Windows Hashcat-plus in Win 7 (WPA Hash-type) 0.49

Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker

  1. Aby$m

    Aby$m Well-Known Member
    Dev Team VIP

    Joined:
    25 Oct 2012
    Messages:
    153
    Likes Received:
    127
    This guide will detail how to use Hashcat-plus to crack WPA/WPA2 captured handshakes in Windows 7 with a dictionary file.

    _____________________________________________________________________________________________

    Step 1:Download the latest version http://hashcat.net/oclhashcat-plus/
    [​IMG]

    Step 2: Unzip the archive
    [​IMG]

    Step 3:make sure all your .cap files are converted to .hccap
    Converter: https://hashcat.net/cap2hccap/
    Step 3a: Place the converted .hccap files from Step 3 into the oclHashcat-plus Directory in Step 2.

    Step 4: make sure your Nvidia drivers are the latest: http://www.nvidia.com/Download/index.aspx?lang=en-us

    or if you use AMD GPU
    http://support.amd.com/us/gpudownload/Pages/index.aspx

    Step 5:Start Command Prompt
    Start > Run... > cmd.exe (alternative: Windows key + r > cmd.exe)

    Step 5a: Change the Command Prompt directory, to the directory where you Unzipped the oclHashcat-plus archive to in Step 2.
    [​IMG]


    Step 6: Enter command for WPA/WPA2 Depending on your OS architecture and GPU installed.


    cudaHashcat-plus64.exe -m 2500 [.hccap] [Dictionary file]
    cudaHashcat-plus32.exe -m 2500 [.hccap] [Dictionary file]
    or
    OclHashcat-plus64.exe -m 2500 [.hccap] [Dictionary file]
    Oclcat-plus32.exe -m 2500 [.hccap] [Dictionary file]

    (Cuda = Nvidia GPU Ocl = AMD GPU )

    [​IMG]

    _____________________________________________________________________________________________

    Bon app├ętit,

    Aby$m.
     
    • Like Like x 4
  2. vampiricbunny1800

    vampiricbunny1800 Well-Known Member
    Dev Team VIP

    Joined:
    8 Oct 2012
    Messages:
    242
    Likes Received:
    69
    turned out nice man you can do it manually
    wpaclean <out.cap> <in.cap>
    aircrack-ng <in.cap> -J <out.hccap> in-case you dont want to upload it
     
  3. ImJoJo

    ImJoJo The One & Only
    VIP

    Joined:
    25 Jun 2012
    Messages:
    249
    Likes Received:
    109
    I have Intel..will that work with this tool?
     
  4. Aby$m

    Aby$m Well-Known Member
    Dev Team VIP

    Joined:
    25 Oct 2012
    Messages:
    153
    Likes Received:
    127
    ImJoJo I've never tested it with an Intel VGA, but you might be lucky and the Intel VGA may have a Nvidia or AMD GPU chip, you'll have to check the specifications on your particular Intel VGA.

    Cheers,

    Aby$m.
     
  5. vampiricbunny1800

    vampiricbunny1800 Well-Known Member
    Dev Team VIP

    Joined:
    8 Oct 2012
    Messages:
    242
    Likes Received:
    69
    man there has to be faster way to hash i still have not done hash cat i have been doing the wpa_db way you showed me and it took 3 days just to open my dic file XD another 2 to to vacuum it and i am on day 4 of hashing its a 39 gig dic file tho i have another 27 gig one to ... here is another question can you just add to it? like just essid's and have it work? because i cant spend all my time hashing but id like to offer some kind of pen testing service and password recovery just asking aby$m this walkthough helped me more than you know ^..^
     
  6. Aby$m

    Aby$m Well-Known Member
    Dev Team VIP

    Joined:
    25 Oct 2012
    Messages:
    153
    Likes Received:
    127
    @VB The problem with WPA/WPA2 Hashes is that in-order to crack them you need a Salt of the ESSID along with a passphrase, which in combination creates the Hash that is used as a starting point for the authentication process between the Client and the AP.

    In a nutshell the more ESSIDs you add the longer the process will take as it must create a separate Hash per ESSID per passphrase.

    Cheers,

    Aby$m.
     
  7. vampiricbunny1800

    vampiricbunny1800 Well-Known Member
    Dev Team VIP

    Joined:
    8 Oct 2012
    Messages:
    242
    Likes Received:
    69
    is there a faster way to do it ? you can pm me if you want also can you just add more essid with no password and have the db still work ?
     
  8. estimacamry

    estimacamry Tracker
    VIP

    Joined:
    3 Aug 2012
    Messages:
    556
    Likes Received:
    153
    Run oclHashcat-plus-0.09 on my Lenovo with Nvidia GeForce GT630 with error
    ERROR: cuStreamSynchronize <> 999
    Any workaround on this issue?
    My Nvidia driver are the latest 310.70. Did the patches from here https://hashcat.net/wiki/doku.php?id=timeout_patch but still facing same error.
     
  9. Aby$m

    Aby$m Well-Known Member
    Dev Team VIP

    Joined:
    25 Oct 2012
    Messages:
    153
    Likes Received:
    127
    estimacamry

    I've never encountered this error before.

    It would be best, first to delete the oclHashcat-plus-0.09 directory and archive then Download and extract again without the patch.

    Test without the patch, then with patch.

    If however the same outcome presents itself, it would be best to seek council at the official Hashcat forum.


    ______________________________________________________________________________________________________________________
    Cheers,





    Aby$m.
     
