Results 1 to 7 of 7

Thread: How do I use .hash word list files to pentest?

  1. #1
    Join Date
    2016-Dec
    Posts
    9

    How do I use .hash word list files to pentest?

    I downloaded what I thought was a ready to use 7gb wordlist, when I -xvf'd the tarball, I discovered a bunch of .hash files? I tried to use them to pentest my router but I receive a "no such file or directory" error. Is this just a chmod problem or is there a special way to use these wordlists?

  2. #2
    Join Date
    2017-Feb
    Posts
    39
    could you provide us the exact command you put to receive this error?

  3. #3
    Join Date
    2016-Dec
    Posts
    9
    Quote Originally Posted by arist0v View Post
    could you provide us the exact command you put to receive this error?
    Thank you for your attention. aircrack-ng -w /root/7gb%20set/*.hash /root/*.cap

    Note: I'm logged in as root, '7gb set' is a folder with 3900 .hash files inside and I only have one capture file in the/root Home folder. My hope was that it would step through all the tables to search out a match.

  4. #4
    Join Date
    2017-Feb
    Posts
    39
    if you work with a single .hash and single .cap did it work?(so the full name instead of *.

  5. #5
    Join Date
    2016-Dec
    Posts
    9
    Not to be obnoxious but in earnest; why would that make a difference?

  6. #6
    Join Date
    2017-Feb
    Posts
    39
    because my guess is that aircrack try to find a file named literally : "*.pcacp" and "*.hash"

  7. #7
    Join Date
    2016-Dec
    Posts
    9
    Quote Originally Posted by arist0v View Post
    because my guess is that aircrack try to find a file named literally : "*.pcacp" and "*.hash"
    I did as you suggested with no change in result. Does aircrack-ng read/accept .hash files for p/w matching? I'm tempted to delete these .hash files and just use a plain wordlist in .txt format. Please point me to a good source of these if you or anyone reading can.

    Next issue:
    My router is listed as pixiewps vulnerable but when I run the following in my updated Kali:

    reaver -i wlan0mon -b XX:XX:XX:XX:XX:XX -K 1 -g 4 -N -Z -vv

    it cannot find the WPS pin. I'm afraid of a false sense of security here so what can I tweak to get a better pentest? Does the pixiewps script in Kali 2.0 recognize the results of the -N (NACK flag)? Is using the -S (dhsmall flag) still recommended? What about changing the starting number pin try sequence?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •