hashcat accepts the WPA/WPA2 hashes in it's own “hccapx” file. Assuming you already captured a 4-way handshake using airodump-ng, Wireshark or tcpdump, the next step will be converting the .cap file to a format hashcat will understand. The easiest way is to go to one of these sites for converting:
Upload your .cap and get a .hccapx file.
The problem with that is that you upload some sensitive data to a strange place. If you dont mind go for it.
Otherwise here is what they do (in this order):
The cap2hccapx is still very new. Kali did not yet update from hccap to hccapx
hashcat is very flexible, so I'll cover three most common and basic scenarios:
hashcat.exe -m 2500 capture.hccapx rockyou.txt pause
Execute the attack using the batch file, which should be changed to suit your needs.
hashcat.exe -m 2500 -a3 capture.hccapx ?d?d?d?d?d?d?d?d pause
This will pipe len8 digits only to hashcat, replace the ?d as needed.
Would be wise to first estimate the time it would take to process using a calculator.
TBD: add some example timeframes for common masks / common speed
This is a similar to Dictionary attack, but commands look a bit different:
hashcat.exe -m 2500 -r rules/best64.rule capture.hccapx rockyou.txt pause
This will mutate rockyou wordlist with best 64 rules, which come along in oclHashcat distribution.
Change as necessary and remember, the time it will take the attack to finish will increase proportionally with the amount of rules.