How to Use Hashcat to Crack Hashes from Mode 22000 Wi-Fi Captures

Ronald Farrer
3 min readJul 10, 2023
Photo by Dreamlike Street on Unsplash

Cracking Wi-Fi passwords may seem like a piece of cake to seasoned security researchers and ethical hackers. It’s not only a valuable skill for ethical hacking, but also for security personnel keen on improving their network’s security. One powerful tool often employed for this purpose is Hashcat, a widely used password recovery tool. In this blog post, we’ll delve into the specifics of using Hashcat to crack hashes obtained from Mode 22000 Wi-Fi captures.

Disclaimer: This tutorial is intended for educational purposes only and should only be used on your own networks or networks for which you have explicit permission to test.

What is Hashcat?

Hashcat is an open-source password recovery tool which supports many hashing algorithms. It’s lauded for its versatility and speed, offering multiple attack modes for password recovery. With Hashcat, you can harness the computational power of CPUs and GPUs to accelerate the process of discovering a password.

What is a Mode 22000 Wi-Fi Capture?

In hashcat version 6.0.0 and later, the mode for cracking captured WPA/WPA2 data has been updated to Mode 22000, which is specifically designed to crack hashes obtained from Wi-Fi captures. It has several advantages over the previous mode (2500), including enhanced stability and compatibility.

Prerequisites

To follow along with this tutorial, you will need:

  1. A computer with a fairly powerful GPU (Graphic Processing Unit).
  2. Hashcat installed on your machine.
  3. A .hccapx or .22000 file, which is the output from a tool like hcxdumptool or hcxtools.

The Process

Step 1: Converting Capture Files to Hashcat Format

If you’re working with a .cap or .pcap file, you will need to convert it to the .22000 format which is compatible with Hashcat Mode 22000. This can be achieved by using hcxpcapngtool provided with hcxtools, like so:

./hcxpcapngtool -o output.22000 input.cap

Step 2: Using Hashcat to Crack the Hash

Now that you have your .22000 file, you’re ready to begin the process of cracking the password with Hashcat. In your terminal, use the following command:

hashcat -m 22000 -a 0 -w 3 capture.22000 /path/to/wordlist

Here’s what each part of this command means:

  • -m 22000: This specifies the hash type, in this case, Mode 22000 for WPA/WPA2 captures.
  • -a 0: This specifies a straight dictionary attack.
  • -w 3: This option is for workload tuning. It goes from 1 (low) to 4 (insane), where 3 is generally a safe option that performs well.
  • capture.22000: This is your input hash file.
  • /path/to/wordlist: This is the path to your dictionary or wordlist file.

If you don’t have a wordlist, you can find many pre-compiled ones online such as the Rockyou.txt file.

Step 3: Interpreting the Results

Once Hashcat has cracked the password, it will display it in the terminal. It typically looks like this:

capture.22000:11223344556677889900aabbccddeeff:mynetwork:mypassword

In this line, mynetwork is the SSID of the wireless network and mypassword is the cracked password.

Conclusion

Hashcat is a powerful and versatile tool for security researchers, network administrators, and ethical hackers alike. With the computational power of today’s GPUs and Hashcat’s robust algorithms, it’s possible to crack Wi-Fi passwords more quickly and effectively than ever before.

However, with such power comes great responsibility. It’s crucial to remember that these tools should only be used for ethical purposes — such as penetration testing or network security enhancement — and always with proper permissions.

Understanding how these tools work can also help you to enhance your own network’s security. By making it harder for these tools to crack your password, you’re adding an extra layer of security to your network. Use complex, unique passwords and avoid using common words or phrases that might be in the hacker’s wordlist. The longer and more complex your password is, the harder it will be to crack.

Cracking hashes from Mode 22000 Wi-Fi captures is an advanced skill that may take time to master. But with patience, practice, and responsible use, Hashcat can be an invaluable tool in your cybersecurity toolkit. Stay safe, and happy hashing!

I Love Coffee! https://ko-fi.com/canutethegreat

--

--