by Hardeep Singh Last updated Mar. 8, 2018


If you remember in the previous part, we learned Speeding up WPA2 Cracking Using Pre-generated PMKs. Which certainly uses CPU as the primary part for the calculations of the PMKs. It surely gives us speed for WPA2 cracking as while using PMKs for cracking we are not performing actual calculations in real-time.

This brings us to some drawbacks of using PMKs, as follows:

  • SSID Specific. You cannot use PMKs generated for SSID, say “rootsh3ll” for another SSID like “Belkin“.
  • Case-Sensitive. Cannot be used even a single letter is up/lower case. Ex: Won’t work for “Rootsh3ll if PMKs are created for “rootsh3ll“.
  • Time used is the same. As processing power of CPU is same in both cases, the time required for creating PMKs are equal even if you crack using Aircrack or creating PMKs(with GenPMK).
  • Huge HD Space required. As we are pre-calculating the PMKs and storing them on HD, it requires a lot of space on your HD and that too for a specific SSID. Which is not an option all the time.
  • Less helpful in today’s scenario. Nowadays routers are being shipped with unique SSID. Ex: Belkin_04A2 for preventing routers from these kind of attacks or atleast delay the cracking duration.

You might be thinking now that If this is so, then why would I even consider PMKs for WPA2 cracking ?

Well, as I said above this is Less helpful, that means in some cases.

Cases like:

  • Simple SSIDs. Ex: MTNL, Airtel, Linksys etc
  • Before trying any complex task to crack the PSK, if you have PMKs already stored. Give them a shot
  • Mobile numbers are still very common passwords.

[YB]This article is an excerpt from my WiFi Penetration testing and Security eBook in which I talk about hacking WiFi enabled devices with rogue access points, war driving, custom captive portals and splash page, multiple access points from a single NIC and much more. Click here to download the sample copy[/YB]

Still, even if this gives us speed this method is a bit slow. You don’t always have a friend ready to give you a pre-generated PMK file for a specific SSID just when you have captured the handshake, right ? yeah, it’s very rare!

Here is when you need to stop using your CPU and test the processing power of you GPU.

If you are not aware of using GPUs for WPA2 cracking purposes let me tell you, Yes GPUs can be used for WPA2 cracking password hashes and are being used now from a while.

There are plenty of tools which uses GPU to boost the WPA2 cracking speed and lets you crack in way much lesser time that your CPU would have the job finished.

Tools like:

  • Pyrit
  • BarsWF
  • HashCat
  • igHashGPU

How ? Simple! Your CPU has 2,4,8 cores, means parallel computing units where GPUs have them in thousands, if not hundreds.

NOTE: My GeForce GT 525M have 296 cores, and it is pretty old Graphics card, Speed: ~6000 PMK/s. NVidia Titan X is the Best single graphics card with cracking speed up to 2,096,000 hashes/sec.

Using GPU for Cracking WPA2 Passwords

Being in the scope of the series we will stick to WPA2 cracking with GPU in this chapter. For learning difference between CPU and GPU cracking you can visit the following post I’d previously written on

CPU vs. GPU Password Hash Cracking –

Tools described above are used for cracking various kinds of passwords.

There are 2 tools used for WPA2 cracking using GPU from the above list

  • Pyrit
  • HashCat

As the post title suggests we will go with HashCat.

What is HashCat ?

[YB]Ocl/CUDA/HashCat is now Open Source. Checkout at GitHub:[/YB]

Hashcat is a self-proclaimed command line based world’s fastest password cracker.

It is the world’s first and only GPGPU based rule engine and available for Linux, OSX, and Windows free-of-cost. It comes in 2 variants

  • CPU Based
  • GPU Based

There is no difference when passing commands to Hashcat because it automatically uses the best method to crack passwords, either CPU or GPU depending on the Graphics driver you have installed or not.

Hashcat is fast and extremely flexible- to writer made it in such a way that allows distributed cracking. I highly recommend Hashcat  over Pyrit for its flexibility.

Why use HashCat at first place ?

As already told above, because of it’s flexibility and vast support of algorithms.

But why Hashcat when I just want to WPA2 cracking most of the times ?

If you have used or haven’t used Pyrit yet, let me tell you one thing. Pyrit wasthe fastest WPA2 cracker available in its early times but it uses dictionary or wordlist to crack the passwords even if you use PMKs or directly run the cracker you need to have a large amount of dictionaries to test the validity of the hash.

