How to crack a WPA2 Password using HashCat?

Question

I need to bruteforce a .hccapx file which includes a WPA2 handshake, because a dictionary attack didn't work. How can I do that with HashCat? I don't know about the length etc.

Thanks!

Answer 1

To make it simpler, you could try brute forcing the PSK in the four-way handshake. You will find the details like the salt and the MIC in handshakes 1 and 2, mostly in 2. Using the Anonce and the Snonce, you can just brute force PSK possibilities.... the PSK would be far easier to decrypt, by my opinion, if u use something that is not chungus potato. Just pbdkf2 every possibility and append the anonce and snonce.... easy as Pi(3.1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679821480865132823066470938446095505822317253594081284811174502841027019385211055596446229489549303819....)[i had to remember this]

Answer 2

First of all, you should use this at your own risk. Don't do anything illegal with hashcat.

If you want to perform a bruteforce attack, you will need to know the length of the password. The following command is and example of how your scenario would work with a password of length = 8.

hashcat -m 2500 -a 3 capture.hccapx ?d?d?d?d?d?d?d?d

The -a 3 denotes the "mask attack" (which is bruteforce but more optimized).

The -m 2500 denotes the type of password used in WPA/WPA2.

The capture.hccapx is the .hccapx file you already captured.

The ?d?d?d?d?d?d?d?d denotes a string composed of 8 digits.

If you want to specify other charsets, these are the following supported by hashcat:

?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 – 0xff