Cracking WPA / WPA2 handshakes using GPU on Windows
Hashcat is world's fastest password cracker, it is multi-OS (Linux, Windows and OSX), so if you have some nasty problems with proprietary drivers for GPU on Linux or just feel more comfortable inside Windows you can crack Wi-Fi password on it!
You need drivers for your video card (usually it is already done), also you need Hashcat (of course) and Aircrack-ng suite.
Download the freshest version hashcat and Aircrack-ng (use only official web-sites):
- https://hashcat.net/hashcat/ (select “binaries” – this file is suitable for Windows and Linux)
- http://aircrack-ng.org/ (select “Windows”)
To crack Wi-Fi, you should already have WPA / WPA2 handshake.
Now unpack downloaded archives to any folder – both programs are portable.
It is necessary to convert our handshake to Hashcat format. We will use wpaclean.
Open Windows command line (Win+X and select “Command Prompt”)
For instance, I unpacked programs to C:\Users\Alex\Downloads\, I need to reach wpaclean.exe file, located in aircrack-ng-1.2-rc4-win\bin\64bit\, so I can type in Command Prompt:
or drag-and-drop the execution file (wpaclean.exe) into Command Prompt.
wpaclean.exe <out.cap> <in.cap>
Note: the output file has the first position!
For the output file I select name cleaned.cap, and I drag-and-drop the file with handshake into Command Prompt, so I composed my command:
C:\Users\Alex\Downloads\aircrack-ng-1.2-rc4-win\bin\64bit\wpaclean.exe cleaned.cap d:\Share\autopwner-03.cap
As you can see, I have two handshakes in capture file:
Your output file is located in folder pointed to by Command Prompt. For me it is C:\Users\Alex\.
Now with aircrack-ng we need to convert our new cleaned file in hashcat format with aircrack-ng.
aircrack-ng-sse2.exe <out.cap> -J <out.hccap>
It is used a capital letter -J.
aircrack-ng-sse2.exe cleaned.cap -J cleaned
If you have more than 1 handshake in your capture file, select one of them:
I unpacked hashcat to C:\Users\Alex\Downloads\hashcat-3.30\ folder. So I copy my new file cleaned.hccap to this folder and type:
Also I copied my dictionary to the same folder.
On Windows we can use hashcat32.exe or hashcat64.exe binary, according to your system.
hashcat64.exe -m 2500 cleaned.hccap newrockyou.txt
- hashcat64.exe – is binary
- -m 2500 – the number of the WPA / WPA2 hash (you can check it here)
- cleaned.hccap – the cleaned and converted file with hash for cracking
- newrockyou.txt – dictionary file
To learn more about hashcat options, continue reading hashcat help.
- Hacking WPA/WPA2 passwords with Aircrack-ng: dictionary attack, cooperation with Hashcat, maskprocessor, statsprocessor, John the Ripper, Crunch, hacking in Windows (81.4%)
- Hashcat manual: how to use the program for cracking passwords (77%)
- How to identify hash types (69%)
- How to continue brute-force from the hashcat restore point (hashcat sessions) (69%)
- How to find out to which Wi-Fi networks a computer were connected to and stored Wi-Fi passwords (54.2%)
- How to extract all handshakes from a capture file with several handshakes (RANDOM - 14.8%)