VIETNAM NATIONAL UNIVERSITY – HO CHI MINH CITY

UNIVERSITY OF INFORMATION TECHNOLOGY

FACULTY OF COMPUTER NETWORKS &

COMMUNICATIONS

A PROJECT OF WIRELESS NETWORK EMBEDDED SYSTEM

AIRCRACK-NG SOFTWARE SUITE, HASHCAT AND WPA3 IN WIRELESS

SECURITY

Lecturer: Đặng Lê Bảo Chương

Participants:

Đỗ Thế Danh 21520685

Trương Tiến Thái Dương 21520764

Nguyễn Văn Anh Tuấn 21522757

HO CHI MINH CITY, 2023

ABSTRACT
The growing popularity of wireless communication and Wi-Fi networks has
necessitated the development of robust and secure Wi-Fi security methods. Traditional
protocols, such as WEP and WPA2, have flaws that make them vulnerable to numerous
attacks and data breaches. To address these security concerns, the Wi-Fi Alliance
released WPA3, an improved Wi-Fi security standard designed to provide greater
protection against modern assaults.
In this research, we investigate WPA3, and the tools used for Wi-Fi security testing,
such as AirCrack and HashCat. We investigate the theoretical basis of WPA3, its
features and advancements, as well as the operation of AirCrack and HashCat in
evaluating WPA3 Wi-Fi security.
Our goals are to get a thorough understanding of the security and performance elements
of WPA3, to evaluate the attack capabilities of AirCrack and HashCat against WPA3,
and to recommend future possibilities for improving Wi-Fi network security.
This project seeks to contribute to the growth of safe Wi-Fi networks and prevent
potential security concerns in the future by assessing the strengths and limitations of
WPA3 and reviewing the efficiency of Wi-Fi security testing tools.
LIST OF ACRONYMS .......................................................................................................... 5
CHAPTER 1 INTRODUCTION ............................................................................................. 7
1. Background and Motivation..................................................................................... 7
WPA3 ......................................................................................................................... 7
Hashcat ...................................................................................................................... 7
Aircrack-NG ................................................................................................................ 8
2. Research Objectives ............................................................................................... 8
3. Scope and Limitations............................................................................................. 8
CHAPTER 2 Wireless Network Security Fundamentals ................................................. 10
1. Introduction to Wireless Networks ......................................................................... 10
What is a wireless network? ..................................................................................... 10
Types of wireless networks....................................................................................... 10
Components of a wireless network ........................................................................... 10
Benefits of wireless networks ................................................................................... 10
2. Wireless Security Protocols (WEP, WPA, WPA2, WPA3) ..................................... 11
WEP (Wired Equivalent Privacy): ............................................................................. 11
WPA (Wi-Fi Protected Access): ................................................................................ 11
WPA2 (Wi-Fi Protected Access II): ........................................................................... 11
WPA3 (Wi-Fi Protected Access III): .......................................................................... 11
3. Common Wireless Network Threats and Vulnerabilities ........................................ 12
Vulnerabilities in Wireless Security Protocols ........................................................... 13
CHAPTER 3 WPA3 ............................................................................................................ 14
1. What is WPA3?..................................................................................................... 14
Definition and purpose of WPA3 ............................................................................... 14
Improvements over previous protocols (WPA2, WPA) .............................................. 14
Enhanced security features and capabilities ............................................................. 14
2. WPA3 Features and Benefits ................................................................................ 15
Simultaneous Authentication of Equals (SAE) .......................................................... 15
Introduction to SAE ............................................................................................... 15
Stronger and more secure password-based authentication................................... 15
Enhanced Encryption ............................................................................................... 15
Transition to the more secure encryption algorithm (CCMP-128 to AES-256) ....... 15
Individualized data encryption for better privacy .................................................... 15
Protection against offline dictionary attacks .............................................................. 16
Introduction to offline dictionary attacks ................................................................ 16
How WPA3 mitigates this vulnerability .................................................................. 16
3. WPA3 Implementation and Adoption..................................................................... 16
CHAPTER 4 Aircrack-NG Software Suite and HashCat .................................................. 17
• Overview of Aircrack-NG Suite.............................................................................. 17
• Introduction to Hashcat ......................................................................................... 18
• Hashcat Features and Capabilities ....................................................................... 18
• Password Cracking Techniques with Hashcat....................................................... 18
Chapter 5 ........................................................................................................................... 20
EXPERIMENTAL ................................................................................................................ 20
IMPLEMENTATION ............................................................................................................ 20
Hardware and Software Setup.................................................................................. 20
• Cracking WPA2 Wi-Fi password ........................................................................... 20
• Cracking WPA3 Wi-Fi password ........................................................................... 24
LIST OF ACRONYMS
STA: Station
CH: Channel TLS: Transport Layer Security
SAE: Simultaneous Authentication of Equals
MD4: Message-Digest Algorithm 4
MD5: Message-Digest Algorithm 5
CPU: Central Processing Unit
GPU: Graphics Processing Unit
CUDA: Compute Unified Device Architecture
SHA1: Secure Hash Algorithm 1
SSID: Service Set Identifier
BSSID: Basic Service Set Identifiers (MAC Address)
RSN: Robust Security Networks
PSK: Pre-shared Key
EAP-pwd: Extensible Authentication Protocol
LAN: Local Area Network
WEP: Wired Equivalent Privacy
WPA: Wi-Fi Protected Access
WPA-PSK: Wi-Fi Protected Access - Pre-shared Key
WPA2: Wi-Fi Protected Access 2
WPA3: Wi-Fi Protected Access 3
AES: Advanced Encryption Standard
TKIP: Temporal Key Integrity Protocol
WLAN: Wirelesses Local Area Networks
IEEE: Institute of Electrical and Electronic Engineering
DoS: Denial of Service
AP: Access Point
MAC: Medium Access Control
IP: Internet Protocol
SSH: Secure Socket Shell
CHAPTER 1
INTRODUCTION
1. Background and Motivation
WPA3
Wi-Fi Protected Access (WPA) is a family of security protocols that provide
confidentiality and integrity for Wi-Fi networks. The first WPA protocol was released
in 2003, followed by WPA2 in 2004. WPA2 is the most widely used WPA protocol
today, and it is considered to be secure. However, in 2017, researchers discovered a
number of vulnerabilities in WPA2, including the KRACK (Key Reinstallation Attack)
vulnerability. These vulnerabilities could allow attackers to eavesdrop on Wi-Fi traffic
or to decrypt it. In response to these vulnerabilities, the Wi-Fi Alliance released WPA3
in 2018. WPA3 is designed to be more secure than WPA2, and it includes a number of
new features, such as:
SAE (Simultaneous Authentication of Equals): SAE is a new authentication method
that is more secure than PSK (Pre-Shared Key) and EAP (Extensible Authentication
Protocol).
Enhanced protection against offline dictionary attacks: WPA3 uses a stronger
password hashing algorithm than WPA2, which makes it more difficult for attackers to
crack passwords.
Forward secrecy: Forward secrecy ensures that even if an attacker is able to decrypt a
past session, they will not be able to decrypt future sessions.
WPA3 was to address the vulnerabilities in WPA2 and to provide a more secure Wi-Fi
security protocol. WPA3 is designed to protect Wi-Fi networks from a variety of
attacks, including eavesdropping, decryption, and password cracking.
Hashcat

Hashcat is a password cracking tool that is used to recover forgotten passwords or to

crack passwords for malicious purposes. It is one of the most popular password cracking
tools available, and it can crack a wide variety of password hashes.

The motivation for developing hashcat was to create a powerful password cracking tool
that could be used to recover forgotten passwords or to crack passwords for malicious
purposes. Hashcat is a very effective tool, and it can be used to crack passwords for a
wide variety of applications, including Wi-Fi networks.
Aircrack-NG

Aircrack-NG is a packet capture tool that is used to capture and analyze Wi-Fi traffic.
It can be used to capture Wi-Fi traffic from a variety of sources, including Wi-Fi
adapters, access points, and Wi-Fi networks.