Also Hashcat has been outperforming Pyrit for many years now. and if you are still using Pyrit, Time for switching to Hashcat is now!

For storing hashes you need a lot of disk space. As you can see in the image below, there is a few wordlists that almost take >25 GB on the disk(Extracted), and it take more than 2-3 days to run through them all even with GPU.


You can download some useful wordlists here.

But most of the times there are some pattern(default passwords) we like to test for validity. Patterns like:

  • Mobile number
  • Date of Birth
  • Default password patterns like “56324FHe
  • 10 digit default password by ISP
  • and so on

Here is when We have to leave Pyrit with it’s dictionaries and get our hands-on with HashCat.

HashCat have a brilliant feature called mask-attack, which allows us to create user-defined patterns to test for password validity and you know what the best thing is ? It requires 0 Bytes on your hard drive.

How ?

Before we go through this we need to understand that in some cases we need Wordlists. Its only when we are 100% certain that it has some kind of pattern we can use this type of attack. So of you know a certain ISP has 10 random numbers and only a few letters, you could do it to save space on your HD.

WPA2 cracking is a tedious task and uses maximum power of the system when we use Hashcat for the purpose and sometimes it needs to take down the load from the system to switch tasks. hashcat stands best here for it’s remarkable feature.

  • It supports pause/resume while cracking
  • Supports sessions and restore

We will see this feature in this tutorial. Keep reading.

Supported Attack types

  • Dictionary based attack
  • Brute-force/Mask attack
  • Hybrid dict + mask
  • Hybrid mask + dict
  • Permutation attack
  • Rule-based attack
  • Toggle-case attack

These are too name a few. Hashcat supports way too many algorithms to get your hash cracked.

NOTE: Traditional Brute-force attack is outdated and is replaced by Mask attack in Hashcat. Wee will see later in this post in details about this.


As told above Hashcat comes in 2 vaiants:

  1. Hashcat -A CPU based password cracker
  2. Oclhashcat/CudaHashcat – GPU accelerated tool

Setting up the Lab

Installing Graphics driver

You have basically 2 choices

  1. Install graphics driver in Kali Linux directly, i.e your Pentesting distro.
  2. Install graphics driver in Windows or OSX.

I have Kali Sana installed in my Virtual machine and unfortunately no virtual machine supports using graphics card or GPU acceleration inside the virtual OS. So I’ll be sticking with Hashcat on windows. You can still do the same task with exact same commands on Kali Linux(or any Linux OS) or OSX with properly installed proprietary drivers.

I haven’t written any article on how to install graphics drier in Kali Linux as BlackmoreOps already have a great article on same. so you can follow the links and try installing the same on your version of Kali.

NVidia Users:

AMD Users:

Download HashCat

You can download Hashcat from it’s official website:

File is highly compressed using 7z compression. So make sure you have atleast 1 GB before extracting the downloaded file.

You can use 7zip extractor to decompress the .7z file. Download it here:

P.S: It is free of use and better than WinRAR.

Cleanup your cap file using wpaclean

Next step will be converting the .cap file to a format cudaHashcat or oclHashcat or Hashcat on Kali Linux will understand.

Here’s how to do it:

To convert your .cap files manually in Kali Linux, use the following command

wpaclean <out.cap> <in.cap>

Please note that the wpaclean options are the wrong way round. <out.cap> <in.cap> instead of <in.cap> <out.cap> which may cause some confusion.


Convert .cap file to .hccap file

Now assuming that you have installed appropriate graphics driver for the selected OS, moving on to the nest step. We need to convert the previously captured handshake i.e .cap file to a format that hashcat could understand and it is .hccap file format.

Nothing difficult or time taking. Command to convert .cap to .hccap goes like this

  • aircrack-ng -J <output.hccap> <path/to/.cap file>

Here output.hccap is the output filename with .hccap file format and input.cap is the handshake originally captured.

Log in to Kali Linux, open Terminal and type:

aircrack-ng -J "rootsh3ll-01.hccap"  "rootsh3ll-01.cap"

Note: rootsh3ll-01.cap is located on Desktop. Check location of your .cap file.

Now we have .hccap file, installed graphics driver and downloaded hashcat. Let’s begin the cracking.

