Cracking WPA-PSK/WPA2-PSK with John the Ripper

John is able to crack WPA-PSK and WPA2-PSK passwords. Recent changes have improved performance when there are multiple hashes in the input file, that have the same SSID (the routers 'name' string).

The input format is a printable hash, which can either be directly created with john's tool “wpapcap2john” (ships with jumbo) from a packet capture in pcap format as produced by tcpdump, wireshark or airodump-ng; or by doing an intermediate conversion to Hashcat's hccap format as described below.

You can convert airodump's .cap file to .hccap in one of the following ways:

When you have hccap file you need to convert it to john's input format using “hccap2john” program shipped with recent jumbo versions. It encodes hccap file to “$WPAPSK$essid#b64encoded hccap”

Example testcase you can get from or wpa-Induction.tar.gz

From that point you can use john as you always do. The format comes in two flavours:

  • -format=wpapsk (will use CPUs, is SIMD and OpenMP capable)
  • -format=wpapsk-opencl (for any OpenCL GPU or CPUs)

Example usage:

  • $ hccap2john wpa-Induction.hccap > crackme
  • $ ./john -w=password.lst -form=wpapsk-opencl crackme

If “Induction” is in your (by default it is not) password.lst file, john will crack it.

If you are interested in how it works visit this page

john/WPA-PSK.txt · Last modified: 2019/06/15 20:50 by solar
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux