01-08-2015, 04:49 PM
Hi all,
I have a cap file (resulted in mergeing multipe wpa cleaned cap files,using: mergecap), but the original cap files that made the final BIG cap files are deleted. So i'm trying to extract the cap files and converting them to hccap, i can do that with: aircrack-ng & -J command but that would convert only 1 cap bassing on the index i give, ex:
There's a solution (a stupid one) is to make a script to open the aircrack-ng with the tt1.cap and enter every time an index until the nth, but that mean that the aircrack-ng will need to read the file every time, it would need days to finish.
So what i need is to extract the cap files from tt1.cap (and them i can convert them with aircrack or cap2hccap) or to undo mergecap.
I've also tried to read the file by parsing it bassing on offset range (i've read https://hashcat.net/wiki/doku.php?id=hccap), but faild cause the every cap in tt1.cap have some random bytes before essid and so i can't parse it by using the range: 0x00-0x187 for every cap.
Thanks and sorry for my bad english.
I have a cap file (resulted in mergeing multipe wpa cleaned cap files,using: mergecap), but the original cap files that made the final BIG cap files are deleted. So i'm trying to extract the cap files and converting them to hccap, i can do that with: aircrack-ng & -J command but that would convert only 1 cap bassing on the index i give, ex:
Quote:$ aircrack-ng tt1.cap -J out2And i've trying extracting cap files from the big file, using tshark:
Opening tt1.cap
Read xxxx packets.
# BSSID ESSID Encryption
1 XX:XX:XX:XX:XX:XX xx WPA (1 handshake)
2 XX:XX:XX:XX:XX:XX xx WPA (1 handshake)
3 XX:XX:XX:XX:XX:XX xx WPA (1 handshake)
4 XX:XX:XX:XX:XX:XX xx WPA (1 handshake)
5 XX:XX:XX:XX:XX:XX xx WPA (1 handshake)
6 XX:XX:XX:XX:XX:XX xx WPA (1 handshake)
7 XX:XX:XX:XX:XX:XX xx WPA (1 handshake)
........ (real ... :-) )
Index number of target network ? 1
Opening tt1.cap
Reading packets, please wait...
Building Hashcat (1.00) file...
[*] ESSID (length: x): xx
[*] Key version: 1
[*] BSSID: XX:XX:XX:XX:XX:XX
[*] STA: XX:XX:XX:XX:XX:XX
[*] anonce:
XX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XX
[*] snonce:
XX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XX
[*] Key MIC:
XX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XX
[*] eapol:
XX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XX
Successfully written to out2.hccap
Quitting aircrack-ng...
$
Quote:tshark -r tt1.cap wlan.bssid == XX:XX:XX:XX:XX:XX -w out.capand when trying to convert them to hccap using aircrack-ng:
Quote:$ aircrack-ng extract.cap -J out3Even that when oppening the file with wireshark i see it's -kind of- normal.
Opening extract.cap
Unsupported file format (not a pcap or IVs file).
Read 0 packets.
No networks found, exiting.
Quitting aircrack-ng...
$
There's a solution (a stupid one) is to make a script to open the aircrack-ng with the tt1.cap and enter every time an index until the nth, but that mean that the aircrack-ng will need to read the file every time, it would need days to finish.
So what i need is to extract the cap files from tt1.cap (and them i can convert them with aircrack or cap2hccap) or to undo mergecap.
I've also tried to read the file by parsing it bassing on offset range (i've read https://hashcat.net/wiki/doku.php?id=hccap), but faild cause the every cap in tt1.cap have some random bytes before essid and so i can't parse it by using the range: 0x00-0x187 for every cap.
Thanks and sorry for my bad english.
