+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Crack WPA2 (.hc22000 file) with list not completing (/thread-10496.html)
Crack WPA2 (.hc22000 file) with list not completing - Joe_Baker - 12-02-2021
I have a WPA2 hash file .hc22000 (so mode 22000) but when I try to find the password located in a small list of 5 words it just keeps running but doesn't complete it. I let the command run for an hour before closing it, it kept loading on "Initializing backend runtime for device #1. Please be patient...". I'm using the command:
"hashcat -a 0 -m 22000 hashfile.hc22000 wordlist.txt". Does someone have experience with these .hc22000 files or maybe something wrong with my command?
The hash looks like following:
"WPA*02*<bunch of letters and numbers with a * from time to time>*02"
Text file looks like following:
"
RandomWord
anotherRandomWord
password
notMyPassword
another
"
The command is running when I'm in the folder of hashcat (hashcat-6.2.5) and the files used are located in this folder as well. I get no error codes except "nvmlDeviceGetFanSpeed(): Not Supported" but this shouldn't be an issue from what I've read.
I'm using a i7-9750h and RTX2060 so you would expect that it wouldn't take that long to get a hash from a 5 word long list (let alone a huge list like rockyou).
P.S. I'm new to hashcat so it's possible I'm missing some obvious steps.
RE: Crack WPA2 (.hc22000 file) with list not completing - v71221 - 12-08-2021
Try to play with -D option.
At first, to show info about detected backend devices, run
hashcat.exe -IThen choose your device.
In my case
-D 1 means use CPU, works!
-D 2 means use GPU, doesn't work, Device #2: Not enough allocatable device memory for this attack.
For simplicity, you can enter the hash and password directly into the command line.
hashcat.exe -D 1 -a 3 -m 22000 "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***" "hashcat!"It takes about 16 minutes in my case and it works. Status: Cracked
This is an example hash you can find here:
https://hashcat.net/wiki/doku.php?id=example_hashes
or just
hashcat.exe -m 22000 --example-hashesBy the way, I'm also new to hashcat.
I'm using Windows and a 10-year-old laptop with an Intel Celeron CPU and an Intel GPU.
I was not able to use hashcat on Linux. Every time I got an "illegal hardware instruction" error.
Now the fun part.
pmkid-hash (format .hc22000) from real dump (captured by hcxdumptool) is not cracked. Status: Exhausted
eapol-hash (format .hc22000) from the same real dump is cracked. Status: Cracked
So far I have not been able to crack pmkid.
I tried wordlist attack, brute-force attack, different dumpfiles, however result is the same. Status: Exhausted
I can crack eapol-hash, but something wrong with pmkid-hash. May be the main reason is my weak hardware.
Please answer what status you saw when you ran the commands below on your hardware. Cracked or Exhausted ?
hashcat.exe -D 1 -a 3 -m 22000 "WPA*01*f8dc238fb156874627b5ff251b8ab53c*020000000001*020000000020*61703031***" "12345678"
hashcat.exe -D 1 -a 3 -m 22000 "WPA*02*6ec572e97e2ede5a6099bf964fa880fd*020000000001*020000000020*61703031*013ebd2420f2dedcfb7ad5cf967c902c5f40031574352a492e809b58b0e74e4a*0103007502010a00000000000000000000f97e365fcdcfcf2ccb91fa35c25c345eaf34b638c15926eb43a1cc78876d7c86000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac023c00*02" "12345678"Explanation of the hc22000 hash line you can find here
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Please read this post as an example of troubleshooting of dictionary attack.
https://hashcat.net/forum/thread-8602.html
RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-08-2021
Now the fun part.
pmkid-hash (format .hc22000) from real dump (captured by hcxdumptool) is not cracked. Status: Exhausted
eapol-hash (format .hc22000) from the same real dump is cracked. Status: Cracked
Indeed funny, but related to 802.11 attack mode and conversion mode:
PMKID retrieved from ACCESS POINT.
