Hashcat 2024 - Bruteforcing 3.3
Hashcat 2024 - Bruteforcing 3.3
Requirements:
• A Windows 11 PC
• Running a Kali Linux VM
• A WiFi NIC
• A GPU with OpenCL or CUDA support
Install Hashcat on Windows 11
7. Open the directory where you extracted Hashcat in CMD and run the command:
hashcat.exe --help
Install Hashcat on Windows 11
8. Scrolling through the output should give you a good idea on how to use the tool.
Install NVIDIA Graphics Driver
10. Leave Optimize games and creative applications on and click NEXT.
Install NVIDIA Graphics Driver
13. I’m going to click on REINSTALL since I already have the latest Driver installed.
Install NVIDIA Graphics Driver
1. Go to website: https://developer.nvidia.com/cuda-toolkit
Install CUDA Toolkit
3. Go to downloads and double click on the cuda toolkit installer that just downloaded.
Install CUDA Toolkit
10. Go to downloads and double click on the cuda toolkit installer that just downloaded.
Install CUDA Toolkit
11. Select the folder where you want to temporarily extract the NVIDIA CUDA Toolkit installer. I
selected the default. Press OK. Wait for it to complete extracting before then continue to
the installation.
Install CUDA Toolkit
13. You might be installing an older driver version if you already have newer drivers installed.
Just click on CONTINUE.
Install CUDA Toolkit
14. Read the License Agreement and click on AGREE AND CONTINUE.
Install CUDA Toolkit
15. Under Installation options we’re just going to choose Express and click NEXT.
Install CUDA Toolkit
18. You can uncheck both the options or leave them and click on CLOSE.
Use hcxtools to get hash
1. Connect your NIC to your computer and select Connect to virtual machine. Select your
Virtual Machine Name and press OK.
Use hcxtools to get hash
2. We will now confirm that Kali Linux picked up our NIC by running the command
iw dev in the terminal. Our interface wlan0 was picked up and is in managed mode.
Use hcxtools to get hash
4. We run the following command to put the NIC into monitor mode:
sudo airmon-ng start wlan0
Use hcxtools to get hash
5. We want to see what’s our NIC interface now that we put it in monitor mode sudo iw dev
Use hcxtools to get hash
6. Let’s run airodump-ng to see what the MAC address of the target AP is, and also the channel
on which the target AP operates. Without this information of the channel, we don’t get
complete information when using the BPF filtering.
sudo airodump-ng <Interface>
Use hcxtools to get hash
Use hcxtools to get hash
7. We run the following command that creates a BPF file named attack.bpf that filters packets
where the third address field matches the target AP's MAC address and the broadcast
address. The -ddd option outputs the filter in a format suitable for hcxdumptool.
sudo tcpdump -s 65535 -y IEEE802_11_RADIO "wlan addr3 909a4a32c0b3 or wlan addr3 ffffffffffff" -ddd > attack.bpf
Use hcxtools to get hash
8. Let’s run the hcxdumptool command, we need to specify the interface (-i), channel (-c), the
bpf filter file --bpf=<bpf filter file>, and where to write (-w) the file.
9. We want to crack the password for the ESSID TP-Link_C0B4. For that we need to have either
a + under P to show we captured the PKMID or a + under 3 to show that we captured the
EAPOL handshake. Once we have that we can press ctrl + c to stop the attack. Take note of
the MAC-AP. SCAN-FREQUENCY shows we’re on 2.4Ghz. Leave it to run for a while.
Use hcxtools to get hash
12. We convert the traffic to the hash22000 format using the following command:
sudo hcxpcapngtool –o hash.hc22000 dumpfile.pcapng
Use hcxtools to get hash
1. Attack mode -a 3 is for a brute-force attempt. The hash mode -m 0 specifies MD5, but this
can be replaced by any supported hash mode in Hashcat depending on the hash type
you're targeting. The hash file in this example is named example0.hash. After this, the
mask ?a?a?a?a?a?a specifies a six-character password attempt, where ?a includes
uppercase letters, lowercase letters, digits, and special characters. You can find the full list
of character sets for creating masks in Hashcat on the next page.
v
Attack Mode Hash Mode File name of file with hashes. A mask of length 6 characters
Hashcat built-in charsets
Built-in charsets
?l abcdefghijklmnopqrstuvwxyz
?u ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d 0123456789
?h 0123456789abcdef
?H 0123456789ABCDEF
?s «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a ?l?u?d?s
?b 0x00 - 0xff
Hashcat cracking with a basic brute-force attack
1. Attack mode -a 3 is for a brute-force attempt. The hash mode -m 22000 is for WPA2
hashes. The hash file in this example is named hash.hc22000. After this, the mask
?d?d?d?d?d?d?d?d specifies an eight-character password attempt, where ?d includes
only digits.
v
v
v
Attack Mode Hash Mode File name of file with hashes. A mask of length 8 digits
Hashcat cracking with a basic brute-force attack
2. The password was cracked. You can see the password is 28839491.
Get more information
1. Website: https://www.youtube.com/davidbombal
2. Website: https://www.hashcat.com/hashcat
3. Website: https://hashcat.net/wiki/doku.php?id=mask_attack
4. Website: https://hashcat.net/wiki/doku.php?id=example_hashes
5. Website: https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2