Good morning, below is the issue I have been having and can’t seem to figure it out.
I have followed the directions in this YouTube video https://www.youtube.com/watch?v=J8A8rKFZW-M&t=526s
I searched posts on here for an answer and the only error I found was that I using -m 2500 instead of -m 22000
Any ideas would be greatly appreciated.
Thank you
C:hashcat-6.2.5>hashcat.exe -m 22000 -a3 wpa2.hccapx ?d?d?d?d?d?d?d?d?d
hashcat (v6.2.5) starting
Successfully initialized NVIDIA CUDA library.
Failed to initialize NVIDIA RTC library.
* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
Falling back to OpenCL runtime.
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause «CL_OUT_OF_RESOURCES» or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL API (OpenCL 1.2 CUDA 11.1.114) — Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: GeForce RTX 2070 with Max-Q Design, 7168/8192 MB (2048 MB allocatable), 36MCU
OpenCL API (OpenCL 2.1 ) — Platform #2 [Intel(R) Corporation]
=============================================================
* Device #2: Intel(R) UHD Graphics, 13024/26135 MB (2047 MB allocatable), 24MCU
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashfile ‘wpa2.hccapx’ on line 1 (HCPX♦): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 2 (): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 3 (ä╚Ƶ¼ì=E1│⌡ƒ╩%╗9◄Xzσ╚╡▼░[7┴): Separator unmatched
∩±Zif┘╦ktcÇ↓y): Separator unmatchedc┐♫òíFd‼¬╔
Hashfile ‘wpa2.hccapx’ on line 5 (): Separator unmatched
∩±Zif┘╦ktcÇ↓): Separator unmatchedφc┐♫òíFd‼¬╔
Hashfile ‘wpa2.hccapx’ on line 7 (`U→φ(♀⌐╗▐í-]K░ÿ►E┤Ü↕î7y┌t¥←─_ÿ↕): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 8 (): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 9 (`U→φ(♀⌐╗▐í-]K░ÿ►E┤Ü↕î7y┌t¥←─_ÿ↕): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 10 (): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 11 (): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 12 (): Separator unmatched
No hashes loaded.
Started: Fri Jan 07 09:12:39 2022
Stopped: Fri Jan 07 09:12:41 2022
Posts: 938
Threads: 2
Joined: Jun 2017
01-07-2022, 04:42 PM
(This post was last modified: 01-07-2022, 07:46 PM by ZerBea.)
Hash formats 250x and 1680x are deprecated. Successor is hash mode 22000 which use a new hash format (not longer binary hccapx)
Please read more here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
here:
https://hashcat.net/forum/thread-10544.h…=separator
here:
https://hashcat.net/forum/thread-10441.h…=separator
or this forum search for hash mode 22000:
https://hashcat.net/forum/search.php?act…order=desc
The online converter moved to the new hash format, too:
https://hashcat.net/cap2hashcat/
and forget all ancient youtube video tutorials.
If you have more questions regarding the new hash format, feel free to ask.
Posts: 2
Threads: 1
Joined: Jan 2022
Thank you, that info helped me get it running.
I wasn’t sure how to tell if it was using the CPU or GPU. I have an RTX 2070, it took almost an hour to run. The command output said ‘Failed to initialize NVIDIA RTC library.’ Wasn’t sure what that meant.
I found the example hashes page; however, I’m not sure how it works. Is that something I can use to test my system to see if it is set up correctly since my session failed/exhausted without retrieving a password?
Session……….: hashcat
Status………..: Exhausted
Hash.Mode……..: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target……: 27279_1641567199.hc22000
Time.Started…..: Fri Jan 07 10:22:11 2022 (46 mins, 56 secs)
Time.Estimated…: Fri Jan 07 11:09:07 2022 (0 secs)
Kernel.Feature…: Pure Kernel
Guess.Mask…….: ?d?d?d?d?d?d?d?d?d [9]
Guess.Queue……: 1/1 (100.00%)
Speed.#1………: 333.2 kH/s (0.75ms) @ Accel:32 Loops:256 Thr:64 Vec:1
Speed.#2………: 7679 H/s (5.96ms) @ Accel:4 Loops:16 Thr:128 Vec:1
Speed.#*………: 340.8 kH/s
Recovered……..: 0/1 (0.00%) Digests
Progress………: 1000000000/1000000000 (100.00%)
Rejected………: 0/1000000000 (0.00%)
Restore.Point….: 99852288/100000000 (99.85%)
Restore.Sub.#1…: Salt:0 Amplifier:9-10 Iteration:0-1
Restore.Sub.#2…: Salt:0 Amplifier:9-10 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1….: 646173973 -> 676464973
Candidates.#2….: 623451649 -> 637893737
Hardware.Mon.#1..: Temp: 65c Util: 0% Core: 900MHz Mem:5409MHz Bus:16
Hardware.Mon.#2..: N/A
Started: Fri Jan 07 10:22:07 2022
Stopped: Fri Jan 07 11:09:09 2022
Posts: 938
Threads: 2
Joined: Jun 2017
01-08-2022, 09:54 PM
(This post was last modified: 01-09-2022, 10:41 AM by ZerBea.)
I’m glad I could be of help.
The example hashes are useful to test your system, as mentioned here:
https://hashcat.net/forum/thread-10553-p…l#pid54456
Code:
$ hashcat -m 22000 "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***" -a 3 hashcat!
hashcat (v6.2.5-52-g806257f2e) starting
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: 4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747...-essid
Time.Started.....: Thu Jan 6 07:32:28 2022 (0 secs)
Time.Estimated...: Thu Jan 6 07:32:28 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 35 H/s (0.74ms) @ Accel:64 Loops:256 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 32c Util: 7% Core:1770MHz Mem:3500MHz Bus:8
Started: Thu Jan 6 07:32:26 2022
Stopped: Thu Jan 6 07:32:30 2022
To get benefit of CUDA, it is mandatory to install the CUDA SDK toolkit, which is not the case on your system (warning 1)
Additional you have to disable the Kernel exec timeout, which is also not the case on your system (warning 2).
How to do this depend on your operating system. Regarding the screenshots, it looks like you’re running Windows.
I’m on Arch Linux, so I can’t answer this question.
Speed.#1 = your GPU running OpenCL
Speed.#2 = your CPU integrated UHD graphics running OpenCL
hashcat -I option will give you a detailed information (in my case NVIDIA CUDA and OpenCL installed):
Code:
$ hashcat -I
hashcat (v6.2.5-98-g79f3145a4) starting in backend information mode
CUDA Info:
==========
CUDA.Version.: 11.5
Backend Device ID #1 (Alias: #2)
Name...........: NVIDIA GeForce GTX 1080 Ti
Processor(s)...: 28
Clock..........: 1620
Memory.Total...: 11175 MB
Memory.Free....: 5747 MB
Local.Memory...: 48 KB
PCI.Addr.BDFe..: 0000:26:00.0
OpenCL Info:
============
OpenCL Platform ID #1
Vendor..: NVIDIA Corporation
Name....: NVIDIA CUDA
Version.: OpenCL 3.0 CUDA 11.5.103
Backend Device ID #2 (Alias: #1)
Type...........: GPU
Vendor.ID......: 32
Vendor.........: NVIDIA Corporation
Name...........: NVIDIA GeForce GTX 1080 Ti
Version........: OpenCL 3.0 CUDA
Processor(s)...: 28
Clock..........: 1620
Memory.Total...: 11175 MB (limited to 2793 MB allocatable in one block)
Memory.Free....: 5696 MB
Local.Memory...: 48 KB
OpenCL.Version.: OpenCL C 1.2
Driver.Version.: 495.46
PCI.Addr.BDF...: 26:00.0
BTW:
The success rate of hashcat depends on the attack vector and the quality of the dump file. If you received some ERRORs or WARNINGs during conversion of the dump file, it is a good idea to reconsider your attack vector and/or to re-capture the traffic.
I’m trying to crack the password Ul1234 using hashcat. I created a user with that password in kali and copied the hash in the shadow folder:
nils:$6$3q88Up7LX1RFIlRU$gVzo1NvtuV4SmJ2SNv6mcLLc9rWtzNsI6u3TKEkKVXb3gNQKhcK/C6y1DW6q4ODNIJrjf1ondgZ7RHqD7kprI1:18296:0:99999:7:::
So the hash should be :
$6$3q88Up7LX1RFIlRU$gVzo1NvtuV4SmJ2SNv6mcLLc9rWtzNsI6u3TKEkKVXb3gNQKhcK/C6y1DW6q4ODNIJrjf1ondgZ7RHqD7kprI1
i copied the hash into file nils2.txt and typed the following command:
kali@kali:~/Documents$ hashcat -m 1800 -a 3 ?u?l?d?d?d?d -o ans.txt --force nils2.txt
hashcat (v5.1.0) starting...
OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz, 1024/2955 MB allocatable, 2MCU
Hash '?u?l?d?d?d?d': Separator unmatched
No hashes loaded.
Started: Wed Feb 5 09:08:13 2020
Stopped: Wed Feb 5 09:08:14 2020
I don’t understand why I’m getting an error
I have error «separator unmatched» when trying to use handshake hccapx with hashcat mode 22000
I generated the file using my own access point.
PS F:hashcat-6.2.4> hashcat -m 22000 capture1.hccapx wordlist.txt
hashcat (v6.2.4) starting
Successfully initialized NVIDIA CUDA library.
* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
Falling back to OpenCL runtime.
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL API (OpenCL 3.0 CUDA 11.4.125) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: NVIDIA GeForce GTX 1660 Ti, 5376/6144 MB (1536 MB allocatable), 24MCU
OpenCL API (OpenCL 2.1 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #2: Intel(R) UHD Graphics 630, 1568/3214 MB (803 MB allocatable), 24MCU
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashfile 'capture1.hccapx' on line 1 (HCPX♦): Separator unmatched
Hashfile 'capture1.hccapx' on line 2 ("·↑úæF┬m▒∟#◄∟ å/╧èû∞$): Separator unmatched
Hashfile 'capture1.hccapx' on line 3 (): Separator unmatched
No hashes loaded.
Started: Mon Sep 06 12:42:23 2021
Stopped: Mon Sep 06 12:42:24 2021
I am trying to get this hash:
633c097a37b26c0caad3b435b51404e
with the following command:
hashcat -a 0 -m 1800 -o final.txt hash.txt /usr/share/wordlists/rockyou.txt
But it gives me an error saying my separator is unmatched.
I’m new to this so I’m not exactly sure what that means or how I can fix it …
asked Apr 28, 2022 at 3:55
The hash you are trying with is of type MD5, so you have to specify the correct hash type for the hash mode flag -m, which is 0 for the MD5, so it should be -m 0 instead of -m 1800 which is used for sha512crypt $6$, SHA512 (Unix) 2.
Refer to this link from the official documentation of hashcat which provides examples for all the has types.
answered Apr 28, 2022 at 4:07
Moaz El-sawafMoaz El-sawaf
2,0661 gold badge14 silver badges28 bronze badges
I don’t know how to do it in crunch, but I just wrote a python script for you that will do it.
from random import shuffle, randint
from sys import argv
charset = [‘A’,’B’,’C’,’D’,’E’,’F’,’G’,’H’,’I’,’J’,’K’,’L’,’M’,’N’,’O’,’P’,’Q’,’R’,’S’,’T’,’U’,’V’,’W’,’X’,’Y’,’Z’,’0′,’1′,’2′,’3′,’4′,’5′,’6′,’7′,’8′,’8′,’9′]
if __name__ == «__main__»:
if len(argv) < 2:
print(«Error: please use like this:npython rand_pass.py <number_of_passwords>»)
else:
num_pass = argv[1]
passes = []
counter = 0
while counter < int(num_pass):
num_chars = 0
num_nums = 0
passwd = «»
i = 0
while len(passwd) < 10:
c = charset[randint(0,len(charset)-1)]
if num_nums < 6 and c.isnumeric():
num_nums += 1
passwd += c
elif num_chars < 6 and not c.isnumeric():
num_chars += 1
passwd += c
i += 1
passes.append(passwd)
print(passwd)
counter += 1
Usage:
python file_name_gen_pass.py
«`
It will generate num_pass passwords randomly via a list shuffle and tracking the number of chars/nums. You can refine it probably to reduce false positives but it if you are just doing some baseline brute force testing this should be sufficient to prove your point to a stakeholder.
Edit:
Wrote a C++ implementation for you to appease everyone 
#include <iostream>
#include <vector>
#include <random>
#include <string>
const char charset[] = {‘A’,’B’,’C’,’D’,’E’,’F’,’G’,’H’,’I’,’J’,’K’,’L’,’M’,’N’,’O’,’P’,’Q’,’R’,’S’,’T’,’U’,’V’,’W’,’X’,’Y’,’Z’,’0′,’1′,’2′,’3′,’4′,’5′,’6′,’7′,’8′,’8′,’9′};
int main()
{
std::cout << «Please enter the number of passwords to generate here: «;
int num_pass;
std::cin >> num_pass;
std::random_device dev;
std::mt19937_64 rng(dev());
std::vector<std::string> passwds;
std::uniform_int_distribution<std::mt19937_64::result_type> dist(0, sizeof(charset) — 1);
for (int i = 0; i < num_pass; ++i) {
std::string pass = «»;
int num_nums = 0, num_chars = 0;
while (pass.length() < 10) {
char c = charset[dist(rng)];
if (isdigit(c) && num_nums < 6) {
pass += c;
num_nums++;
}
else if (isalpha(c) && num_chars < 6) {
pass += c;
num_chars++;
}
}
passwds.push_back(pass);
std::cout << pass << std::endl;
}
std::cin.get();
}
Just run it, enter the amount of passwords to generate and it’ll fire off. It’s pretty fast for small amounts. Just run it like so:
gen_pass.exe > pass.txt
Then open that file and remove the first line and run this command: awk ‘!seen[$0]++’ script.py