2.0 KiB
Hashcat
Install Hashcat from source
sudo apt install build-essential cmake
git clone https://github.com/hashcat/hashcat.git
cd hashcat
sudo make
sudo make install
Install Hashcat legacy from source
sudo apt install git lzip make m4 mingw-w64
git clone https://github.com/hashcat/hashcat-legacy.git
cd hashcat
sudo ./tools/deps.sh
make linux
Install Hashcat from binary
sudo apt install p7zip-full -y
wget https://hashcat.net/files/hashcat-6.2.5.7z
7z x hashcat-6.2.5.7z
cd hashcat-6.2.5.7zcd
Install Hashcat-Utils
git clone https://github.com/hashcat/hashcat-utils.git
cd hashcat-utils
sudo make
4-way Handshake Cracking
Once we have succesfully captured the EAPOL frames required by hashcat in order to crack the PSK, we’ll need to convert the pcap output file to the hccapx format that hashcat can read. In order to do so, we can either use this online service, or install the hashcat-utils ourselves and convert the file locally:
/hashcat-util/cap2hccapx /wifi-handshakes.pcap wifi-handshakes.hccapx
You can now proceed to crack the handshake(s) either by dictionary attack or brute-force. For instance, to try all 8-digits combinations:
/hashcat/hashcat -m2500 -a3 -w3 wifi-handshakes.hccapx '?d?d?d?d?d?d?d?d'
And this is it, the evergreen deauthentication attack in all its simplicity, performed with just one tool … let’s get to the fun part now :)
PMKID Cracking
We’ll now need to convert the PMKID data in the pcap file we just captured to a hash format that hashcat can understand, for this we’ll use hcxpcaptool:
/hashcat-tools/hcxpcaptool -z wifi-handshakes.pmkid wifi-handshakes.pcap
We can now proceed cracking the wifi.handshake.pmkid file so generated by using algorithm number 16800:
/hashcat/hashcat -m16800 -a3 -w3 wifi-handshakes.pmkid '?d?d?d?d?d?d?d?d'