EAPOL MESSAGE PAIR retrieved from CLIENT M2.
It the CLIENT is authorized, the PSK should be the same on both. If not, you'll get two different PSKs. The same will happen if the PSK is changed during capturing time.
(BTW: both MACs look very synthetic - which let me assume that you're running a test environment)
By default hcxdumptool/hcxlabtool attack both (AP and CLIENT) and hcxpcapngtool convert everything.
All tools are analysis tools and it is mandatory that you know what you are doing (choosing the attack vector, converting the hash, selecting the desired hash to feed hashcat). Otherwise the result will be completely unexpected.
RE: Crack WPA2 (.hc22000 file) with list not completing - v71221 - 12-08-2021
@ZerBea
Thank you for your prompt reply. Yes, I am a newcomer, diligently studying hcxdumptool/hcxtools and using a test environment. Three notebooks with wifi-adapters, 1st with Linux and hcxdumptool/hcxtools, 2nd with Windows as wifi access point, and 3rd with Windows as client. For clarity and readability I changed MACs on AP and CLIENT.
AP is created by these commands on Windows 7
netsh wlan set hostednetwork mode=allow ssid=ap01 key=12345678 keyUsage=temporary
netsh wlan start hostednetworkI ran this command to capture AP-CLIENT session.
$ sudo hcxdumptool -i wlan0 -o dump.pcapng --silent --enable_status=127 -c 1I used silent "passive" mode because client hung if I ran hcxdumptool in "active" mode.
Could you kindly provide me with "proper" syntax of hcxdumptool options if I'm targeting PMKID only.
By the way, I noticed that
hcxhash2cap with option "--pmkid=" gives an error "reading hash line 1 failed".
hcxhash2cap with option "--pmkid-eapol=" works fine.
Input file in both cases is the same one-line-file pmkid.22000
$ hcxhash2cap --pmkid=pmkid.22000 -c test.cap
reading hash line 1 failed: WPA*01*f8dc238fb156874627b5ff251b8ab53c*020000000001*020000000020*61703031***
$ hcxhash2cap --pmkid-eapol=pmkid.22000 -c test2.cap
PMKIDs/EAPOL messages written to capfile(s): 1 (0 skipped)RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-08-2021
--pmkid option is for old 16800 hash lines. It will give an ERROR on hc22000 files.
By latest commit:
https://github.com/ZerBea/hcxtools/commit/9e118e11672cd8c3933d2fb194372f342a6f71ad
I added an additional information to --help:
-vegamovies-one.piece.s1e29 34.1080p.-hin.eng.j...
It's worth noting that while sites like Vegamovies might offer convenient access to TV shows and movies, including anime like "One Piece," using such sites might not always be legal or safe. Many countries have laws against copyright infringement, and these sites often operate in a gray area. For a safer and more legal viewing experience, consider subscribing to official streaming services.
If you're interested in watching "One Piece" or catching up on episodes like S1E29-34, I recommend checking out official streaming platforms for the best experience.
The neon sign flickered above the cramped internet café, casting a rhythmic, electric blue pulse across the rain-slicked pavement outside. Inside, the air was thick with the smell of cheap instant coffee and overheated circuit boards.
Leo sat hunched over his keyboard, the glow of three monitors illuminating his exhausted face. He was a digital archaeologist of sorts, a curator of lost media in an age of aggressive copyright strikes and disappearing servers. His fingers hovered over the mechanical keys. On the center screen, a single line of text sat in the search bar of a shadowy, ad-riddled forum:
-Vegamovies-One.Piece.S1E29 34.1080p.-HIN.ENG.J...
It wasn't just a file name. It was a grail.
For years, the "Lost Batch" of One Piece—the episodes spanning the Kuro Arc transition—had been a myth among collectors. Official streaming services had glitched masters; the colors were washed out, the audio tracks desynchronized. But rumors persisted of a specific, high-bitrate encode sourced from an obscure Asian broadcast master, dual-audio with pristine Hindi and Japanese tracks, subtitled in English with the original translation nuance intact.
