top of page

Password cracking using Hashcat (Part 2)

Let's directly continue the second part after knowing enough of Hashcat basics! 💪

Hashcat allows you to use the following built-in charsets to attack a WPA2/WPA handshake file and enough sniffing the air! :)

Built-in charsets

Numbered passwords

So lets assume that your password is 12345678. You can use a custom MASK like ?d?d?d?d?d?d?d?d

What it means is that you’re trying to break a 8 digit number password like 12345678 or 23456789 or 01567891.

Letter passwords – All uppercase

If your password is all letters in CAPS such as: AHUYWEFGH or JHIOP .etc. then you can use the following MASK:

It will crack all 8 Letter passwords in CAPS.

Letter passwords – All lowercase

If your password is all letters in lowercase such as: abcdefgh or aafgghpoiu .etc. then you can use the following MASK:

It will crack all 8 Letter passwords in lowercase. I hope you now know where I am getting at.

Passwords – Lowercase letters and numbers

If you know your password is similar to this: p9o8i7u6 or n4j2k5l6 etc. then you can use the following MASK:

Passwords – Uppercase letters and numbers

If you know your password is similar to this: N4J2K5L6 etc. then you can use the following MASK:

Passwords – Mixture of uppercase, lowercase, special characters and numbers.

If you password is all random, then you can just use a MASK like the following:

Note: ?a represents anything …. I hope you’re getting the idea.

If you are absolutely not sure, you can just use any of the predefined MASKs file and leave it running. But yeah, come back to check in a million years for a really long password …. Using a dictionary attack might have more success in that scenario.

Passwords – when you know a few characters

If you somehow know the few characters in the password, this will make things a lot faster. For every known letter, you save immense amount of computing time. MASK’s allows you to combine this. Let’s say your 8 character password starts with abc, doesn’t contain any special characters. Then you can create a MASK rule file to contain the following:

There will be 125 combinations in this case. But it will surely break it in time. This is the true power of using cudaHashcat or oclHashcat or Hashcat on Kali Linux to break WPA2 WPA passwords.

You can even up your system if you know how a person combines a password. Some people always uses UPPERCASE as the first character in their passwords, few lowercase letters and finishes with numbers like this Abcde123

Your mask will look like this:

This will make cracking significantly faster. Social engineering is the key here.

So what's the point and our conclusion?

The conclusion that can be drawn out of all above is that hashcat is not just limited for a number of hashes, infact it's applicable to a wide range of hashes and other possibilities including mixes and concatenated strings. We learned to crack WPA/WPA2 using hashcat.

Besides, hashcat is known of it's power, stability and speed by operating on GPU. It also gives us the possibility of mask attack which let us play with possibilities of testing thousand of thousands strings against the hash.


All product names, logos, and brands are the property of their respective owners in Austria or other countries. All company, product and service names used on this website are for identification purposes only. Pheniix is not affiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, OpenStack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies. Use of these names, logos, and brands does not imply endorsement. The opinions expressed on pheniix are personal perspectives and not those of Cisco, Dimension Data or any other company. Pheniix runs as an independent blog.

bottom of page