Home / Cracking / Cracking WPA2 WPA with Hashcat in Kali Linux (BruteForce MASK based attack on Wifi passwords)

Cracking WPA2 WPA with Hashcat in Kali Linux (BruteForce MASK based attack on Wifi passwords)

Capture handshake with WiFite

Why WiFite instead of other guides that uses Aircrack-ng? Because we don’t have to type in commands..

Type in the following command in your Kali Linux terminal:

wifite –wpa

You could also type in

wifite wpa2

If you want to see everything, (wep, wpa or wpa2, just type the following command. It doesn’t make any differences except few more minutes

wifite

Once you type in following is what you’ll see.

1-wifite-cracking-wifi-wpawpa2-passwords-using-pyrit-and-cowpatty-blackmore-ops

 

So, we can see bunch of Access Points (AP in short). Always try to go for the ones with CLIENTS because it’s just much faster. You can choose all or pick by numbers. See screen-shot below

2-wifite-screen-cracking-wifi-wpawpa2-passwords-using-pyrit-and-cowpatty-blackmore-ops

 

Awesome, we’ve got few with clients attached. I will pick 1 and 2 cause they have the best signal strength. Try picking the ones with good signal strength. If you pick one with poor signal, you might be waiting a LONG time before you capture anything .. if anything at all.

So I’ve picked 1 and 2. Press Enter to let WiFite do it’s magic.

3-wifite-choice-cracking-wifi-wpawpa2-passwords-using-pyrit-and-cowpatty-blackmore-ops

 

Once you press ENTER, following is what you will see. I got impatient as the number 1 choice wasn’t doing anything for a LONG time. So I pressed CTRL+C to quit out of it.

This is actually a great feature of WIfite. It now asks me,

What do you want to do?

  1. [c][/c]

    ontinue attacking targets

  2. [e]xit completely.

I can type in c to continue or e to exit. This is the feature I was talking about. I typed c to continue. What it does, it skips choice 1 and starts attacking choice 2. This is a great feature cause not all routers or AP’s or targets will respond to an attack the similar way. You could of course wait and eventually get a respond, but if you’re just after ANY AP’s, it just saves time.

4-wifite-continue-cracking-wifi-wpawpa2-passwords-using-pyrit-and-cowpatty-blackmore-ops

 

And voila, took it only few seconds to capture a handshake. This AP had lots of clients and I managed to capture a handshake.

This handshake was saved in /root/hs/BigPond_58-98-35-E9-2B-8D.cap file.

Once the capture is complete and there’s no more AP’s to attack, Wifite will just quit and you get your prompt back.

5-wifite-captured-handshake-cracking-wifi-wpawpa2-passwords-using-pyrit-and-cowpatty-blackmore-ops

 

Now that we have a capture file with handshake on it, we can do a few things.

Cleanup your cap file using wpaclean

Next step will be converting the .cap file to a format cudaHashcat or oclHashcat or Hashcat on Kali Linux will understand.

Here’s how to do it:

To convert your .cap files manually in Kali Linux, use the following command

wpaclean <out.cap> <in.cap>

Please note that the wpaclean options are the wrong way round. <out.cap> <in.cap> instead of <in.cap> <out.cap> which may cause some confusion.

In my case, the command is as follows:

wpaclean hs/out.cap hs/BigPond_58-98-35-E9-2B-8D.cap

Convert .cap file to .hccap format

We need to convert this file to a format cudaHashcat or oclHashcat or Hashcat on Kali Linux can understand.

To convert it to .hccap format with “aircrack-ng” we need to use the -J option

aircrack-ng <out.cap> -J <out.hccap>

Note the -J is a capitol J not lower case j.

In my case, the command is as follows:

aircrack-ng hs/out.cap -J hs/out

cracking-wpawpa2-with-oclhashcat-cudahashcat-or-hashcat-on-kali-linux-bruteforce-mask-based-attack-blackmore-ops-1

 

Check Also

Steganography in Kali Linux - Hiding data in image - blackMORE Ops

Steganography in Kali Linux – Hiding data in image

Steganography is the practice of concealing a file, message, image, or video within another file, …

Cracking password using John the Ripper in Kali Linux - blackMORE Ops

Cracking password in Kali Linux using John the Ripper

John the Ripper is a free password cracking software tool. Initially developed for the Unix …

36 comments

  1. what if the password is: ‘abc123efgh’ what mask is best to crack it.? Will ?l?d?l?d?l?d?l? be able to crack it??

