searched the payload library there were no payloads for the owl? Where did this payload come from curious? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 22 Share Posted January 22 What payload library? Did you check GitHub? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.