Home - Website Feedback - All wpa uploads to bo in .cap file


6 Results - Page 1 of 1 -
1
Author Message
Avatar
frenchy1

Status: Cracker
Joined: Tue, 28 Jul 2015
Posts: 598
Team:
Reputation: 366 Reputation
Offline
Fri, 21 Apr 2017 @ 10:51:32

i personally think all future wpa files should just be uploaded in .cap files as

1. most will not run unless they see the original cap file to ensure they are not wasting their time
2. some files are stripped so badly they miss the password
3. cap files obtain critical information to help us assist in the finding of passwords

if anyone wants to add to the list please do so.

all i know is that is gets annoying after a while to keep requesting a cap file after a hccapx gets uploaded that is no good. Food for thought people



Just a hobbyist

Avatar
payknight

Status: Cracker
Joined: Wed, 13 Apr 2016
Posts: 135
Team: just4fun
Reputation: 96 Reputation
Offline
Sat, 22 Apr 2017 @ 09:05:10

thing is cap file can be huge if some one did not stop it in time.
the user can allway upload the cap file to an uploading site.
hccap\hccapx are small in size, and hccapx do as the information that u are talking about,

https://hashcat.net/wiki/hccapx

https://hashcat.net/forum/thread-6273-post-33430.html#pid33430

maybe i am missing the point but , what kind of critical information can u find the in cap file?


+rep if i helped
BTC : 1GnXjJqxzuyWCnbFJKqHCMRH7nKSscZhAN

Avatar
frenchy1

Status: Cracker
Joined: Tue, 28 Jul 2015
Posts: 598
Team:
Reputation: 366 Reputation
Offline
Sat, 22 Apr 2017 @ 09:21:42

I would think 99% of people that capture .cap file (from my own experience only) would be targeting a network and therefore would have only a small amount of data within the .cap file as once they have the handshake would stop the procedure and .cap size unless they where in a shopping center playing potluck.

The cap file contains router info, timestamp info ect but i am not the expert on these things. I think others maybe able to advise you better than i.




Just a hobbyist

Avatar
shonash

Status: n/a
Joined: Fri, 17 Mar 2017
Posts: 126
Team:
Reputation: 300 Reputation
Offline
Sat, 22 Apr 2017 @ 09:57:01

frenchy1 said:

I would think 99% of people that capture .cap file (from my own experience only) would be targeting a network and therefore would have only a small amount of data within the .cap file as once they have the handshake would stop the procedure and .cap size unless they where in a shopping center playing potluck.

The cap file contains router info, timestamp info ect but i am not the expert on these things. I think others maybe able to advise you better than i.

Yes, I agree the raw capture does need some basic ground rules.
A BSSID filter is pretty much essential, especially if you are operating in a high traffic area.

The capture file is an absolute goldmine of information that is simply not in hccap
or hccapx.

The first thing I head for is any Probe Response over a Beacon for network information.
The timestamps in a raw capture are also extremely useful in a lot of cases.

The hccapx does a terrible job with timestamps. More by luck than judgement,
it does still succeed most of the time by using the shotgun approach of trying
every combination of handshakes messages, but it does make mistakes.

There are even some more subtle things like seeing how long the AP takes
to respond to certain messages. It all helps in fingerprinting the target.

None of this is going to be an issue if you are just trying something like 8 digits
or a few small wordlists against a handshake. They are going to take such a
sort time to run, it doesn't matter if the handshake information is unreliable.

But when considering a much more extensive attack, it is really essential to
know that the handshake is good and the AP has been identified reliably.

Having said all that, I really don't think it will ever be possible to enforce just
raw cap files.

People are still going to post all sorts of random stuff.

Let's face it, quite often there is a post asking to crack a network
with no attachments at all

The best you can do is maybe just to create some guidelines to make it clear
how best to present a capture to have the best chance of someone even
bothering to look at it for you?


Avatar
payknight

Status: Cracker
Joined: Wed, 13 Apr 2016
Posts: 135
Team: just4fun
Reputation: 96 Reputation
Offline
Sun, 23 Apr 2017 @ 21:00:28

shonash said:

The first thing I head for is any Probe Response over a Beacon for network information.
The timestamps in a raw capture are also extremely useful in a lot of cases.

The hccapx does a terrible job with timestamps. More by luck than judgement,
it does still succeed most of the time by using the shotgun approach of trying
every combination of handshakes messages, but it does make mistakes.


why the heck would u want the timestamps?
and networks beacons?


+rep if i helped
BTC : 1GnXjJqxzuyWCnbFJKqHCMRH7nKSscZhAN

Avatar
soxrok2212

Status: n/a
Joined: Sat, 24 Oct 2015
Posts: 301
Team: CommunityCracking
Reputation: 227 Reputation
Offline
Sun, 23 Apr 2017 @ 21:13:14

Time stamps allow us to determine if handshake messages are captured from the same exchange... this way there is no mix n match causing a "bad" or "corrupted" cap. Probe responses (especially with WPS tags) have a lot of detailed information about the AP so we can determine which attack would be the best.



BTC: 18vMdaCfbEQ66Jkv3JsnoyJmcaeodfmR93



100% free WPA/WPA2 cracking service:
https://www.communitycracking.pw
1x Nvidia GTX 1080 Ti (soon)
1x Nvidia GTX 980
1x AMD RX 480
1x AMD R9 290


6 Results - Page 1 of 1 -
1

We have a total of 114493 messages in 13816 topics.
We have a total of 15733 registered users.
Our newest registered member is Kamiliacat.