Cracking WPA-PSK/WPA2-PSK with John the Ripper

John is able to crack WPA-PSK and WPA2-PSK passwords. Recent changes have improved performance when there are multiple hashes in the input file, that have the same SSID (the routers 'name' string).

The input format is a printable hash, which can either be directly created with john's tool “wpapcap2john” (ships with jumbo) from a packet capture in pcap format as produced by tcpdump, wireshark or airodump-ng; or by doing an intermediate conversion to Hashcat's hccap format as described below.

You can convert airodump's .cap file to .hccap in one of the following ways:

When you have hccap file you need to convert it to john's input format using “hccap2john” program shipped with recent jumbo versions. It encodes hccap file to “$WPAPSK$essid#b64encoded hccap”

Example testcase you can get from http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=wpa-Induction.pcap or wpa-Induction.tar.gz

From that point you can use john as you always do. The format comes in two flavours:

Example usage:

If “Induction” is in your (by default it is not) password.lst file, john will crack it.

If you are interested in how it works visit this page