WIFI PASSWORD CRACKING

Cracking WPA2 Passwords

by Joshua Meza
Why this is Important?
TOOLS AND
RESOURCES

This Photo by Unknown Author is licensed under CC BY-NC

Step 1 - • sudo: It stands for "superuser do" and is used to execute
commands with administrative privileges. It allows you to
make changes to your system that regular users don't have
permission to do.

System • apt-get: This is the package management command-line

tool. It's used to handle packages on a Debian-based
system. Packages are essentially software applications and
libraries.

Preparation
• update: This specific sub-command is telling apt-get to
download the latest information about the available
packages from the repositories (online servers that store
software packages). It doesn't actually install or upgrade
any software; it just updates the list of available packages.

Ensure the system is up to date by

running 'sudo apt-get update' in the
terminal
Why updating is important
 Step 2 - Wi-Fi
Pineapple
SNMP
• SNMP stands for Simple Network Management
Protocol. It is a standard protocol used for
network management and monitoring of devices
on a network.
• Utilize the Wi-Fi Pineapple GUI to de-authenticate
clients and capture a handshake
De-Authentication
Explanation
Step 3 - Handshake
Capture
Handshake Explanation
INITIALIZATION: WHEN A KEY EXCHANGE: DURING THE
DEVICE ATTEMPTS TO CONNECTION PROCESS, THE
CONNECT TO A WI-FI CLIENT AND THE WI-FI ACCESS
NETWORK, IT GOES THROUGH POINT PERFORM A KEY
AN INITIALIZATION PROCESS EXCHANGE TO ESTABLISH AN
WHERE IT REQUESTS ACCESS ENCRYPTED CONNECTION.
AND THE NETWORK THIS IS THE "HANDSHAKE"
RESPONDS. WHERE CRYPTOGRAPHIC KEYS
ARE AGREED UPON FOR
SECURE COMMUNICATION.
CAPTURE: A HANDSHAKE ANALYSIS: ONCE THE SECURITY ASSESSMENT: BY
CAPTURE INVOLVES HANDSHAKE IS CAPTURED, IT ATTEMPTING TO CRACK THE
INTERCEPTING AND LOGGING CAN BE ANALYZED TO EXTRACT CAPTURED HANDSHAKE USING
THE DATA EXCHANGED THE CRYPTOGRAPHIC KEYS. TOOLS LIKE HASHCAT AND A
DURING THIS KEY EXCHANGE THESE KEYS ARE CRUCIAL FOR WORDLIST, ONE CAN ASSESS
PROCESS. TOOLS LIKE THE WI- DECRYPTING THE DATA THE STRENGTH OF THE WI-FI
FI PINEAPPLE ARE SOMETIMES EXCHANGED BETWEEN THE PASSWORD. IF THE PASSWORD
USED TO FACILITATE THIS CLIENT AND THE WI-FI IS WEAK, IT MAY BE
CAPTURE BY DE- NETWORK. SUSCEPTIBLE TO ATTACKS.
AUTHENTICATING CLIENTS,
PROMPTING THEM TO
RECONNECT AND INITIATE THE
HANDSHAKE.
Step 4 - Introduction
to Hashcat

• Hashcat is a
powerful tool for
password cracking.
No need for
additional tools; Wi-
Fi Pineapple handles
everything
 Step 5 - Running
Hashcat Commands
Navigate to the terminal and change the directory
to where your files are located, e.g., Desktop

• To change directories to the desktop on Linux,

You would typically use the ‘cd Desktop’.

• Run the command: ‘hashcat –m 22000

<handshake.22000> <wordlist.txt>’

‘hashcat’: This Is the main command for Hashcat, the password cracking tool

‘-m 22000’: This specifies the hash mode. The number 22000 represents a specific hash
mode in Hashcat. In this case, it might be indicating WPA/WPA2 (Wi-Fi Protected
Access)

‘<handshake.22000>’: This is the input file containing the captured WPA/WPA2

handshake. Hashcat typically expects a file containing the hash values it will attempt to
crack.

‘<wordlist.txt>’: This is the path to a text file containing a list of words (password
candidates) that Hashcat will use for attempting to crack the passwords
 Understanding Hash
Modes
The -m option in Hashcat specifies the hash mode or type.
Examples of common hash modes:
• "-m 0: MD5"
• "-m 100: SHA1"
• "-m 500: NTLM"
• "-m 1000: NTLM (with GPU support)"
• "-m 2500: WPA/WPA2 (PMKID)"
• "-m 16800: WPA/WPA2 (PSK)“

MD5 (Message Digest Algorithm 5): MD5 is a widely used cryptographic hash function. It produces a 128-bit hash value, typically expressed as a 32-character
hexadecimal number. It is known for its speed but is considered weak in terms of collision resistance.

SHA-1 (Secure Hash Algorithm 1): SHA-1 is another cryptographic hash function. It produces a 160-bit hash value, typically represented as a 40-character
hexadecimal number. While widely used in the past, it is now considered vulnerable to collision attacks.

NTLM (New Technology LAN Manager): NTLM is a suite of security protocols used for authentication in Windows environments. The hash is often used for storing
password information.

NTLM (New Technology LAN Manager) with GPU support: This is the same as NTLM, but it indicates that Hashcat will leverage GPU (Graphics Processing Unit)
acceleration for faster password cracking.

WPA/WPA2 (Pre-Shared Key, Pairwise Master Key Identifier): This mode is used for cracking Wi-Fi passwords in WPA/WPA2-PSK (Pre-Shared Key) security. It
targets the PMKID, a key derivation function used in the WPA handshake process.

WPA/WPA2 (Pre-Shared Key): Similar to the previous mode, this is used for cracking Wi-Fi passwords, but it targets the PSK directly, which is the shared
passphrase.

In summary, each hash mode in Hashcat corresponds to a specific hashing algorithm or authentication protocol, and Hashcat uses these modes to attempt to
crack passwords hashed with these algorithms. It's important to note that the ethical and legal use of password-cracking tools is crucial to prevent unauthorized
access and adhere to applicable laws and regulations.
 SALT and HASH SSID and Password

Step 6 - Display
Cracked Password

Hashcat gives 2 possible passwords

 HASHES & SALTS
Hashes
Password Security: Hashes are like secret codes created from your password. Instead of storing your actual
password, systems store these codes.
Protecting Passwords: If a bad actor gets into a system, they find codes (hashes), not real passwords. This adds a
layer of protection, making it harder to figure out the actual passwords.
One-Way Street: You can't easily go from the hash back to the original password. It's a one-way street, making it
tougher for hackers.

Salts
Adding Variety: Salting is like adding a unique ingredient to each password before turning it into a hash. This
ensures that even if two people have the same password, their codes (hashes) look different.
Defense Upgrade: Salting makes it much harder for attackers using precomputed tables (like cheat sheets for
passwords) because they would need a separate cheat sheet for each unique salt.
Extra Security Layer: Salting is an extra layer of security, preventing attackers from easily comparing hashed
passwords to guess common ones.

In short, hashes are secret codes that keep passwords safe, and salts add variety to make things even more secure.
It's like having a secret language for passwords that's different for everyone.
KEEP IN MIND…

• Performing de-authentication can

be done via Wi-Fi Pineapple or
manually
connecting/disconnecting from
the Wi-Fi AP.
• Patience might be required,
especially during the capturing
phase.
THANK YOU!