12-25-2016, 05:45 PM
For those of you who is cracking WPA with hashcat, continue reading...
Sometimes it happens that the WPA handshake you've recorded is broken. Unfortionaly there's no reliable way to detect and report such a broken handshake on startup. Even worse, hashcat (or any other cracker) is unable to crack such handshakes even if you had the correct password in your wordlist.
The latest beta version of hashcat supports cracking multiple WPA/WPA2 handshakes with the same ESSID for the price of one. That's possible because in the PBKDF2 computation WPA/WPA2 protocol uses the ESSID as salt and no other data is mixed in. That's not really news, most of the WPA crackers make use of this and build rainbow tables (yes, lol) for the most common ESSID's. This is really useless.
However, there's another reason to exploit this and this is the reason why I've added support for it. You can record multiple WPA handshakes against the same AP and since the ESSID isn't changed you can now crack them all for the price of a single handshake. The advantage is that the chances increase that there's at least one valid handshake recorded the more handshakes you record.
For example, my GTX1080 processes rockyou.txt wordlist in 30 seconds. If I add 20 more of the same AP the time it takes to process rockyou.txt is still 30 seconds.
To make use of this feature, simply concatinate the single hccap's onto each other like:
Then crack hashshake_all.hccap
Sometimes it happens that the WPA handshake you've recorded is broken. Unfortionaly there's no reliable way to detect and report such a broken handshake on startup. Even worse, hashcat (or any other cracker) is unable to crack such handshakes even if you had the correct password in your wordlist.
The latest beta version of hashcat supports cracking multiple WPA/WPA2 handshakes with the same ESSID for the price of one. That's possible because in the PBKDF2 computation WPA/WPA2 protocol uses the ESSID as salt and no other data is mixed in. That's not really news, most of the WPA crackers make use of this and build rainbow tables (yes, lol) for the most common ESSID's. This is really useless.
However, there's another reason to exploit this and this is the reason why I've added support for it. You can record multiple WPA handshakes against the same AP and since the ESSID isn't changed you can now crack them all for the price of a single handshake. The advantage is that the chances increase that there's at least one valid handshake recorded the more handshakes you record.
For example, my GTX1080 processes rockyou.txt wordlist in 30 seconds. If I add 20 more of the same AP the time it takes to process rockyou.txt is still 30 seconds.
To make use of this feature, simply concatinate the single hccap's onto each other like:
Quote:$ cat handshake1.hccap > handshake_all.hccap
$ cat handshake2.hccap >> handshake_all.hccap
$ cat handshake3.hccap >> handshake_all.hccap
$ cat handshake4.hccap >> handshake_all.hccap
...
Then crack hashshake_all.hccap