It was developed to create a powerful packet capture tool that could be used to capture
and analyze Wi-Fi traffic. Airodump-ng is a very versatile tool, and it can be used for a
variety of purposes, including:

• Security analysis: airodump-ng can be used to identify security vulnerabilities

in Wi-Fi networks.
• Troubleshooting: airodump-ng can be used to troubleshoot Wi-Fi connectivity
problems.
• Network monitoring: airodump-ng can be used to monitor Wi-Fi traffic and to
identify potential security threats.

In this context, the goal of this project is to investigate the issues and solutions
associated with wireless network security, with an emphasis on understanding the basics
of wireless networks, the vulnerabilities they confront, and the security mechanisms
implemented. We can better defend our wireless networks, manage risks, and maintain
the confidentiality and privacy of data transferred over these networks by learning more
about wireless security.
2. Research Objectives

The primary objectives of this research project are as follows:

• To gain a comprehensive understanding of wireless network security

(WPA3) protocols, including their strengths and weaknesses.
• To explore the features, functionalities, and usage of Aircrack-NG Software
Suite and Hashcat in wireless security.
• To examine various attack techniques, such as brute-force and dictionary
attacks, in this project is (Downgrade attack) employed by Aircrack-NG and
Hashcat.
• To assess the effectiveness of Aircrack-NG and Hashcat in cracking Wi-Fi
passwords and identifying security vulnerabilities.
• To provide insights and recommendations for improving wireless network
security based on the findings of this research.

3. Scope and Limitations

It is important to acknowledge the scope and limitations of this research project. The
scope of the project includes:
 • Focus on the Aircrack-NG Software Suite and Hashcat as the primary tools
for wireless security assessment.
• Exploration of wireless security protocols, specifically WPA2 and the latest
WPA3, and their vulnerabilities.
• Investigation of common wireless network threats and vulnerabilities.
• Experimental implementation of password cracking techniques using
Aircrack-NG and Hashcat.

However, it is essential to note the limitations of this research project:

• The research is limited to the assessment of Wi-Fi networks and does not
cover other wireless technologies such as Bluetooth or NFC.
• The project does not address hardware-level security vulnerabilities in
wireless devices.
• The effectiveness of Aircrack-NG and Hashcat may vary depending on the
complexity of the Wi-Fi password and the security measures implemented.
CHAPTER 2
Wireless Network Security
Fundamentals
1. Introduction to Wireless Networks
What is a wireless network?

A wireless network is a computer network that allows devices to communicate with

each other without the use of cables. This is achieved by using electromagnetic waves,
such as radio waves or infrared light, to transmit data between devices.

Types of wireless networks

There are two main types of wireless networks:

• Wireless LAN (WLAN): A WLAN is a wireless network that is typically used

in homes, offices, and public places such as airports, coffee shops, and libraries.
WLANs are commonly based on the IEEE 802.11 family of standards, which
includes Wi-Fi.
• Wireless WAN (WWAN): A WWAN is a wireless network that is typically
used to connect devices over a wider area, such as a city or a country. WWANs
are commonly based on the cellular network, which is used by mobile phones
and other mobile devices.

Components of a wireless network

A wireless network consists of two main components:

• Access points (APs): APs are devices that transmit and receive radio signals.
They are responsible for creating and managing the wireless network.
• Wireless clients: Wireless clients are devices that can connect to the wireless
network. They can be computers, smartphones, tablets, laptops, or other devices.