Leo hit enter. The page loaded slowly, the connection struggling against the weight of the site’s aggressive pop-ups. Finally, a list of results appeared.
File: -Vegamovies-One.Piece.S1E29 34.1080p.-HIN.ENG.J...
Size: 4.2 GB
Seeders: 1
"One seeder," Leo whispered, the reverence in his voice usually reserved for religious artifacts. "Just one."
He clicked the magnet link. The download client sprang to life. Connecting to peers... The bar sat at 0%. Then 0.1%. The connection was tenuous, a thin digital thread stretching across oceans, likely from a seedbox in a country with lax piracy laws.
As the data began to trickle in—painfully slow, like syrup dripping from a jar—Leo leaned back. He needed to wait. To pass the time, he hovered over the file properties. The filename was truncated at the end, the ellipses hiding the full extension. .J... likely meant .JPN or .JPG for the thumbnail, but there was something odd about the encoding signature.
The estimated time of completion blinked: 12 Hours.
Outside, the rain intensified, drumming against the café window like a ticking clock. Leo watched the percentage climb. 5%. 10%.
Suddenly, a notification popped up in his client. It wasn't a system alert. It was a message embedded in the tracker protocol. USER: KRAKEN_99 says: Stop. You don't know what you're downloading.
Leo frowned. Private messages through torrent trackers were rare, almost archaic. He typed back, his fingers flying. USER: ARCHIVIST says: I'm just here for the high-res. The Kuro arc deserves better than 480p.
The response was instantaneous. USER: KRAKEN_99 says: The resolution isn't the problem. Look at the file size. Episode 29 is supposed to be 350MB in this encode. The file says 4.2GB. Check the header.
Leo paused. He pulled up the technical specs of the partial download. Kraken_99 was right. The bitrate was unnaturally high for a standard definition upscale. It was heavy. Too heavy.
He opened the partially downloaded video file, forcing the media player to render what it could. Usually, this resulted in glitchy artifacts or a frozen screen. But the video played.
The familiar cel-shaded animation of the Going Merry filled the screen. The colors were vibrant, sharper than reality itself. But there was no sound. The audio track was missing—or rather, it was a separate, massive data stream the player couldn't recognize.
Leo skipped ahead. The animation wasn't the episode. It wasn't Luffy shouting or Usopp cowering. It was a continuous, seamless loop of the ocean horizon, rendered in hyper-realistic 1080p. And in the corner, where the timestamp should have been, there were coordinates.
20%. The download speed spiked. The "1" seeder wasn't just a person. It was a server waking up.
Leo’s screens flickered. The ads on the sides of his browser vanished, replaced by static. The message from Kraken_99 flashed red. USER: KRAKEN_99 says: It's a dead drop. The Vegamovies rips are a front for the Marinenford Leaks. They hid the navigation data for the lost server fleet inside the metadata of the One Piece files. You just triggered the wake-up signal.
Leo stared. The "Vegamovies" prefix—he had assumed it was just another piracy group. But in the murky world of the deep web, things were rarely what they seemed. The file name wasn't labeling the content; it was a cipher. -Vegamovies- stood for a protocol. One.Piece was the carrier. S1E29 was the sector.
The download hit 50%. The lights in the internet café hummed louder. The file wasn't a movie; it was an executable compression bomb disguised as a video file. As the bar hit 51%, a new window opened on Leo's screen—a command prompt.
Access Granted: East Blue Sector. Decrypting Navigation Log... -Vegamovies-One.Piece.S1E29 34.1080p.-HIN.ENG.J...
Leo realized he wasn't downloading an episode. He was downloading a map. A map to the real location of "The One Piece"—a legendary cache of classified data, source codes for abandoned software, and the 'Treasure' of a long-defunct hacker collective that had vanished a decade ago.
The file name flashed again in his mind: ...HIN.ENG.J...
HIN: High-Intensity Network.
ENG: Encrypted Navigation Grid.
