oclHashcat —
oclHashcat How To:
Website: http://hashcat.net/oclhashcat/
oclHashcat needs .cap files to be converted to .hccap before it can start the password recovery process.
Aircrack-ng suite will output files in .cap with all captures SSIDs found in the scan. So we first want to run wpaclean which will reduce the file to just the 4 way handshakes found for each SSID.
[wpaclean <out.cap> <in.cap>]
*Sometimes wpaclean won’t work due to “noise” found with the capture process. An alternative can be found here.
After we get our cleaned up file we will then run it through aircrack-ng using the -J switch.
[aircrack-ng <out.cap> -J <out.hccap>]
Running oclHashcat:
[Attack Modes]
This defines which type of attack against the hash we will be using. Dictionary / Mask / Bruteforce etc…
[Hash Type]
This defines the type of hash we are trying to recover. Full list of hash types can be found here: oclHashcat Options
[Example of WPA bruteforce attack all lowercase 16 chars]
c:\oclHashcat-1.37>oclHashcat64.exe -m 2500 -a 3 -o ./accessAP-found.txt --remove ./capfiles-untested/wifi-scan-clean.hccap -1 ?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l --status --status-timer=2 - oclHashcat64.exe <--- Executable application - -m 2500 <--- Hash Type - -a 3 <--- Attack mode - -o <--- Output file - --remove <--- Remove found hashes - file.hccap <--- File that contains hash - -1 ?l?u?d?s <--- Character key space - --status <--- Auto update status message - --status-timer=Num <--- Status time refresh rate in Seconds
Categorised as: Linux Commands | Pentesting
Comments are disabled on this post