Search n00bz.net
Main | Watch the Olympics without the stink of NBC »
Thursday
Aug082013

Cracking WPA2 with Hashcat

So for all those who got to see the show at Defcon's wireless village, that talk focused more on the drinking of the Rolling Rock than the cracking of the hashes. 

I said in my ramblings that it was really really really easy. 

 

Here is a how to...  with some example files for you to follow along with.

 

First you want to capture some traffic.  I leave the logistics of how up to you. 

For this demo, we will be using a file which I grabbed online from the wireshark wiki.

http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=wpa-Induction.pcap

 

Now that you have some traffic in the form of a PCAP, fire up wireshark. 

First thing I do is enter "eapol" in the search window.  This confirms we have a handshake.  You can skip this step if you really really want to but remember the whole trust but verify.

Since WPA/2 salts with the SSID, it can help to know what that is.  Using the find menu in wireshark, search for the string SSID.

 

 

So the SSID is named "Coherer" which is good because at least it isn't Linksys.

Now here is the hardest part.  You need to convert your pcap file to a hccap file.  Hashcat has a cloud version of the tool which works awesome.  You can run some command line tools as well but the point of the talk was to not use aircrack.

https://hashcat.net/cap2hccap/

 

In real life, we all use aircrack so you can use 2 different commands.

I have used this...

aircrack-ng <cap> -J <hccap>

This could work as well...

wpaclean <out> <in>

wpaclean can damage your file so backup if you want to give it a try.

 

Now you have your hccap file. 

Download the latest version of oclHashcat from here.

Run this below:

cudaHashcat-plus64.exe --hash-type 2500 wpa.hccap dict.txt

For the demo I used a dictionary with 1 word for demo speed but that word is in the rockyou list (entry 922007).

I use cudaHashcat-plus64.exe because I have a nVidia card as well as a 64 bit system.  The base application may change but the flags are the same and the passwords are still weak.

 

Happy cracking!

 

 

 

References (28)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: Cheap Jets Jerseys
    NFL is really one particular of the biggest sports in America. It has a big following.
  • Response
    Football is actually a single of the largest sports in America. It has a key following.
  • Response
    Response: antivirus online
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Response: game cheats
    [...]Cracking WPA2 with Hashcat - Blog - n00bz Network[...]
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Response: selling on amazon
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Response: local business
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Response: stock markets
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Response: hotelopia coupon
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Response: Long island SEO
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Response: why not try here
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Nowadays we shall speak for you about the stylish range of Oakley sunglasses that you want to put on
  • Response
    Response: www.jok.md
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Response: argos
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Response: Church Staffing
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network
  • Response
    Cracking WPA2 with Hashcat - Blog - n00bz Network

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>