Benefits of wireless networks

Wireless networks offer several benefits over wired networks, including:

• Flexibility: Wireless networks allow devices to be moved around freely without

the need to plug and unplug cables.
• Scalability: Wireless networks can be easily expanded to accommodate new
devices.
• Cost-effectiveness: Wireless networks can be less expensive to install and
maintain than wired networks.
 2. Wireless Security Protocols (WEP, WPA, WPA2, WPA3)
WEP (Wired Equivalent Privacy):
WEP was the first wireless security protocol introduced in the late 1990s. It aimed to
provide security equivalent to that of wired networks. However, over time, significant
vulnerabilities were discovered in WEP, making it highly insecure. WEP uses shared
key authentication and RC4 encryption algorithm. Its weaknesses include easily
crackable encryption keys, weak initialization vectors (IVs), and susceptibility to replay
attacks. Due to these vulnerabilities, WEP is no longer considered secure and should
not be used.
WPA (Wi-Fi Protected Access):
WPA was introduced as an interim security solution to address the weaknesses of WEP.
It was designed to be backward compatible with WEP-enabled devices. WPA
introduced several improvements, including stronger encryption algorithms like TKIP
(Temporal Key Integrity Protocol) and enhanced security through the use of dynamic
encryption keys. WPA also implemented the 802.1X authentication framework for
stronger user authentication. However, WPA is still vulnerable to attacks such as brute-
force and dictionary attacks
WPA2 (Wi-Fi Protected Access II):
WPA2 is the successor to WPA and is currently the most widely used wireless security
protocol. WPA2 provides stronger security and addresses the vulnerabilities present in
WEP and WPA. It introduced the use of the AES (Advanced Encryption Standard)
algorithm for encryption, replacing the weaker TKIP used in WPA. WPA2-PSK (Pre-
Shared Key) authentication is commonly used for home and small office networks,
while WPA2-Enterprise employs a central authentication server (such as RADIUS) for
larger networks. Although WPA2 is significantly more secure than its predecessors, it
is still susceptible to offline dictionary attacks targeting weak passwords.
WPA3 (Wi-Fi Protected Access III):
WPA3 is the latest wireless security protocol, introduced in 2018. It aims to further
enhance Wi-Fi security and address the weaknesses of WPA2. WPA3 introduces
several key improvements, including stronger encryption, enhanced protection against
offline dictionary attacks, and better security for open Wi-Fi networks. It replaces the
pre-shared key (PSK) authentication method with the Simultaneous Authentication of
Equals (SAE) protocol, making it more resistant to password-guessing attacks. WPA3
also provides individualized data encryption, ensuring that even if one device's
connection is compromised, the traffic of other devices remains secure. Moreover,
WPA3 simplifies device setup and configuration, making it easier for users to secure
their Wi-Fi networks
 Feature WEP WPA WPA2 WPA3
Year released 1999 2003 2004 2018
Security Weak Moderate Strong Strongest
RC4
TKIP (128- AES-CCMP AES-CCMP
Encryption (64/128/256-
bit) (128-bit) (192/198-bit)
bit)
Static WEP PSK or
Authentication PSK or EAP SAE or EAP
keys EAP
Protection against
No No No Yes
KRACK attacks
Protection against
Weak Moderate Strong Strongest
brute-force attacks
Device compatibility Wide Wide Wide Limited
Recommended for
No No Yes Yes
use
Figure 1: Table of compare encryption type.
3. Common Wireless Network Threats and Vulnerabilities

There are a lot of wireless network threats but here is a few of them:

• Eavesdropping: This is the act of intercepting and monitoring wireless traffic.

Eavesdroppers can use this information to steal sensitive data, such as credit card
numbers or passwords.
• Wardriving: This is the act of driving around with a wireless device to search
for unsecured WLANs. Wardrivers can then use these unsecured networks to
access the internet or to launch attacks on other devices on the network.
• Evil twin attacks: This is a type of attack in which an attacker sets up a fake
wireless network that appears to be legitimate. When a user connects to the fake
network, the attacker can intercept and monitor their traffic.
• Rogue APs: Rogue APs are unauthorized wireless access points that can be used
to intercept and monitor wireless traffic or to launch attacks on other devices on
the network.
• MAC address spoofing: This is a type of attack in which an attacker disguises
their device's MAC address as that of an authorized device. This can allow the
attacker to gain access to the network or to launch attacks on other devices.
• Denial-of-service (DoS) attacks: DoS attacks are designed to overwhelm a
wireless network with traffic, making it inaccessible to legitimate users.
• Malware infections: Malware can be spread through wireless networks, infecting
devices and potentially stealing data or launching attacks.
Vulnerabilities in Wireless Security Protocols

In addition to these common threats, wireless networks are also vulnerable to

weaknesses in the security protocols that are used to protect them. Some of the most
well-known vulnerabilities include:

• WEP (Wired Equivalent Privacy): WEP is an outdated and insecure protocol

that should not be used. It is vulnerable to a number of attacks, including the
KRACK (Key Reinstallation Attack) vulnerability discovered in 2017.
• WPA (Wi-Fi Protected Access): WPA is an older protocol that was replaced
by WPA2. It is still more secure than WEP, but it is vulnerable to some attacks,
such as the POODLE (Padding Oracle On Downgraded Legacy Encryption)
vulnerability discovered in 2014.
• WPA2: WPA2 is the most widely used wireless security protocol today. It is a
secure protocol, but it is still vulnerable to some attacks, such as the KRACK
vulnerability.
CHAPTER 3
WPA3
1. What is WPA3?
Definition and purpose of WPA3

WPA3 (Wi-Fi Protected Access 3) is the latest security protocol for Wi-Fi networks,
introduced by the Wi-Fi Alliance in 2018. It is designed to enhance the security of
wireless networks and protect them from a variety of threats, including eavesdropping,
data breaches, and password cracking. WPA3 is the successor to WPA2, which is the
most widely used wireless security protocol today.

Improvements over previous protocols (WPA2, WPA)

WPA3 offers several improvements over previous wireless security protocols,

including:

• Stronger encryption: WPA3 uses AES-CCMP with 192-bit encryption, which

is stronger than the 128-bit encryption used in WPA2.
• More secure authentication: WPA3 introduces Simultaneous Authentication
of Equals (SAE), a new authentication method that is more secure than PSK (Pre-
Shared Key) and EAP (Extensible Authentication Protocol) used in WPA2.
• Enhanced protection against offline dictionary attacks: WPA3 uses a
stronger password hashing algorithm than WPA2, making it more difficult for
attackers to crack passwords.
• Forward secrecy: Forward secrecy ensures that even if an attacker is able to
decrypt a past session, they will not be able to decrypt future sessions.

Enhanced security features and capabilities

In addition to the improvements listed above, WPA3 also includes a number of other
enhanced security features and capabilities, such as:

• Protection against KRACK attacks: WPA3 is not vulnerable to KRACK (Key

Reinstallation Attack) attacks, a type of attack that can be used to decrypt data
transmitted over a Wi-Fi network.
• Enhanced protection against brute-force attacks: WPA3 is more resistant to
brute-force attacks than WPA2, making it more difficult for attackers to crack
passwords by trying every possible combination of characters.
• Improved protection for IoT devices: WPA3 provides enhanced security for
IoT (Internet of Things) devices, which are often vulnerable to cyberattacks.
• Support for Protected Management Frames: Protected Management Frames
(PMFs) are a security feature that encrypts management frames, which are used
to control the Wi-Fi network. WPA3 supports PMFs, which can help to protect
against eavesdropping and other attacks.
 2. WPA3 Features and Benefits
Simultaneous Authentication of Equals (SAE)
Introduction to SAE

Simultaneous Authentication of Equals (SAE) is a new authentication method

introduced in WPA3 that replaces the Pre-Shared Key (PSK) and Extensible
Authentication Protocol (EAP) methods used in WPA2. SAE is a more secure and
robust authentication method that provides several advantages over PSK and EAP.

Stronger and more secure password-based authentication

PSK is a relatively simple authentication method that relies on a shared secret key that
is known to all authorized devices on the network. This makes PSK vulnerable to attacks
where an attacker can guess or learn the shared secret key.

