Cracking WiFi(WPA2) Password using Hashcat and Wifite

1. First of all find the interface that support monitor mode.

2. We’ll use interface WLAN1 that supports monitor mode

3. Now we use wifite for capturing the .cap file that contains the password file

Wifite:To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool.

Features:

1. l sorts targets by signal strength (in dB); cracks closest access points first
2. l automatically de-authenticates clients of hidden networks to reveal SSIDs
3. l numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
4. l customizable settings (timeouts, packets/sec, etc)
5. l “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete
6. l all captured WPA handshakes are backed up to wifite.py’s current directory
7. l smart WPA deauthentication; cycles between all clients and broadcast deauths
8. l stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
9. l displays session summary at exit; shows any cracked keys
10. l all passwords saved to cracked.txt

4. We use wifite -i wlan1 command to list out all the AP’s present in the range

5. Press CTRL+C when you get your target listed

6. Now press no of that Wifi whose password you u want

(suppose here i want the password of fsociety so i’ll press 4 )

7. Now it will start working ,it will perform many attacks and after a few minutes it will the either give the password or the .cap file

8. The .cap file can also be manipulated using the WIRESHARK (not necessary to use)

9.to use the .cap in the hashcat first we will convert the file to the .hccapx file

10. We will use locate cap2hccapx command to find where the this converter is located

11. We ‘ll head to that directory of the converter and convert the .cap to .hccapx

12.Now we get the hccapx file

13. hashcat -m 2500 -o cracked capturefile-01.hccapx wordlist.lst

Use this command to brute force the captured file

This may look confusing at first, but let’s break it down by argument.

-m 2500 tells hashcat that we are trying to attack a WPA2 pre-shared key as the hash type. Hashcat has a bunch of pre-defined hash types that are all designated a number. You can use the –help switch to get a list of these different types, but for now we’re doing WPA2 so we’ll use 2500.

-a 3 sets the attack mode and tells hashcat that we are brute forcing our attempts. A list of the other attack modes can be found using the –help switch.

-o cracked is used to specify an output file called simply “cracked” that will contain the WPA2 pre-shared key in plain text once the crack happens successfully.

Here the hashcat is working on the GPU which result in very good brute forcing speed.

After the brute forcing is completed you will see the password on the screen in plain text.(This may take a few minutes to complete).

HAPPY HUNTING ;)