Not sure about the stats WPA/WPA2
#1
Ok, so I've heard a lot of good things about hashcat, so I wanted to give it a try. I got a 4-way handshake, I've made it in the final version *.hccap

I have a pretty new laptop, i7, NVIDIA GeForce 740 2GB, etc

Now... I have a wordlist, and I am using this command (windows 8) to try a dictionary attack:

Quote:cudaHashcat64.exe -m 2500 -u 4096 c:\Hacking\wireless\tp-link.hccap c:\Hacking\cracking\wordlist\Romanian.dic

and I get the following results

Quote:Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: GeForce GT 740M, 2048MB, 1032Mhz, 2MCU
Device #1: Kernel ./kernels/4318/m2500.sm_35.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx

Cache-hit dictionary stats c:\Hacking\cracking\wordlist\Romanian.dic: 13889073 b
ytes, 1068103 words, 1068103 keyspace

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Session.Name...: cudaHashcat
Status.........: Running
Input.Mode.....: File (c:\Hacking\cracking\wordlist\Romanian.dic)
Hash.Target....: TP-LINK (xx:xx:xx:xx:xx:xx <-> xx:xx:xx:xx:xx:xx)
Hash.Type......: WPA/WPA2
Time.Started...: Wed Feb 12 17:45:04 2014 (1 sec)
Time.Estimated.: Wed Feb 12 17:46:16 2014 (1 min, 8 secs)
Speed.GPU.#1...: 16513 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 33816/1068103 (3.17%)
Rejected.......: 5144/33816 (15.21%)
HWMon.GPU.#1...: 99% Util, 49c Temp, N/A Fan

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

This means that 16513 passwords are tried per second ?
It's pretty good, in comparation to aircrack, even though I've seen some youtube videos, where the speed was 70k (almost the same GPU card), and it's real big difference.

This was the dictionary attack.

Trying it with mp64, I get better results, but I am not sure if I understand correctly, anyway, here is the bruteforce attack with 6 letters:

Quote:mp64.exe ?l?l?l?l?l?l | cudaHashcat64.exe -m 2500 c:\Hacking\wireless\tp-link.hccap

I get this results:

Quote:Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: GeForce GT 740M, 2048MB, 1032Mhz, 2MCU
Device #1: Kernel ./kernels/4318/m2500.sm_35.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx

Starting attack in stdin mode...


Session.Name...: cudaHashcat
Status.........: Exhausted
Input.Mode.....: Pipe
Hash.Target....: TP-LINK (xx:xx:xx:xx:xx:xx <-> xx:xx:xx:xx:xx:xx)
Hash.Type......: WPA/WPA2
Time.Started...: Wed Feb 12 17:34:36 2014 (1 min, 10 secs)
Speed.GPU.#1...: 0 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 308915776
Rejected.......: 308915776
HWMon.GPU.#1...: 0% Util, 47c Temp, N/A Fan

Started: Wed Feb 12 17:34:36 2014
Stopped: Wed Feb 12 17:35:48 2014

From this stats, I understand that 308915776 were processed in ... 1 minute and 10 seconds ?!

It's a really big difference from dictionary to bruteforce.

Did I get it wrong or... I am way to far from the truth ?
#2
Instead of using the mask processor for the brute force use cudahashcat. So it would be
Code:
cudaHashcat64.exe -m 2500 -a 3 c:\Hacking\wireless\tp-link.hccap ?l?l?l?l?l?l?l?l

Running it from stdin will be a lot slower.

Also if you didn't know WPA has a minimum length of 8 and a maximum length of 64. So your command that you have shouldn't even crack anything
#3
All the values from stdin were rejected before getting processed for the WPA algo because they were less than 8 characters. That's why it might look faster but it won't be faster than using the -a 3 like coolbry95 mentioned.