Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Weird result
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hey guys!

First of, kudos to the devs of this awesome tool!

I ran into a weird output today. I was cracking a WPA handshake with cudaHashcat64 (Rockyou dictionary + best64 rule) and I got a really weird...result?! This is the output:
[ESSID]:[STRING1]:[STRING2]:123456789 where STRING{1,2} is 12 char alfanumeric (lowercase only).

This is my first attempt and I confess I'm a n00b. Correct me if I'm wrong but shouldn't the result be a single string if successful instead of 3 strings?

Would love your feedback.

Cheers, mates!
Those "weird strings" are the mac addresses of the access point and the connected device/client respectively.
The output format was choosen to distinguish between networks with the same network name "ESSID". There are many cases where several access points share the same network name.

The output can always be "changed" (skip the "hash", in this case "ESSID:BSSID:MACOFCLIENT:" etc) with the --outfile-format option (see --help).
(05-21-2016, 09:05 AM)philsmd Wrote: [ -> ]Those "weird strings" are the mac addresses of the access point and the connected device/client respectively.
The output format was choosen to distinguish between networks with the same network name "ESSID". There are many cases where several access points share the same network name.

The output can always be "changed" (skip the "hash", in this case "ESSID:BSSID:MACOFCLIENT:" etc) with the --outfile-format option (see --help).

Your answer is much appreciated! Taking a closer look, you are spot on. But I never fiddled with the --outfile-format argument. Does this mean that the pass is 123456789 (the last string)? Because I tried it and it doesn't appear to be it.

In any case, thanks a lot for the clarifications!
yes, the (default) format (including the "hash" part) is:
ESSID:BSSID:STMAC(client):password

There could be several reasons (assuming that the output really is "123456789" - without quotes) that prevent you from connecting to this specific test network, including - but not limited to - a MAC address filtering (whitelist) etc.

Also make sure that the outputted password does not contain any trailing spaces etc... i.e. make sure that it is exactly "123456789". You can always check the cudaHashcat.pot file to make sure that there is no "invisible space" etc.
Thanks mate! Mystery solved.