J: Justification.
The final piece slid into place. The download reached 99%.
Leo’s hand hovered over the 'Pause' button. If he finished this, he would possess something worth killing for in the digital underground. Or, he could delete it, walk out into the rain, and pretend he never saw the coordinates.
He looked at the screen. Luffy’s face, frozen in a frame of high-definition laughter, seemed to urge him on.
Leo smiled, the adrenaline finally cutting through his exhaustion. He moved his mouse away from the pause button and clicked Open Folder.
"Let's set sail," he muttered.
The download completed. The file unpacked itself. And somewhere in a server farm halfway across the world, a light turned green.
The file string you provided, "-Vegamovies-One.Piece.S1E29 34.1080p.-HIN.ENG.J..." refers to a digital video file for Episode 29 anime series
. This specific release is a "multi-audio" version, likely sourced from a third-party distribution site. File Metadata Breakdown (based on the manga by Eiichiro Oda).
Season 1, Episode 29 ("The Conclusion of the Deadly Battle! A Spear of Blind Determination!"). Resolution:
1080p (Full High Definition), providing a crisp 1920x1080 pixel display. Audio Tracks:
Hindi (HIN), English (ENG), and Japanese (JAP). This allows viewers to switch between the original Japanese voice acting, the English dub, or the Hindi dub. Source/Uploader:
"Vegamovies" is the label for the group or site that processed and uploaded this specific encode. Episode 29 Plot Summary This episode is a pivotal moment in the Baratie Arc . It concludes the intense showdown between Monkey D. Luffy , the pirate admiral. The Conflict:
Luffy faces off against Krieg’s "Battle Spear" and his arsenal of hidden weapons. Despite being perforated by small spikes and facing Krieg's heavy armor, Luffy’s iron will (his "blind determination") drives him to push through the pain. The Climax:
Luffy successfully shatters Krieg's armor and sends him into the sea, effectively ending the threat to the floating restaurant, Baratie. Significance:
This episode highlights Luffy's resilience and sets the stage for Sanji's decision to join the Straw Hat crew as their chef. Technical Quality
rip, this file typically offers the best visual experience for the early
episodes, which were originally produced in a 4:3 aspect ratio. Most modern 1080p versions of these early episodes are "Remastered" editions that enhance the colors and line work for modern screens. or how to navigate the audio settings for this file?
This guide covers the technical details and content of the episodes included in the release titled " One Piece S1 E29-34 1080p [HIN.ENG.JAP]
". This specific collection focuses on the climax of the Baratie Arc, featuring some of the most iconic early moments in the series. Release Technical Specifications Resolution: 1080p High Definition (FHD). Audio Tracks: Hindi: Official or high-quality dubbed audio. English: The standard Funimation/Crunchyroll dub.
Japanese: The original voice cast with accompanying subtitles. Episodes Covered: Episode 29 through Episode 34. Episode Guide & Key Moments
Episode 29: The Conclusion of the Deadly Battle! A Spear of Blind Determination!
Luffy concludes his intense fight against Don Krieg. Despite Krieg’s heavy armor and hidden weapons, Luffy's raw determination proves that a "spear of blind grit" can shatter the strongest steel. Episode 30: Set Sail! The Sea Cook Sets Out with Luffy!
Following the battle, Sanji finally decides to join the Straw Hat crew as their official cook. This episode features a tear-jerking farewell as Sanji thanks Zeff and the Baratie chefs for everything they've done for him. It's worth noting that while sites like Vegamovies
Episode 31: The Worst Man in the Eastern Seas! Arlong of the Fish-Man Pirates!
The crew heads toward Nami's hometown. We are introduced to the terrifying Arlong and his Fish-man crew, who have been occupying Cocoyasi Village and forcing the residents to pay for their lives.
Episode 32: The Witch of Cocoyasi Village! Arlong's Female Official!
