Need help with this new cap style.. seeing more of these and nowhere to start
- Thread starter Steal the Joy
- Start date
Just looks like a normal .cap file. A poor quality one. Not sure what you mean by 'new cap style'?
Attached the file for anyone who doesn't want to visit the tracking host website.
Attached the file for anyone who doesn't want to visit the tracking host website.
Steal the Joy
Active member
believe these are Xfinity Routers and looks like they sent out an update to change the stock username BSSID and password.. seeing more and more of these in my hood lately!
Sparton
Active member
It is corrupt in that it will not convert to the 22000 format. Nor the 2500 format.
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 8
EAPOL M1 messages (KDV:0 AKM defined)....: 8 (PMK not recoverable)
EAPOL M2 messages (total)................: 4
EAPOL M2 messages (KDV:0 AKM defined)....: 4 (PMK not recoverable)
EAPOL M3 messages (total)................: 2
EAPOL M3 messages (KDV:0 AKM defined)....: 2 (PMK not recoverable)
EAPOL M4 messages (total)................: 6
EAPOL M4 messages (KDV:0 AKM defined)....: 6 (PMK not recoverable)
RSN PMKID (total)........................: 8
RSN PMKID (KDV:0 AKM defined)............: 8 (PMK not recoverable)
Since you do not use hashcat to crack there might be some validity left in the cap for your use. I do not know.
Your 2nd post is invalid for conversion also.
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 8
EAPOL M1 messages (KDV:0 AKM defined)....: 8 (PMK not recoverable)
EAPOL M2 messages (total)................: 4
EAPOL M2 messages (KDV:0 AKM defined)....: 4 (PMK not recoverable)
EAPOL M3 messages (total)................: 2
EAPOL M3 messages (KDV:0 AKM defined)....: 2 (PMK not recoverable)
EAPOL M4 messages (total)................: 6
EAPOL M4 messages (KDV:0 AKM defined)....: 6 (PMK not recoverable)
RSN PMKID (total)........................: 8
RSN PMKID (KDV:0 AKM defined)............: 8 (PMK not recoverable)
Since you do not use hashcat to crack there might be some validity left in the cap for your use. I do not know.
Your 2nd post is invalid for conversion also.
Sparton
Active member
I think it is time for you to re-visit how you capture these files. 107mb is absurd. No wonder you are cleaning them.
The majority of good captures are under 500kb. Most conversion programs will not handle that large of a file. So I did it the old fashioned way using hcxpcapngtool. It still does not have the valid handshakes to convert.
Maybe try something basic like wifite2. Easy to install and works great. https://github.com/kimocoder/wifite2
What program are you using to capture? It is not working. Looks like the cleaning is not corrupting them (even though you should never clean cap files), but the capturing is.
You say these cap files are tested as valid. Perhaps in some way they are, but not for M1, M2, M3, and M4 handshakes.
The majority of good captures are under 500kb. Most conversion programs will not handle that large of a file. So I did it the old fashioned way using hcxpcapngtool. It still does not have the valid handshakes to convert.
Maybe try something basic like wifite2. Easy to install and works great. https://github.com/kimocoder/wifite2
What program are you using to capture? It is not working. Looks like the cleaning is not corrupting them (even though you should never clean cap files), but the capturing is.
You say these cap files are tested as valid. Perhaps in some way they are, but not for M1, M2, M3, and M4 handshakes.
Steal the Joy
Active member
im open to anything at the moment with these.. you could be onto something here why i cant crack these.
im using aircrack and just leaving them on monitor until I get a handshake as these mesh systems wont allow a Deauth.
im using aircrack and just leaving them on monitor until I get a handshake as these mesh systems wont allow a Deauth.
FYI.
"The dump file is not corrupt.
It is WPA3 and the AUTHENTICATION KEYMANAGEMENT ist not PSK.
Neither hashcat nor JtR have a hash mode for AKM defined hashes, so hcxpcapngtool does not convert them.
The user should use hcxdumptool/hcxlabtool to downgrade the CLIENT to WPA2 (EAPOL M!M2ROGUE) as descibed here:
https://github.com/ZerBea/hcxdumptool/discussions/485#discussioncomment-11588215"
"The dump file is not corrupt.
It is WPA3 and the AUTHENTICATION KEYMANAGEMENT ist not PSK.
Neither hashcat nor JtR have a hash mode for AKM defined hashes, so hcxpcapngtool does not convert them.
The user should use hcxdumptool/hcxlabtool to downgrade the CLIENT to WPA2 (EAPOL M!M2ROGUE) as descibed here:
https://github.com/ZerBea/hcxdumptool/discussions/485#discussioncomment-11588215"
Summary: "If you use old, outdated, crappy tools to run an attack on a target you have to live with this crappy consequences." :)
Last edited:
Steal the Joy
Active member
wont argue with you there.. im gettin old and trying to keep up with everything is gettin overwhelming! Just wait til your my age and then youll understand lol.. I just do this for a fun hobby now. But now understand why i couldnt crack these, Appreciate the feedback
Don't take this as a personal attack. I believe I’m much older than you. But you should always use the latest software version. That’s my humble suggestion