Hashcat
Hashcat is a password cracking tool that was developed to primarily operate on systems with Graphical Processing Units (GPUs) from NVIDIA, AMD, and Intel.
A utility that is specifically relevant for our purposes is cap2hccapx. It exports WPA handshakes from PCAP files to HCCAPx, a format used by hashcat for WPA/WPA2 handshakes.
To install cap2hccapx run the
sudo apt install hashcat-utilscommand. After installation, these utilities are found in/usr/lib/hashcat-utils.
You can run this command
cp /usr/lib/hashcat-utils/cap2hccapx.bin /usr/binto execute the binary from anywhere.
The hashcat module to crack WPA/WPA2 is 2500
We can pause (
p) and resume (r) the hashcat execution
Extracting the Hash with AirCrack-NG
1
2
3
4
5
# It is also possible to extract a hash with aircrack
sudo aircrack-ng -J <myCapture> archivo.cap
# Then you can use the utility hccap2john to extract for cracking
hccap2jhon <myCapture> > myHash
Extracting Hash with cap2hccapx.bin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# info about cracking hardware
hashcat -I
# benchmark of all hash types (very slow)
hashcat -b
# benchmark a single hash type
hashcat -b -m 2500
# extract hashes from a cap file
cap2hccapx.bin file.cap output.hccapx
# Cracking passwords with hashcat
hashcat -m 2500 out.hccapx /usr/share/john/password.lst
# with -d we can choose the cracking device of the listed ones
hashcat64 -m 2500 -d 1 <pcap file> <wordlist>
# with --pot-file we can indicate another path to save the pot file
# install hashcat utilities (found in /usr/lib/hashcat-utils)
sudo apt install hashcat-utils
# convert PCAP file to HCCAPx file with a hashcat util
/usr/lib/hashcat-utils/cap2hccapx.bin wifu-01.cap output.hccapx