The crew discovers Nami’s "betrayal." She is revealed to be a member of the Arlong Pirates. Zoro is captured, and the dark history of Nami's relationship with the Fish-men begins to surface. Episode 33: Usopp Dead?! Luffy Hasn't Arrived on Shore Yet?
Usopp attempts to be a hero in Cocoyasi Village but is caught by the Fish-men. To save him, Nami appears to kill Usopp in front of the pirates, though her true motives remain hidden from the crew. Episode 34: Reunited! Usopp Tells Nami's True Story!
Usopp is revealed to be alive, and the Straw Hats finally learn the tragic truth: Nami has been working for Arlong to buy back her village's freedom for 100 million Berries. Tips for Best Viewing Experience
Subtitles: Given the multiple audio tracks, ensure your media player (like VLC or MPC-HC) is set to "Subtitles On" if you are watching the Japanese audio version.
Audio Switching: You can usually toggle between Hindi, English, and Japanese using the 'Audio' menu or the 'B' key (in some players) to compare the voice acting styles.
The keyword "-Vegamovies-One.Piece.S1E29 34.1080p.-HIN.ENG.J..." refers to a high-definition, dual-audio (Hindi and English) file of One Piece Episode 29, often found on unofficial file-sharing platforms like Vegamovies. This specific episode, titled "The Conclusion of the Deadly Battle! A Spear of Blind Determination!", marks a pivotal moment in the Baratie Arc, showcasing the climax of Luffy's fight against Don Krieg. Recap of One Piece Episode 29: The Battle for Baratie
In this episode, the intense showdown between Monkey D. Luffy and the pirate admiral Don Krieg reaches its peak. Don Krieg, known for his "foul play" and massive arsenal of weapons, believes that sheer military might and superior armor are enough to conquer the Grand Line. However, Luffy’s "spear of determination" proves otherwise.
Luffy vs. Don Krieg: Luffy successfully cracks Krieg’s legendary golden armor using a Gomu Gomu no Bazooka. Despite Krieg’s attempt to trap them both in a net to drown Luffy, the rubber man uses a powerful Gomu Gomu no Ozuchi to slam Krieg into the Baratie's fin, knocking him unconscious.
Sanji’s Heroism: As Luffy falls into the sea due to his inability to swim, Sanji dives in to rescue him, solidifying the growing bond between the cook and the future Pirate King.
The Aftermath: Following the defeat, Krieg’s loyal subordinate Gin decides to take his captain and the remnants of their crew away, promising to meet Luffy again in the Grand Line. This sets the stage for Sanji’s emotional departure from the Baratie in the following episode. Understanding the File Quality and Audio
The keyword highlights a specific release format favored by fans in South Asia:
1080p Resolution: Provides a crisp, high-definition viewing experience, which is essential for enjoying the detailed animation of early One Piece battles.
Dual Audio (HIN/ENG): Includes both the original English dub and a Hindi dubbed version. Hindi dubbing for One Piece has significantly grown in popularity on platforms like Crunchyroll to cater to the Indian anime community.
J-Subs: Likely refers to Japanese subtitles or a release sourced from Japanese TV broadcasts with original Japanese audio options. Legal and Safety Warnings
While sites like Vegamovies provide easy access to large libraries of dubbed content, they are unauthorized piracy platforms.
Episode Title: "The Outcome of the Battle! Zeff's Decision!" (Note: This corresponds to the anime numbering; the 2023 live-action series consists of only 8 episodes in its first season). Source/Distributor Tag: Vegamovies Format: Digital Rip (likely MKV/MP4) Technical Specifications
The file naming convention provides specific details regarding the visual and auditory quality of the media:
Resolution (1080p): The video is encoded in Full High Definition (1920 x 1080 pixels). This ensures high clarity, sharp textures, and suitability for large-screen viewing. Audio Tracks (Multi-Audio):
HIN (Hindi): Includes a dubbed track for Hindi-speaking audiences.
ENG (English): Includes the English dub or original English audio (if live action).
JAP (Japanese): Includes the original Japanese voice acting, typically preferred by purists for anime content.