Cracking WPA2 Passwords using Hashcat

We will cover the following topics:

  • WPA2 Cracking with Dictionary attack using Hashcat.
  • WPA2 Cracking with Mask attack using Hashcat.
  • WPA2 Cracking with Hybrid attack using Hashcat.
  • WPA2 Cracking Pause/resume in Hashcat (One of the best features)
  • WPA2 Cracking save sessions and restore.

WPA2 dictionary attack using Hashcat

Open cmd and direct it to Hashcat directory, copy .hccap file and wordlists and simply type in cmd

cudaHashcat64.exe -m 2500 rootsh3ll-01.hccap  wordlist.txt wordlist2.txt

Here I have NVidia’s graphics card so I use CudaHashcat command followed by 64, as I am using Windows 10 64-bit version. yours will depend on graphics card you are using and Windows version(32/64).

cudaHashcat64.exe – The program, In the same folder theres a cudaHashcat32.exe for 32 bit OS and cudaHashcat32.bin / cudaHashcat64.bin for Linux. oclHashcat*.exe for AMD graphics card.

-m 2500 = The specific hashtype. 2500 means WPA/WPA2.

In case you forget the WPA2 code for Hashcat.

Windows CMD: cudaHashcat64.exe –help | find “WPA”

Linux Terminal:cudaHashcat64.bin –help | grep “WPA”

It will show you the line containing “WPA” and corresponding code.


Handshake-01.hccap = The converted *.cap file.

wordlist.txt wordlist2.txt= The wordlists, you can add as many wordlists as you want. To simplify it a bit, every wordlist you make should be saved in the CudaHashcat folder.

After executing the command you should see a similar output:


Wait for Hashcat to finish the task. You can pass multiple wordlists at once so that Hashcat will keep on testing next wordlist until the password is matched.

WPA2 Mask attack using Hashcat

As told earlier, Mask attack is a replacement of the traditional Brute-force attack in Hashcat for better and faster results.

let’s have a look at what Mask attack really is.

In Terminal/cmd type:

  • cudaHashcat64.exe -m 2500 <rootsh3ll-01.hccap> -a 3 ?d?l?u?d?d?d?u?d?s?a

-a 3 is the Attack mode, custom-character set (Mask attack)

?d?l?u?d?d?d?u?d?s?a  is the character-set we passed to Hashcat. Let’s understand it in a bit of detail that

  • What is a character set in Hashcat ?
  • Why it is useful ?
What is a character set in Hashcat ?

?d ?l ?u ?d ?d ?d ?u ?d ?s ?a = 10 letters and digits long WPA key. Can be 8-63 char long.

The above text string is called the “Mask”. Every pair we used in the above examples will translate into the corresponding character that can be an Alphabet/Digit/Special character.

For remembering, just see the character used to describe the charset

?d: For digits

?s: For Special characters

?u: For Uppercase alphabets

?l: For Lowercase alphabets

?a: all of the above.

Simple! isn’t it ?

Here is the actual character set which tells exactly about what characters are included in the list:

?l = abcdefghijklmnopqrstuvwxyz
?d = 0123456789
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s

Here are a few examples of how the PSK would look like when passed a specific Mask.

PSK = ?d?l?u?d?d?d?u?d?s?a


So now you should have a good understanding of the mask attack, right ?

Let’s dig a bit deeper now.

Mixing Mask attack with Custom characters.

Let’s say, we somehow came to know a part of the password. So, it would be better if we put that part in the attack and randomize the remaining part in Hashcat, isn’t it ?

Sure! it is very simple. Just put the desired characters in the place and rest with the Mask.


He ?d ?l 123 ?d ?d ?u ?d C is the custom Mask attack we have used. Here assuming that I know the first 2 characters of the original password then setting the 2nd and third character as digit and lowercase letter followed by “123” and then “?d ?d ?u ?d” and finally ending with “C” as I knew already.

What we have actually done is that we have simply placed the characters in the exact position we knew and Masked the unknown characters, hence leaving it on to Hashcat to test further.

Here is one more example for the same:

Let’s say password is “Hi123World” and I just know the “Hi123” part of the password, and remaining are lowercase letters. Assuming length of password to be 10.

So I would simply use the command below

cudaHashcat64.exe -m 2500 <handshake.hccap> -a 3 Hi123?u?u?u?u?u

Where ?u will be replaced by uppercase letters, one by one till the password is matched or the possibilities are exhausted.

