Shoot - crossposting here because I originally posted this in the derv82 branch and realized that's not the version I'm using...
This is intermittent. Sometimes the handshakes are cracked fine with John and sometimes they are not. I see more success with 8 character passwords, and more failures with passwords 9 characters and up. I get 100% success with aircrack instead of john but prefer john for speed.
I'm using Wifite 2.5 on Kali 2020.1 ARM build on Raspberry Pi4, and test passwords contained in the default /usr/share/dict/wordlist-probable.txt file. The cap file I used in the below tests is attached.
(editing to add hcxpcaptool version)
root@kali:~# hcxpcaptool -v
hcxpcaptool 6.0.0 (C) 2020 ZeroBeat
kernel version:
root@kali:~# uname -a
Linux kali 4.19.93-Re4son-v8l+ #1 SMP PREEMPT Tue Jan 7 22:53:24 UTC 2020 aarch64 GNU/Linux
Second edit to add wifi card info:
I've verified the problem on these two cards --
Ralink RT5370
Alfa AWUS036ACH
Collected the handshake with wifite (note pyrit error - I see this on ALL handshakes collected):
[+] (1/1) Starting attacks against A2:2A:A8:81:B0:18 (TEST)
[+] TEST (72db) WPA Handshake capture: Discovered new client: F4:AF:E7:DE:9E:72
[+] TEST (70db) WPA Handshake capture: Captured handshake
[+] saving copy of handshake to hs/handshake_TEST_A2-2A-A8-81-B0-18_2020-01-31T20-30-58.cap saved
[+] analysis of captured handshake file:
[+] tshark: .cap file contains a valid handshake for a2:2a:a8:81:b0:18
[!] pyrit: .cap file does not contain a valid handshake
[+] cowpatty: .cap file contains a valid handshake for (TEST)
[+] aircrack: .cap file contains a valid handshake for A2:2A:A8:81:B0:18
[+] Not cracking handshake because skip_atk was used
[+] Finished attacking 1 target(s), exiting
Attempt to crack with john:
root@kali:~/wpatest# wifite --crack -v
. .
. · . . · `. wifite2 2.5.0
: : : (¯) : : : an automated wireless auditor forked from @derv82
`. · ` /¯\ · . https://github.com/kimocoder/wifite2
` /¯¯¯\
[+] option: verbosity level 1
[!] Warning: Recommended app hashcat was not found. install @ https://hashcat.net/hashcat/
[+] Listing captured handshakes from /root/wpatest/hs:
NUM ESSID (truncated) BSSID TYPE DATE CAPTURED
--- ----------------- ----------------- ----- -------------------
1 TEST A2:2A:A8:81:B0:18 4-WAY 2020-01-31 20:30:58
[+] Select handshake(s) to crack (1-1, select multiple with , or - or all): 1
[!] Unavailable tools (install to enable):
* hashcat (hashcat)
[+] Enter the cracking tool to use (aircrack, john, cowpatty): john
[+] Cracking 4-Way Handshake TEST (A2:2A:A8:81:B0:18)
[+] Running: hcxpcaptool -j /tmp/wifiteil1nxn6l/generated.john hs/handshake_TEST_A2-2A-A8-81-B0-18_2020-01-31T20-30-58.cap
[+] Running: john --format=wpapsk --wordlist /usr/share/dict/wordlist-probable.txt /tmp/wifiteil1nxn6l/generated.john
[+] Running: john --show /tmp/wifiteil1nxn6l/generated.john
[!] Failed to crack TEST (A2:2A:A8:81:B0:18): Passphrase not in dictionary
Attempt to manually convert and crack with hcxpcaptool and john
root@kali:~/wpatest# hcxpcaptool -j generated.john hs/handshake_TEST_A2-2A-A8-81-B0-18_2020-01-31T20-30-58.cap
reading from handshake_TEST_A2-2A-A8-81-B0-18_2020-01-31T20-30-58.cap
failed to read pcap packet header for packet 1732
summary capture file:
---------------------
file name........................: handshake_TEST_A2-2A-A8-81-B0-18_2020-01-31T20-30-58.cap
file type........................: pcap 2.4
file hardware information........: unknown
capture device vendor information: 000000
file os information..............: unknown
file application information.....: unknown (no custom options)
network type.....................: DLT_IEEE802_11 (105)
endianness.......................: little endian
read errors......................: yes
minimum time stamp...............: 31.01.2020 20:30:30 (GMT)
