How To Cracking Wpa Wpa2 Password oclHashcat

Sept 11, 2015 by Matthew

This video is intended to show you How To Crack Wpa Wpa2 Password using oclHashcat
Cracking Wpa Wpa2 Wireless Network can take some time using a CPU like we will be doing in this video a faster way would to use hashcat and use our GPU problem is you kinda need a really good GPU to do it that's just the way I feel I might be wrong though!
You will need Kali Linux
You will need Windows PC
You will need a High-end GPU Laptop GPU and Low-end GPU's won't work good.

UPDATE: So I was made aware that you can skip generating a phone number wordlist if you don't wanna waste the hard drive space you can simply use masking be using the following command below
oclHashcat64.exe -m 2500 -a3 capture.hccap 239?d?d?d?d?d?d?d
Be sure that your *.hccap is named capture.hccap and your replace the 239 with the US area code of the phone number your target network was in.
You will need a Compatible Wireless card I recommend these Compatible Wireless Cards:
Compatible Wireless Cards: Alfa Networks AWUS036H - Works! Alfa Network AWUS036NH - Untested! TP-LINK TL-WN722N - Works!
Getting a low signal to the target network?
Order a WiFi signal amplifier: WiFi signal amplifier Signal gain could be increased by -20 dbi.

Let's get started!

First we need to find out what wireless cards are connected by typing:
airmon-ng Next we need to bring our wireless card down:
ifconfig wlan0 down
Once our wireless card is down we need to run the command
airodump-ng wlan0 This will show us all the wireless networks within range.
Let the airodump-ng run till you find the target network.
2:00 When you found the target network press and hold CTRL+C to stop airodump-ng
We need to remember the BSSID and the Channel the target network is on.
airodump-ng -c 1 --bssid BC:F6:85:BF:4F:70 -w filename wlan0 replace 1 with your targets channel and replace BC:F6:85:BF:4F:70 with your targets BSSID.
You honestly should replace filename with the name of the target ESSID name for each network you target.
airodump-ng command is just listening to connections on the target router.
We need a mac address to show up under the station if nothing shows up under the station we can't go any further in the steps need a device to be connected to that target network over wireless so we can deauth it and capture the 4 way handshake.
4:05 we run the aireplay-ng command to deauth a client connected to the target network.
aireplay-ng -0 1 -a BC:F6:85:BF:4F:70 -c D8:50:E6:84:6C:74 wlan0
-0 is the Deauth attack. 1 = number of Deauth to sent to the target connected. -a = BSSID of target network. -c = target mac address under the station. 4:40 WPA Handshake captured!
oclHashcat64.exe -m 2500 capture.hccap wordlist.txt Since were using our CPU this can take some time depending on how big your wordlist is you might not even get the wireless password if its not in the wordlist try a wps attack if this attack fails try a pixiewps attack might work but not always.
7:43 WPA password cracked! KEY FOUND!
Find the target network connect to it using the password you got if you cracked it.

Hashcat Website

oclHashcat Website


If you're unable to connect to the network and the password is 100% correct its very very possible the target has Mac address filtering security so only mac address that are in a allow list can connect this is extra security some people use but its a simple bypass if you spoof your mac address with a connected client.

Last edited by Matthew Knight on July 11, 2015 at 3:05 pm