Encoding Standards: The file likely utilizes H.264 or HEVC (H.265) compression to balance high visual fidelity with manageable file sizes. Narrative Context: Episode 29 Conclusion: This filename is a textbook example of
In the context of the One Piece "Baratie Arc," Episode 29 is a pivotal moment in the battle against Don Krieg and his pirate armada.
The Conflict: The episode focuses on the conclusion of the high-stakes battle at the seafaring restaurant, Baratie. Sanji and Luffy defend the ship against Don Krieg’s overwhelming firepower and "dirty" tactics.
Character Development (Sanji): This episode explores the deep bond between Sanji and Head Chef Zeff. It highlights the "All Blue" dream and the debt of gratitude Sanji feels toward Zeff for saving his life years prior.
Zeff's Decision: The title refers to Zeff’s realization that Sanji must leave the Baratie to pursue his own dreams with the Straw Hat crew, leading to one of the most emotional departures in the early series. Distribution Context
The prefix "-Vegamovies-" indicates the file originates from a third-party indexing site. Users typically seek these versions because they aggregate multiple language tracks (Dual or Multi-Audio) into a single file, allowing viewers to toggle between Hindi, English, and Japanese audio without needing separate downloads.
In the original anime series, the episodes covering the end of the Baratie Arc and the beginning of the Arlong Park Arc follow Luffy’s battle with Don Krieg and the mystery surrounding Nami’s betrayal.
Episode 29: "The Conclusion of the Deadly Battle! A Spear of Blind Determination!"
The Final Blow: Luffy continues his relentless assault against Don Krieg’s golden armor. Despite Krieg’s arsenal of explosives and a spiked net, Luffy uses a Gum-Gum Bazooka to shatter the armor and a Gum-Gum Giant Mallet to knock him out.
A Pirate's Retreat: After the battle, the Krieg Pirates retreat under the command of Gin, who acknowledges Luffy's strength and promises to meet them again on the Grand Line.
The Aftermath: Sanji rescues Luffy from drowning in the sea. Meanwhile, the crew prepares to pursue Nami, who has stolen the Going Merry.
Episode 34: "Everyone's Gathered! Usopp Speaks the Truth About Nami!"
Usopp's Return: The crew is shocked to find Usopp alive after Nami seemingly killed him. He reveals that Nami staged his death by stabbing her own hand to trick the Arlong Pirates, proving her underlying loyalty to her friends.
Arlong's Cruelty: While Luffy refuses to leave the island without his navigator, Arlong’s officers easily sink a Marine ship led by Commodore Pudding Pudding that attempted to rescue villagers.
The Past Unveiled: Nami’s sister, Nojiko, begins to explain Nami's painful history, revealing that they were raised by a woman named Bell-mère in Cocoyasi Village before Arlong's arrival. Summary of Episodes 29–34 29 The Conclusion of the Deadly Battle! Luffy defeats Don Krieg; Sanji joins the crew. 30 Set Sail! The Seafaring Cook and Luffy! Sanji bids an emotional farewell to Zeff and Baratie. 31 The Most Wicked Man in the East Blue! The crew reaches Arlong Park to find Nami. 32 The Witch of Cocoyasi Village! The truth about Nami's role in Arlong's crew is questioned. 33 Usopp's Dead?! Nami appears to kill Usopp to prove her loyalty to Arlong. 34 Everyone's Gathered!
Usopp reveals Nami saved him; Nojiko begins Nami's backstory. Episode 34 | One Piece Wiki | Fandom
The anime, produced by Toei Animation, has received widespread acclaim for its pacing, animation quality, and the emotional resonance of its storytelling. The voice acting, both in Japanese and English dubs, contributes significantly to the characters' personalities and the overall viewing experience.
As of my last update, "One Piece" has significantly surpassed 1000 episodes, making it one of the longest-running anime shows. Season 1, also known as the "East Blue" arc, covers the storyline from the very beginning until Luffy and his crew reach the end of the East Blue. Episodes 29-34 would still be within the early parts of the series, likely focusing on the adventures of Monkey D. Luffy and his friends as they travel through the East Blue, encountering various allies and enemies.
One Piece is unique. It is a 25+ year journey. When you download -Vegamovies-One.Piece.S1E29.mkv, you are not "sticking it to the man." You are hurting the very people who create the show.
Files with names like -Vegamovies-One.Piece.S1E29.34.1080p.HIN.ENG.mkv are a favorite disguise for hackers. When you download a "1080p" file from a pirate site:
Conclusion:
This filename is a textbook example of a regionally tailored pirate release – targeting Indian anime fans with Hindi dubbing, high-resolution video, and batch bundling. While convenient for free access, it bypasses legal streaming economics and poses security risks (malware, data tracking) to users. For ethical consumption, viewers are encouraged to watch One Piece via official platforms supporting the creators.
episodes 29–34 cover the climax of the Baratie Arc, featuring Luffy’s victory over Don Krieg, and the start of the Arlong Park Arc, highlighting Sanji joining the crew and the truth behind Nami's actions. The 1080p content includes Hindi, English, and Japanese audio options. For official streaming, visit One Piece Wiki One Piece Wiki Episode 34 | One Piece Wiki | Fandom
It is important to clarify that I cannot produce an article that promotes, facilitates, or provides direct access to pirated content (such as specific download links for “-Vegamovies-One.Piece.S1E29 34.1080p.-HIN.ENG...”).
However, I can write a detailed, informative article that discusses the implications of such filenames, the risks of sites like Vegamovies, and legal ways to watch One Piece (including the specific episode range S1E29–34) in Hindi and English.
Here is a long-form article optimized for the keyword concept while adhering to ethical guidelines.
If you use --silent, hcxdumptool will become a simple dump tool like tshark, Wireshark, tcpdump. PMKIDs are not requested and a possible packet loss has to be expected.
To request PMKIDs only:
$ sudo hcxdumptool -i INTERFACE -o dump.pcapng --disable_client_attacks --disable_deauthentication --enable_status=95
For sure, some attack modes are extreme aggressive (as hell). They prevent that a CLIENT is able to connect to a NETWORK or they will let a CLIENT crash completely.
BTW:
I'm interested in a dump file from netsh hostednetwork. Can you please add a pcapng file from:
netsh wlan set hostednetwork mode=allow ssid=ap01 key=12345678 keyUsage=temporary
Usually the PMKID and the MIC should be calculated using the same PMK. It looks like this is not the case on netsh, which could be a bug inside of this tool.
From what I read here:
https://stackoverflow.com/questions/23168152/use-netsh-wlan-set-hostednetwork-to-create-a-wifi-hotspot-and-the-authenti
only this types are supported by netsh:
Radio types supported : 802.11n 802.11g 802.11b
By default, PMKID caching is not activated.
RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-08-2021
Great. The dump files are very appreciated.
I'll take a look at them.
Thanks.
RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-08-2021
I have finished the analysis.
The PMKID calculated by netsh is wrong!
Looks like Windows has a problem with PMKIDs (not only on WPA2 Enterprise) since Windows 7:
https://social.technet.microsoft.com/Forums/windows/en-US/c200b4c0-91af-42e9-863b-2b77451a5613/windows-7-not-sending-the-correct-pmkid
Calculated PMKID by netsh (in WPA KEY DATA field packet 29 file 1, packet 27 file 2):
f8dc238fb156874627b5ff251b8ab53c
Calculated PMKID by function:
ca5396d611cf330aebefd48ebbfb0e63
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)Corrected hash line to reproduce that hashcat will not fail:
WPA*01*ca5396d611cf330aebefd48ebbfb0e63*020000000001*020000000020*61703031***To answer your questions:
1. It doesn't matter if you capture PMKIDROGUE or PMKID. Both are suitable for PMKID-attacks.
correct
PMKIDROGUE = PMKID requested by hcxdumptool
PMKID = PMKID captured after CLIENT request
2. In my case, pmkid-hash was not cracked (Status: Exhausted), probably due to a bug.
correct, because netsh calculated a wrong PMKID!!!
Now I have to find a way to detect this garbage.
RE: Crack WPA2 (.hc22000 file) with list not completing - v71221 - 12-09-2021
@ZerBea
I think we should start another thread called "PMKID Attack, Best Practices, Miscellaneous".
In the meantime, could you advise something to the author of the current thread (Joe_Baker) based on your experience?
For educational purposes, it is desirable to calculate PMK and PMKID manually.
I found this link http://jorisvr.nl/wpapsk.html
Could you please share your method. Perhaps you have written your own utility.
Such a utility along with the source code would be a great help for newbies like me.
RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-09-2021
"In the meantime, could you advise something to the author of the current thread (Joe_Baker) based on your experience?"
To gain the necessary basic knowledge, hashcat FAQ are very helpful:
https://hashcat.net/wiki/doku.php?id=fre...s#overview
I couldn't explain it better than what is described in this general guide.
BTW:
It makes it very difficult to give an advice, because of missing information about the OS, version of NVIDA driver and version of CUDA SDK.
There is no need to open a new thread, because nearly everything is already explained.
Since Atom persuaded me to publish hcxtools (nearly the same time when hashcat went open source) I started a thread:
https://hashcat.net/forum/thread-6661.html
It describe how to use hcxtools and how to build a WiFi analysis environment.
Another thread followed after we (again thanks to Atom and RealEnder) discovered the PMKID attack:
https://hashcat.net/forum/thread-7717.html
A WPA1/2 basic tutorial is here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Inside this threads are several links to get more background information about the functions "behind the scenes".
My advice is to read this basics and to play around with the examples mentioned above and here:
https://hashcat.net/wiki/doku.php?id=example_hashes
My second advice is to learn and understand Linux step by step:
https://wiki.archlinux.org/title/Installation_guide
BTW:
A successful installation of K A L I by graphical installer is far away from learning and understanding Linux.
That include openssl crypto:
https://www.openssl.org/docs/man3.0/man7/crypto.html
because it provide all functions to calculate and verify PMKs and PMKIDs.
"Perhaps you have written your own utility."
To find out how a PMK is calculated, please take a look at the source code of wlangenpmk (CPU based):
https://github.com/ZerBea/hcxkeys
$ wlangenpmk -e ap01 -p 12345678
essid (networkname)....: ap01
password...............: 12345678
plainmasterkey (SHA1)..: 5577866bc5e9778a3ca3d8730e97f258e2a9ae2afd95bbd63c4f383275c8ba93or wlangenpmkocl (OpenCL based):
$ wlangenpmkocl -e ap01 -p 12345678
using: NVIDIA GeForce GTX 1080 Ti
essid (networkname)....: ap01
password...............: 12345678
plainmasterkey (SHA1)..: 5577866bc5e9778a3ca3d8730e97f258e2a9ae2afd95bbd63c4f383275c8ba93There are similar functions (CPU based) in hcxpcapngtool, hcxhashtool and hcxpmkidtool as well as in hcxdumptool.
RE: Crack WPA2 (.hc22000 file) with list not completing - v71221 - 12-11-2021
@ZerBea
Great! Thanks!
In the meantime, I discovered that the freshly installed Windows 11 Enterprise no longer sends PMKID (in contrast to Windows 7 Enterprise). At least by default. Please see the attachment. If you need dumps, please let me know.
Could you please explain what "2412/1" means in the log of hcxdumptool (v6.2.5).
For example, line like this
22:09:57 2412/1 0015999e54c4 000bf4ad5332 TEST_AP [ROGUE PROBERESPONSE]What's the point of specifying [ROGUE PROBERESPONSE] in the log if hcxdumptool works with the --silent option
From my newcomer point of view, it makes more sense to specify [PROBEREQUEST] instead.