SAE, on the other hand, uses a more complex authentication process that does not
require a shared secret key. Instead, SAE uses a Diffie-Hellman key exchange to
establish a secure connection between the device and the access point. This makes SAE
much more resistant to attacks than PSK.

In addition, SAE uses a password-authenticated key exchange (PAKE) protocol to

ensure that only the correct password can be used to authenticate the device. This further
enhances the security of SAE.

Enhanced Encryption
Transition to the more secure encryption algorithm (CCMP-128 to AES-
256)

WPA3 uses AES-CCMP (Advanced Encryption Standard with Counter Mode with
Cipher Block Chaining Message Authentication Code) with 256-bit encryption, which
provides a significant improvement in security over the 128-bit encryption used in
WPA2.

Individualized data encryption for better privacy

WPA3 also introduces a new feature called "Individualized Data Encryption" (IDE).
IDE encrypts each data packet with a unique encryption key, which is derived from the
device's credentials and the access point's master key. This makes it much more difficult
for an attacker to decrypt data that is intercepted on the network.
Protection against offline dictionary attacks
Introduction to offline dictionary attacks

Offline dictionary attacks are a type of attack in which an attacker attempts to

crack a password by trying every possible combination of characters. This type of attack
is particularly effective against weak passwords.

How WPA3 mitigates this vulnerability

WPA3 uses a new password hashing algorithm called "PBKDF2SHA-256" to

protect against offline dictionary attacks. PBKDF2SHA-256 is a very strong hashing
algorithm that makes it much more difficult for attackers to crack passwords.

In addition, WPA3 requires passwords to be at least 12 characters long, which

makes them more difficult to guess or crack.

3. WPA3 Implementation and Adoption

The adoption of WPA3 is still in its early stages, but it is growing rapidly. According
to a report by ABI Research, the number of WPA3-enabled devices is expected to reach
1.8 billion by 2026. This represents a significant increase from the 200 million WPA3-
enabled devices that were shipped in 2021.

The adoption of WPA3 is being driven by several factors, including:

• The growing awareness of the KRACK vulnerability: The KRACK

vulnerability is a serious security flaw that affects WPA2. This has made
businesses and consumers more aware of the need for stronger security, and it
has led to an increased interest in WPA3.
• The increasing availability of WPA3-compatible devices: As mentioned
above, a growing number of devices are now compatible with WPA3. This is
making it easier for businesses and consumers to adopt the new protocol.
• The growing availability of WPA3-compatible routers: A growing number of
routers are now compatible with WPA3. This is making it easier for businesses
and consumers to upgrade their networks to support the new protocol.
CHAPTER 4
Aircrack-NG Software Suite and
HashCat
• Overview of Aircrack-NG Suite

Aircrack-NG is a comprehensive suite of tools for assessing Wi-Fi network

security. It is a popular tool among security professionals and penetration testers for its
ability to Aircrack-NG is a comprehensive software suite designed for auditing and
testing the security of wireless networks. It is primarily used for assessing the
vulnerability of Wi-Fi networks and performing various wireless network security
tasks. Aircrack-NG is widely used by security professionals, network administrators,
and ethical hackers to evaluate the strength of wireless security protocols and identify
potential weaknesses.

The Aircrack-NG suite consists of several individual tools, each serving a

specific purpose in wireless security analysis. Here is an overview of the main
components:

