Hashcat: Cracking WPA Passwords (German)

TL;DR

This guide shows you how to use Hashcat to crack WPA passwords, focusing on resources and settings useful for German password attempts. It covers wordlists, rules, and attack modes.

1. Prerequisites

• Hashcat: Download and install the latest version from https://hashcat.net/
• Aircrack-ng Suite: Needed to capture the WPA handshake. Install using your distribution’s package manager (e.g., apt install aircrack-ng on Debian/Ubuntu).
• Wi-Fi Adapter: A compatible adapter capable of monitor mode and packet injection.
• Target Network Information: SSID (network name) and BSSID (MAC address of the access point).

2. Capturing the WPA Handshake

1. Put your Wi-Fi adapter into monitor mode:

   airmon-ng start wlan0

2. Use airodump-ng to find your target network and capture traffic. Replace wlan0 with your interface name.

   airodump-ng wlan0

3. Deauthenticate a client connected to the target network to force it to reconnect and generate the handshake (replace BSSID and CLIENT_MAC):

   aireplay-ng -0 1 -a BSSID -c CLIENT_MAC wlan0

4. Once you have a handshake, stop capturing traffic.

3. Preparing the Hash

Convert the captured .cap file to a hash format suitable for Hashcat:

hcxdumptool -i your_capture_file.cap --export wpa

This will create a your_capture_file.wpa file containing the WPA hash.

4. Wordlists

German passwords often follow specific patterns. Here are some useful wordlists:

• RockYou: A massive list, but requires filtering for German-specific terms.
• German Wordlists: Search online for “german password lists” or download from sites like GitHub (be cautious about the source).
• Name Lists: German first and last name lists can be effective.

5. Rules

Rules modify wordlist entries to create more variations. Hashcat includes several rulesets:

• Rule Sets: Located in the /usr/share/hashcat/rules/ directory.
• Common German Rules: Consider using rules that add common suffixes, prefixes, and number combinations (e.g., rule set best64.rule).
• Custom Rules: Create your own rules to target specific patterns.

  # Example custom rule - adds '123' at the end
  $append 123

6. Attack Modes

Choose an appropriate attack mode based on your resources and target network:

• Mode -0 (Straight): Tries wordlist entries directly.

  hashcat -m 2500 your_capture_file.wpa wordlist.txt --rules best64.rule

• Mode -1 (Dictionary + Mask): Combines a wordlist with a mask to generate variations.

  hashcat -m 2500 your_capture_file.wpa ?d?d?d?d --rules best64.rule

• Mode -3 (Brute-Force): Tries all possible combinations within a specified character set (very slow).

  hashcat -m 2500 your_capture_file.wpa ?a?a?a?a --rules best64.rule

7. Optimizing Hashcat

• GPU Acceleration: Use a powerful GPU for faster cracking.
• Attack Mode Selection: Choose the most efficient mode based on your knowledge of the password complexity.
• Wordlist Filtering: Reduce wordlist size by filtering out irrelevant terms.
• Rule Optimization: Select rules that target likely patterns.