Moving on even further with Mask attack i.r the Hybrid attack.

In hybrid attack what we actually do is we don’t pass any specific string to hashcat manually, but automate it by passing a wordlist to Hashcat.

Hashcat picks up words one by one and test them to the every password possible by the Mask defined.


  • cudaHashcat64.exe -m 2500 handshake.hccap -a 1 password.txt ?d?l?d?l

-a 1 : The hybrid attack
password.txt : wordlist
?d?l?d?l = Mask  (4 letters and numbers)

The wordlist contains 4 words.


Now it will use the words and combine it with the defined Mask and output should be this:


It is cool that you can even reverse the order of the mask, means you can simply put the mask before the text file. Hashcat will bruteforce the passwords like this:

You getting the idea now, right ?

Using so many dictionary at one, using long Masks or Hybrid+Masks takes a long time for the task to complete. It is not possible for everyone every time to keep the system on and not use for personal work and the Hashcat developers understands this problem very well. So, they came up with a brilliant solution which no other password recovery tool offers built-in at this moment. That is the Pause/Resume feature


WPA2 Cracking Pause/resume in Hashcat (One of the best features)

This feature can be used anywhere in Hashcat. It isn’t just limited to WPA2 cracking. Even if you are cracking md5, SHA1, OSX, wordpress hashes. As soon as the process is in running state you can pause/resume the process at any moment.

Just press [p] to pause the execution and continue your work.

To resume press [r]. All the commands are just at the end of the output while task execution. See image below


You might sometimes feel this feature as a limitation as you still have to keep the system awake, so that the process doesn’t gets cleared away from the memory.

And we have a solution for that too. Create session!


WPA2 Cracking save Sessions and Restore.

Creating and restoring sessions with hashcat is Extremely Easy.

Just add –session at the end of the command you want to run followed by the session name.


cudaHashcat64.exe -m 2500 rootsh3ll-01.hccap -a 3 Hello?d?l?d?u123?l?l?u --session=blabla

Here I named the session “blabla”. You can see in the image below that Hashcat has saved the session with the same name i.e blabla and running.


Now you can simply press [q] close cmd, ShutDown System, comeback after a holiday and turn on the system and resume the session. That easy!

NOTE: Once execution is completed session will be deleted.

How to restore ?

Above command – “–restore”. Here it goes:

cudaHashcat64.exe -m 2500 rootsh3ll-01.hccap -a 3 Hello?d?l?d?u123?l?l?u --session=blabla --restore

Hashcat will now check in its working directory for any session previously created and simply resume the Cracking process.

Simple enough ? Yes it is.

This is all for Hashcat. Hope you understand it well and performed it along. No need to be sad if you don’t have enough money to purchase those expensive Graphics cards for this purpose you can still try cracking the passwords at high speeds using the clouds. You just have to pay accordingly.

Cloud for Cracking WPA2-PSK

You can even leverage cloud for the same purpose. You just have to pay for the service you use as it requires a lot of money, electricity to keep the system up and running and keeping it fast at the same time.

A Website that provide the similar service is (Discontinued)

They charge $17 for 300 Million words in 20 minutes. Which means 250,000 PMK/Second. Sounds nice! isnt it ?

Well this is a service so they surely have their part of profit. If you are at a shortage of money you can try even cheaper service.

Don’t worry this cheap is actually better than the expensive if you are able to do it accordingly.

That is Amazon Elastic Computing 2(EC2) or AWS (Amazon Web Services). Here you need to do all the things manually after logging into the remote host that yo0u have purchased.

You have to install the tools and dependencies accordingly and give commands to the master server to perform the cracking. You can also create multiple instances to distribute the load and raise the WPA2 cracking speed. Price will change accordingly.

But in short let me tell you if you are willing to do this Super Interesting stuff, it will cost you maximum of $1 an hour for even greater speeds than cloudcracker.

Here is a video to help you understand better the concept of load distribution and command the master server. Hope you are getting the concept.


Here is one more for you to see the WPA2 cracking process running on Amazon EC2, It’s an old video but worth watch and understand the concept.

Forgot to tell you one good news. Amazon EC2 is FREE for first month. It will just ask you for the credit/debit card info as a validation proof. But don’t worry no extra penny will be deducted until you extend to new plan.

So I would encourage you to do some research on this specific topic after getting over of Hashcat. It is the real Fun believe me!

If you love all this crazy stuff You will love that too.

Hope this was helpful enough!

Keep Learning.

  1. is there a way i can calculate how many h/s or pks i can get on a gpu before buying one?, i heard you “sort of” can using the core count, and the Clock Speed but have found nothing. for example say i want to get the amd fury x and before buying it want to calculate how many psk/s i can get on aircrack just by using the gpu specification. is it possible?

    also very nice guide and thank you

    1. Thanks Amback!
      You can simply search google with this query: “[Graphics card name] hashcat benchmark” and this is what I got for AMD Fury X.

      But you might like to have a look at Jeremi M Gosney‘s Post on NVidia Titan X cudaHashcat Benchmarks. Of course it is +$350 expensive than the AMD Fury X but it outperform AMD’s Fastest Graphics Card by a staggering +60% of WPA2 cracking speed and +85% when overclocked and that’s a big deal on a Single GPU which makes it the best card for WPA2 cracking at this moment.
      Benchmarks goes like,
      WPA2 Cracking speed for:
      AMD Fury X: ~163,100 Keys/Second
      NVidia Titan X: ~279,200 Keys/Second

      If you are on a budget of $999, I would definitely suggest you to purchase NVidia Titan X for WPA2 cracking purposes. Why ? because it gives you WPA2 cracking speed almost equals to AMD’s Top 2 graphics card combined. Here’s how

      WPA2 cracking speed for Fury X + Radeon HD 6990 i.e 163100 + 154300 = 317400, which is +38200 keys/second of cracking speed than that of NVidia Titan X.
      Great single card performance isn’t it ?

      Here is a great post by pomwtin about cracking WPA2 cracking speed of the greatest graphics card till date.
      You might love to see the specs. It would be best for you to consider purchasing card as per your desire, budget or need.

      Don’t forget to let me know what’s your purchase! 🙂

  2. I ran hashcat in windows 7 64 bit with rockyou.txt for 5 hours . In the end no password shown just starting and stooping time .What should I do next ?

    1. That means that rockyou.txt doesn’t contains the password used to secure the AP. You should try Mask attack next which will cover the phone numbers. As many people use their mobile numbers as the WPA2 passwords it is worth giving a try.
      Not only it will be completed fairly quick and also you can lately jump on to next dictionary with a confirmation that no mobile number is being used as the passphrase.

  3. what will be the command for hash cat
    case 1-total 8 characters with any combination
    case2-total 9 characters with any combination
    case 3-total 10 characters with any combination

    1. cudaHashcat64.exe -m 2500 -a 3 ?a?a?a?a?a?a?a?a # For 8 random chars.

      Simply put 9 times ?a for 9 chars and 10 times ?a for 10 random characters.

      Ex: cudaHashcat64.exe -m 2500 -a 3 ?a?a?a?a?a?a?a?a?a

  4. Nice tutorial.

    I guess I’ve found a mistake. You say that -a 1 is the parameter for hybrid attack, but Hashcat documentation says it’s -a 6. In my tests with oclhashcat, -a 6 is the correct parameter.

  5. Good write-up. Appreciate the thorough approach.

    One comment/question. In all of my studying of the statistical probabilities of brute-forcing a WPA2 handshake, it seems that unless you are certain the passphrase contains specific characters, using a mask attack is of little value. In fact, from my own personal experience, there is little to no benefit in using wordlists or dictionaries whatsoever. I think I have been successful around 5% of the time when using dictionaries/wordlists. In one case a few years ago, I wasted significant time using a 27GB wordlist on a handshake without success.

    This has led me to the belief that for purposes of efficiency, and to avoid duplicative efforts with multiple wordlists (which may contain common words between them), the most reliable method is to just pipe a wordlist from Crunch…For instance, a Crunch generated list of all words containing 8 characters (say lower-case alpha and numeric). I realize this is a very large wordlist, but through the use of AWS high performance AMIs, it can be done.

    That said, if using simply a Crunch generated list, do you still believe oclHashcat performs better than Pyrit-Cuda? I have not used Hashcat, but assumed that other than the mask-attack or other word-manipulation features, there is no difference in speed, and further, pyrit has the database functionality where the PMKs can be pre-generated. Do you have experience showing hashcat is indeed faster than Pyrit for just plain brute-forcing/testing of each hash against the handshake?

    1. Hey Paul,

      Thanks for the appreciation Paul!