• Airodump-ng: This tool is used for capturing packets from Wi-Fi networks and
collecting important information such as network names (SSIDs), MAC
addresses, signal strength, and encryption types. It allows users to monitor and
analyze the traffic on wireless networks.
• Aireplay-ng: Aireplay-ng is a tool used for injecting or replaying network
packets. It can be utilized to generate various types of network traffic, including
fake authentication requests, deauthentication attacks, and ARP request replay
attacks. These attacks help identify vulnerabilities in the network's security
implementation.
• Aircrack-ng: Aircrack-ng is the core tool of the suite, designed for cracking
WEP and WPA/WPA2-PSK encryption keys. It utilizes captured packets and
employs various attack techniques such as dictionary attacks, brute-force attacks,
and statistical attacks to recover passwords or encryption keys.
• Airmon-ng: This tool is used to enable or disable monitor mode on wireless
network interfaces. Monitor mode allows the capture of raw Wi-Fi packets,
which is essential for performing network analysis and security testing.
• Airbase-ng: Airbase-ng is a tool used for setting up rogue access points. It
enables the creation of fake wireless networks that can be used for various
purposes, including capturing network traffic, conducting man-in-the-middle
attacks, and testing the security of client devices.
 • Airtun-ng: Airtun-ng is a virtual tunnel interface creator. It helps in creating
virtual network interfaces and establishing encrypted communication channels
between them.

• Introduction to Hashcat

Hashcat is a powerful and versatile password cracking tool that has gained
widespread popularity among security professionals and penetration testers. It is
renowned for its efficiency, effectiveness, and extensive support for various hashing
algorithms and attack methods. Developed by Jens Strøger, Hashcat is primarily used
to recover lost or forgotten passwords for various applications, including Wi-Fi
networks, websites, and operating systems.

• Hashcat Features and Capabilities

Hashcat boasts an impressive array of features that make it a valuable tool for
password cracking:

1. Extensive Hashing Algorithm Support: Hashcat supports over 300 different

hashing algorithms, including MD5, SHA-1, SHA-256, and bcrypt. This
extensive support allows it to tackle passwords used in a wide range of
applications and security protocols.
2. Variety of Attack Methods: Hashcat offers a comprehensive toolkit for
password cracking, including dictionary attacks, brute-force attacks, rule-based
attacks, and hybrid attacks. Each method has its strengths and weaknesses, and
the choice depends on the specific password and available resources.
3. Command-Line Interface (CLI): Hashcat's CLI provides flexibility and
control over the cracking process. Users can specify attack parameters, target
hashes, output options, and advanced configurations through the CLI.
4. Cross-Platform Compatibility: Hashcat runs smoothly on various operating
systems, including Linux, Windows, macOS, and FreeBSD. This compatibility
makes it accessible to a wide range of users and environments.
5. Hardware Acceleration Support: Hashcat can utilize GPUs and other
hardware accelerators to significantly improve cracking performance. This
acceleration is particularly beneficial for complex passwords and large datasets.
6. Modular Design: Hashcat's modular design allows for the development and
integration of custom modules, extending its functionality and versatility.
7. Regular Updates: Hashcat is actively maintained and receives regular updates
with bug fixes, performance enhancements, and new features.

• Password Cracking Techniques with Hashcat

Hashcat utilizes various password cracking techniques to recover lost passwords:

1. Dictionary Attacks: Dictionary attacks involve using a pre-compiled list of

commonly used passwords or words to attempt to match the target hash.
2. Brute-Force Attacks: Brute-force attacks systematically try every possible
combination of characters to find the correct password. This method is time-
consuming but can be effective for short passwords.
3. Rule-Based Attacks: Rule-based attacks utilize predefined rules to generate
password candidates based on patterns or characteristics of the target hash.
4. Hybrid Attacks: Hybrid attacks combine multiple methods, such as dictionary
and rule-based attacks, to improve the cracking efficiency.
5. Mask Attacks: Mask attacks allow users to specify patterns or masks for the
password, reducing the search space and making the cracking process more
targeted.
Chapter 5
EXPERIMENTAL
IMPLEMENTATION
Hardware and Software Setup
To begin this procedure, you will need the wireless card that supports Aircrack-
ng. An Aircrack-ng software with the latest version from Aircrack-ng, the lastest
version of HastCat from HastCat and then Wordlists (you can find it from Github-
SecLists).
In this experiment we will do it on the computer using Arch linux that already
installed component above and it has wifi card Intel AX200.
• Cracking WPA2 Wi-Fi password
For beginning we use command sudo airmon-ng to check the card wifi that have in the
computer

This is the wifi card of the computer, next we will have to kill all the process that use
in this card to prepare changing it to monitor mode. Then we will use command sudo
airmon-ng start wlan0mon to change it to monitor mode.
➔ Note: Monitor mode, or RFMON mode, allows a computer with a wireless
network interface controller to monitor all traffic received on a wireless channel.

Next, we will use sudo airodump-ng wlan0mon to scan for surrounding wifi networks
using the wifi card transferred to the monitor above.
Note the BSSID and the CH of wifi Sunsilk, we will use that to crack this wifi.
Next, we will change to capture just this netword by editing the command above by
adding the BSSID, CH and the file field.

➔ Note: Here we can see there is no hanshake is captured.

Next for catching the hanshake between client and the access point we will use sudo
aireplay-ng to send the deauth for client to disconnect to the access point.

And the result is that we will have the handshake captured.

For the next step, we will use hashcat to crack the password in the pcap file that captures
the handshake.
But before we do this step, we need to change the format file cap file we capture to txt
file or something that the hashcat suport.

For cracking faster, I will change this file to my server by using scp protocol.

Here is the backend of my server.

We will use hashcat -a 3 -m 22000 wpa2.txt
➔ Note: -a is for attack mode and -m is for hash-type (more information read
Hashcat wiki)
Here is the process of cracking.
We can see the information while cracking password, althought I have 2 cards (1
RTX3060, 1 RTX3060 ti) but the process is very very long for cracking the password
B.24.13.
• Cracking WPA3 Wi-Fi password
The cracking process of WPA3 password is like WPA2 above but with some
differences.
Here, you can see we have captured the handshake.

Here is the broadcast package that was sent from the access point. It said that the router
supports WPA2 (PSK) and WPA3 (SAE).
You can see, not like WPA3 it uses 4 message to handshake (WPA2 is 3) because
WPA3 use handshake called DragonFly.

Next to test cracking it we will use aircrack to test.

You can see, it said unsupport.

In cracking the WPA3, we can’t crack the Dragonfly handshake but we can use a
security hole called dowgrade attack.
So, we will config a fake access point to broadcast same bssid, channel but in WPA2
protocol.
This access point will help to capture the WPA2 handshake from the client that
remembers the network has WPA3 protocol.
Here, you can see it just supports WPA 2.

Next step will like the WPA2 craking, we will send the deauth and the client will
reconnect to the access point, and we will have the handshake.

Here you can see it just sends 2 messages to handshake (not 4 like above) because there
is no WPA3 protocol.

Next, we will try to crack again.

➔ Note: 8 8 is the min, max of the password B.1234 is the character that have in
the password

Here is the result, the password is B.24.13.

References
(n.d.). Retrieved from hashcat: https://hashcat.net/hashcat/
Fitzpatrick, J. (2016, 9 21). Retrieved from howtogeek:
https://www.howtogeek.com/167783/htg-explains-the-difference-between-wep-wpa-
and-wpa2-wireless-encryption-and-why-it-matters/
Mathy Vanhoef, E. R. (2020). Dragonblood: Analyzing the Dragonfly Handshake of WPA3
and EAP-pwd. San Francisco: IEEE.
Mathy Vanhoef, E. R. (n.d.). Dragonblood: Attacking the Dragonfly Handshake of WPA3.
Blackhat.
Mills, M. (2020, 1 29). Retrieved from itigic: https://itigic.com/what-is-the-monitor-mode-in-
wifi-cards-or-adapters/
Mitchell, B. (2021, 7 2). Retrieved from lifewire: https://www.lifewire.com/what-is-wpa2-
818352
Shivanandhan, M. (n.d.). Retrieved from freecodecamp:
https://www.freecodecamp.org/news/hacking-with-hashcat-a-practical-guide/
Walsh, R. (2020, 11 25). Retrieved from proprivacy: https://proprivacy.com/guides/what-is-
wpa2
Wifi Alliance. (n.d.). Retrieved from wi-f: https://www.wi-fi.org/discover-wi-fi/security