  2. :~/Desktop# oclhashcat -m 2500 /root/Desktop/12AC7F.hccap /root/Desktop/newrockyou.txt
    oclHashcat v1.30 starting…
    Device #1: Tahiti, 2904MB, 1100Mhz, 32MCU
    STOP! Unsupported or incorrect installed GPU driver detected!
    You are STRONGLY encouraged to use the official supported GPU driver for good reasons
    See oclHashcat’s homepage for official supported GPU drivers
    You can use –force to override this but do not post error reports if you do so

    RADEON R9 280X gigabyte with installed drivers for pyrit.

    any idea what is missing ?

  3. You’ll never crack awpa password you dumb

  4. What ?a missing is space character. Most passphrase contains space characters. Therefore, ?a will never be able to crack a very common passphrase which has a space character.

  5. when i try this commnad:- cudahashcat –help | grep WPA
    Output will be …
    bash: cudahashcat: command not found
    help me!

  6. Hello everybody!

    I would like to capture encrypted frames, but I can’t. Help me, please.
    Used the commands:

    ifconfig wlan0 down
    iwconfig wlan0 mode monitor
    ifconfig wlan0 up

    airodump-ng –bssid 9c:d6:43:a8:9d:60 -c 4 -w test2015 wlan0

    My pcap file show only control frames: Clear-to-send, ack; and beacon frames.

    I would like capture a bit stream encrypted 1001110110101001 by data frames…. How can I do it?

    Thank you very much.

  7. Your explanation is way better than the shit they gave back in wiki.Thanks for your patience.Appreciate it.

    • Problem with Wiki is you get more than you ask for! I gave a very simple but working explanation. Once someone is used to that, they can start making complex ones.
      Thanks for your compliment. Cheers,
      -BMO

  8. Can anyone help me eith issue with hashcat and cudahashcat64 i have all drivers installed correctly but hashcat is 1000 time faster than cudahashcat. to crack 8 letter including upercase and digits passwords takes 10 years in cudahashcat but when piped to pyrit using hahscat 1hr 12 Minutes the VGA driver is gtx760 and works with no errors.
    Also running hashcat displays 42million words per second when crunching
    But in cudahashcat it shows around 40,000 pks .
    Hardware intel i7 4820k 16 Gb ram Nvidia gtx 760 1gb ram

  9. Is this possible without an Nvidia or Amd graphic card ? because i am using an standard intel videocard hope ro hear you soon

  10. When running the conversion from .cap to .hccap, I get a “Failed to create Hashcat capture file” error :(

    Any help?

  11. This video leads me here, just posting so you know that the tutorial works

  12. Amazing tutorial! Thank you so much!

    Is there any disadvantage using just hashcat instead of oclhashcat or cudahashcat ?

  13. Hi first of all many thanks for taking the time for this tutorial.

    I am currently stuck in that I try to use the cudahashcat command but the parameters set up for a brute force attack, but i get “bash: cudahashcat: command not found”.

    I have followed the previous instructions and have my graphics card showing as a CUDA device when i use the pyrit list_cores command and also when running a benchmark.

    My card is a GTX 970 and I am running on Kali 4.4.0 amd-64

    Using “hashcat” works fine but I assume that it is not using my GPU.

    Any help would be appreciated!

    Thanks

  14. Any device running a WN823N chip is confirmed on mon and injection.

  15. With the command aircrack-ng I will always get this:
    Opening hs/haha.cap
    Read 0 packets.

    No networks found, exiting.

    Any sugestions what’s going on here?

    • By the way I’ve used wifite -wpa -cowpatty to got my Handshakes. This worked instandly. Maybe is this the failure, I don’t know.

  16. hey ho%**

    i got hashcat running nicely. i have a converted handshake file i want sorted but i want to know
    how much faster is cudahashct? than regular hashcat?

    salutation and supplications

  17. Am getting this error as hashcat is starting

    ERROR: clGetDeviceIDs () : -1 : CL_DEVICE_NOT_FOUND

    Where could i have gone wrong? What is it exactly am I missing?
    Thank in advance

  18. i got this question, how fast, in keys per sec, is cudahashcat quicker than usual cpu hashcat?

    many thanks and cranks

  19. Hello,
    I have same gpu gtx210. But i get this error: hashcat: this device local mem size is too small.

  20. Sir …. I have intel HD Graphic cars what should I install???? Plzzzzz

  21. windows.alert(“wdwe”)

  22. “>alert();

Use WordPress.com, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed)

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.

%d bloggers like this: