Precomputed WPA Attack on hidden ssid AP
I have been trying to test the strength of our office wlan passphrase and I captured the handshake file & ran multiple dictionary attacks to rule out a weak password that can be found in a dictionary.
I am now trying to run a precomputed WPA attack using cowpatty, I already got a hash file from shmoo group for the ssid but when I ran the command below:
cowpatty -r capfile.cap -d hashfile.hash -s hidden_ssid_name
End of pcap capture file, incomplete TKIP four-way exchange. Try using a different capture.
I know I captured the handshake from looking at airodump output and when i ran aircrack-ng against the capfile I get this result and I am able to run a dictionary attack against it:
# BSSID ESSID Encryption
1 00:11:22:xx:xx:xx WPA (1 Handshake)
2 00:AA:BB:xx:xx:xx sum_other_ssid No Data - WEP or WAP
Anyway, so I searched my cap files for another capture and when I ran cowpatty against it i get this:
Collected all necessary...
Starting dictionary attack...
Invalid word length -33
Found a record that was too short, this shouldn't happen in practice!
Unable to identify the PSK from dictionary file. Try expanding your passphrase list, and double-check SSID. Sorry it didn't work out.
0 passphrases tested in 0.00 seconds: 0.00 passphrases/second
I'm thinking maybe its because the cap file does contain the handshake but does not have the associated ap ssid name because it was hidden despite having the bssid - and cowpatty does not provide an option to use the mac address in the -s option since the ssid is what was used to precompute the hash...
so at this point I am looking for extra input as to why I may be getting this error and if anyone has been able to use this approach on a hidden ssid ap audit.
Thanks for looking.