maximum time stamp...............: 31.01.2020 20:30:57 (GMT)
packets inside...................: 1732
skipped damaged packets..........: 0
packets with GPS NMEA data.......: 0
packets with GPS data (JSON old).: 0
packets with FCS.................: 0
beacons (total)..................: 1
probe responses..................: 42
reassociation requests...........: 2
authentications (OPEN SYSTEM)....: 3
authentications (APPLE)..........: 1
deauthentications................: 473
action packets...................: 6
EAPOL packets (total)............: 4
EAPOL packets (WPA2).............: 4
best handshakes (total)..........: 1 (ap-less: 0)
summary output file(s):
-----------------------
1 handshake(s) written to generated.john
message pair M12E2...............: 1
root@kali:~/wpatest# john --format=wpapsk --wordlist /usr/share/dict/wordlist-probable.txt generated.john
Using default input encoding: UTF-8
Loaded 1 password hash (wpapsk, WPA/WPA2/PMF/PMKID PSK [PBKDF2-SHA1 128/128 ASIMD 4x])
Cost 1 (key version [0:PMKID 1:WPA 2:WPA2 3:802.11w]) is 2 for all loaded hashes
Will run 4 OpenMP threads
Note: Minimum length forced to 2 by format
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:02 DONE (2020-01-31 20:33) 0g/s 1340p/s 1340c/s 1340C/s nicarao..sss
Session completed
root@kali:~/wpatest# john --show generated.john
0 password hashes cracked, 1 left
Finally, attempt to crack the same handshake with aircrack (this took 6 minutes!)
root@kali:~/wpatest# wifite --crack -v
. .
. · . . · `. wifite2 2.5.0
: : : (¯) : : : an automated wireless auditor forked from @derv82
`. · ` /¯\ · . https://github.com/kimocoder/wifite2
` /¯¯¯\
[+] option: verbosity level 1
[!] Warning: Recommended app hashcat was not found. install @ https://hashcat.net/hashcat/
[+] Listing captured handshakes from /root/wpatest/hs:
NUM ESSID (truncated) BSSID TYPE DATE CAPTURED
--- ----------------- ----------------- ----- -------------------
1 TEST A2:2A:A8:81:B0:18 4-WAY 2020-01-31 20:30:58
[+] Select handshake(s) to crack (1-1, select multiple with , or - or all): 1
[!] Unavailable tools (install to enable):
* hashcat (hashcat)
[+] Enter the cracking tool to use (aircrack, john, cowpatty): aircrack
[+] Cracking 4-Way Handshake TEST (A2:2A:A8:81:B0:18)
[+] Running: aircrack-ng -a 2 -w /usr/share/dict/wordlist-probable.txt --bssid A2:2A:A8:81:B0:18 -l /tmp/wifitervcl804r/wpakey.txt hs/handshake_TEST_A2-2A-A8-81-B0-18_2020-01-31T20-30-58.cap
[+] Cracking WPA Handshake: 87.74% ETA: 45s @ 548.7kps (current key: odontoglossate)
[+] Cracked TEST (A2:2A:A8:81:B0:18). Key: "password123456"
[+] saved crack result to cracked.txt (2 total)
root@kali:~/wpatest#
handshake_TEST_A2-2A-A8-81-B0-18_2020-01-31T20-30-58.cap.gz
Shoot - crossposting here because I originally posted this in the derv82 branch and realized that's not the version I'm using...
This is intermittent. Sometimes the handshakes are cracked fine with John and sometimes they are not. I see more success with 8 character passwords, and more failures with passwords 9 characters and up. I get 100% success with aircrack instead of john but prefer john for speed.
I'm using Wifite 2.5 on Kali 2020.1 ARM build on Raspberry Pi4, and test passwords contained in the default /usr/share/dict/wordlist-probable.txt file. The cap file I used in the below tests is attached.
(editing to add hcxpcaptool version)
kernel version:
Second edit to add wifi card info:
I've verified the problem on these two cards --
Ralink RT5370
Alfa AWUS036ACH
Collected the handshake with wifite (note pyrit error - I see this on ALL handshakes collected):
Attempt to crack with john:
Attempt to manually convert and crack with hcxpcaptool and john
Finally, attempt to crack the same handshake with aircrack (this took 6 minutes!)
handshake_TEST_A2-2A-A8-81-B0-18_2020-01-31T20-30-58.cap.gz