Cracking WPA/WPA2 with hashcat

The .cap and .hccapx

hashcat accepts the WPA/WPA2 hashes in it's own “hccapx” file. Assuming you already captured a 4-way handshake using airodump-ng, Wireshark or tcpdump, the next step will be converting the .cap file to a format hashcat will understand. The easiest way is to go to one of these sites for converting:

Upload your .cap and get a .hccapx file.

The problem with that is that you upload some sensitive data to a strange place. If you dont mind go for it.

Otherwise here is what they do (in this order):

  1. Use cap2hccapx to convert locally
To convert your .cap files manually in Backtrack/Kali.

The cap2hccapx is still very new. Kali did not yet update from hccap to hccapx

Preparation

hashcat is very flexible, so I'll cover three most common and basic scenarios:

Dictionary attack

  • Grab some wordlist, like Rockyou.
  • Put it into hashcat folder.
  • Rename your converted capture file “capture.hccapx”.
  • Create a batch file “attack.bat”.
  • Open it with a text editor, and paste the following:
hashcat.exe -m 2500 capture.hccapx rockyou.txt
pause

Execute the attack using the batch file, which should be changed to suit your needs.

Brute-Force Attack

  • Rename your converted capture file “capture.hccapx”.
  • Create a batch file “attack.bat”.
  • Open it with a text editor and paste the following:
hashcat.exe -m 2500 -a3 capture.hccapx ?d?d?d?d?d?d?d?d
pause

This will pipe len8 digits only to hashcat, replace the ?d as needed.

Would be wise to first estimate the time it would take to process using a calculator.

TBD: add some example timeframes for common masks / common speed

Rule-based attack

This is a similar to Dictionary attack, but commands look a bit different:

hashcat.exe -m 2500 -r rules/best64.rule capture.hccapx rockyou.txt
pause

This will mutate rockyou wordlist with best 64 rules, which come along in oclHashcat distribution.

Change as necessary and remember, the time it will take the attack to finish will increase proportionally with the amount of rules.

What are rules ?