  10. estimacamry

    estimacamry Tracker
    VIP

    Joined:
    3 Aug 2012
    Messages:
    556
    Likes Received:
    153
    Aby$m
    Guess I would skip 0.09 version for now. Currently running 0.08 version without error. Speed 3446 c/s Real, 3448 c/s GPU. Thanks for your reply:). Hopefully I can find a way to increase the speed;)
    I manage to increase the speed to 4995 c/s Real, 5003 c/s GPU with the -n option
    Code:
    Select All
    cudaHashcat-plus32.exe -m 2500 -n 80 <.hccap> <path-to-dictionary>
    Another pentest with Mask Attack
    oclHashcat.jpg

    Found another interesting tool
    Hashcat's Maskprocessor. Something similar to crunch but this wordlist generator has the extra increment options. As oclHashcat-plus meant for WPA/WPA2 the minimum would be 8d and max 15d.
    To get this, apt-get install maskprocessor. It can be found here after install \pentest\passwords\maskprocessor. I extracted the mp32.exe to my oclHashcat-plus folder in Window. Run another pentest with "INPUT.MODE..: PIPE"
    maskprocessor.jpg

    When comes to speed cracking, nothing beats oclHashcat-plus at this moment (based on my own pentest):D
     
  11. Fantastic

    Fantastic Well-Known Member
    VIP

    Joined:
    19 Feb 2013
    Messages:
    122
    Likes Received:
    155
    hi, when i write the command and press enter this is what appears hf.PNG
    "Yes" is not recognized to accept terms and conditions, how do i fix this?thanks in advance
     

    Attached Files:

  12. Aby$m

    Aby$m Well-Known Member
    Dev Team VIP

    Joined:
    25 Oct 2012
    Messages:
    153
    Likes Received:
    127
    Can you show the full command, that you have entered?
     
  13. estimacamry

    estimacamry Tracker
    VIP

    Joined:
    3 Aug 2012
    Messages:
    556
    Likes Received:
    153
  14. Fantastic

    Fantastic Well-Known Member
    VIP

    Joined:
    19 Feb 2013
    Messages:
    122
    Likes Received:
    155
    Capture.PNG
    and i get:
    hgf.PNG
    then i type YES in uppercase and it tells me "YES" is not identified as an external or internal command operable program or batch file
    gg.PNG
    Have i typed "YES" correctly or something missing?(in the first pic i wrote handshakename.cap and not .hccap but still got the same error
     

    Attached Files:

    • hg.PNG
      hg.PNG
      File size:
      12.8 KB
      Views:
      128
  15. Aby$m

    Aby$m Well-Known Member
    Dev Team VIP

    Joined:
    25 Oct 2012
    Messages:
    153
    Likes Received:
    127
    @Fantastic

    Have you attempted to run the the programs separately, rather then trying to pipe one into the other?
     
  16. Fantastic

    Fantastic Well-Known Member
    VIP

    Joined:
    19 Feb 2013
    Messages:
    122
    Likes Received:
    155
    No i put them together in the same command and yes piping them into another (now gonna try it separately)
    but i don't think the problem is with the command but i think it is that i can't agree to the terms and conditions since "YES" isn't being recognized
     
  17. estimacamry

    estimacamry Tracker
    VIP

    Joined:
    3 Aug 2012
    Messages:
    556
    Likes Received:
    153
    Fantastic
    Lets run this one more time
    1. Download oclHashcat-plus-0.13
    2. Run Backtrack live, open up a terminal and "apt-get install maskprocessor". It can be found here after install \pentest\passwords\maskprocessor. I extracted the mp32.exe to my oclHashcat-plus folder in Window.(For pipe method with increment you need mp32.exe)
    3. Open up a new terminal and convert your cap file to .hccap with the -J option. Place this .hccap to your oclHashcat folder in Window.
    4. In Window, open up command promt and cd to your oclHashcat-plus.
    5. Key in the pipe mode command and push enter.;)
     
  18. Fantastic

    Fantastic Well-Known Member
    VIP

    Joined:
    19 Feb 2013
    Messages:
    122
    Likes Received:
    155
    OH so this is a combination of backtrack and windows to work?
    --- Double Post Merged, 9 Mar 2013 ---
    It is not working (i'm stuck at the 'yes' option, seems it is a special but weird case):( guys sorry i interrupted you and thanks for all your help:)
     
  19. estimacamry

    estimacamry Tracker
    VIP

    Joined:
    3 Aug 2012
    Messages:
    556
    Likes Received:
    153
    Not necessary, you can run oclHashcat by default in Window. You can also convert your cap file to .hccap online but the .hccap file must be place in your oclHashcat-plus folder. Just run a dictionary attack against your .hccap file but make sure point it to the correct path of your dictionary.
    Read these,
    http://adaywithtape.blogspot.com/2012/02/wpa-cracking-with-oclhashcat-plus.html
    http://adaywithtape.blogspot.com/2012/02/hashcats-maskprocessor.html
    --- Double Post Merged, 9 Mar 2013, Original Post Date: 9 Mar 2013 ---
    How can I missed it:D Fantastic key in the word "YES" at the red circle then push enter not enter then "YES" at the yellow circle
    ocl.PNG
     
  20. Fantastic

    Fantastic Well-Known Member
    VIP

    Joined:
    19 Feb 2013
    Messages:
    122
    Likes Received:
    155
    Thank you estimacamry and Aby$m for the help.my problem was that amd catalyst was missed from my computer since i couldn't even install a game on my pc but now everything's back to normal and very nice tutorial
     
    • Like Like x 1
    • Winner Winner x 1
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K