      Talking about the Wordlist/dictionary based attack, they are most likely to be successful when combined with a well conducted Social Engineering and Reconnaissance.
      In simple terms you just have to do the right thing to get the job done and to know that right thing you can use social engineering to get your direction.
      Although success isn’t guaranteed but chances increases by multiple folds.

      I cracked a WPA2 of an Institute by creating a wordlist adding possible combinations of the name of the Institute itself, some numbers like 1234567890, 1..9, 098..1 etc and the password was cracked within seconds as wordlist was ridiculously small and the password was written on their board itself. It was a mobile number.
      It is definitely not the best way(none is). But can be very helpful and save a lot of money,resources and of course time. Even if you are on AWS AMIs.

      As you told using any random dictionary is mostly a waste of time, effort and money. Agree!

      To prevent common multiples in a wordlist, create a copy of a wordlist using uniq command

      There are many benchmarks you can find over the Internet which will show you that Hashcat(Still in dev.) is always better than Pyrit(Not updated since 2012).
      For instance have a look at this benchmark on 4X ATI HD5970:
      Same when used on CUDA. As in my case. Hashcat performs better. On Linux and Windows as well.

      P.S: Hashcat also rejects the duplicated values. So you do not need to wonder how to get rid of it.

  6. Hi great read! But i just wanted to correct you on one of there commands for the Hi123 where you say the rest is lower case but you used ?u where is actually should be ?l

  7. Hi,
    Thanks for a thorough tutorial.
    I’d like to ask: If I want hashcat to try words beginning from 6 chars up to 8 chars (?a?a?a?a?a?a – ?a?a?a?a?a?a?a?a).
    How to do that?

    1. Just add “ -i –increment-min=6 –increment-max=8 ” at the very end of your command.
      -i is to enable the increment switch and to automate the command for you to increase character testing limit.

      Remember. WPA2 requires atleast 8 characters.

  8. Hashcat sounds good , they should of made it easier to use , like aircrack. I cant find the cracked password file. I tried cat hashcat.pot
    No directory

    1. aircrack is dedicated for WEP/WPA/2 password cracking only, so comes with minimal options whereas Hashcat provides almost every encryption method for cracking with so much of flexibility. I think it is already easiest possible cracker, considering the power and flexibility it gives.

      For listing cracked password try ls *.pot

      1. Thanks , I’ve just started using hashcat today -all day..Just got my video card and wow hashcat runs fast with gpu..

        One question bro..
        Is their a way of knowing the password lenght ..i opened a cap file with wireshark. And i was browsing through the file and saw (key) lenght 16 digits.
        Im not sure ..
        Any input would be appreciated.

        1. Nope. There’s no way to get the key length. it is because the PBKDF2 function in the WPA2 algorithm always comes out with a fixed size PSK that’s 32 bytes (256 bits) and often displayed as 64 hex characters.

          For better clarity you can use wpa_passphrase utility.
          Syntax: wpa_passphrase

          Notice the PSK in output. It is a 64 HexaDecimal string. As 1 HexaDecimal represents a nibble(4 bits), 64 hex characters represents 256-bits of PSK.

          The passphrase must lie within range of 8-63 characters, as per WPA2 requirement. No matter passphrase is 8 or 63 characters the PSK will always be 256 bit key.
          Which simply does not allow us to check the length of the passphrase from the Hash

          NOTE: Encrypted string can be decrypted, Encoded string can be decoded, But a Hash can never be de-hashed. It’s Irreversible.

          1. Thanks brother , for your time.

            Can you help me with a command..

            I want to run this on hashcat
            Example: crunch 12 12 0123456789abcdefghijklmnopqrtuvwxyz

            Im testing a att router which has a 12 length password
            Random letters and numbers..
            How can i run a similar command on hashcat without creating a huge wordlist

          2. Just replace the numbers with a % and alphabets with @
            crunch 12 12 -t %%%%%%@@@@@@

            NOTE: Make sure total characters in the -t arguments lie within the provided range.. i.e 12 in this case. Ofcourse you can make combinations like:
            %%@@@@@@@@@@ = 00aaaaaaaaaa
            %%%%%@@@@@@@ = 00000aaaaaaa
            %%%@@@%%%@@@ = 000aaa000aaa

            Have fun 😉

  9. What is the correct syntax for a hashcat dictionary attack while *NOT* using my GPU?
    (I’m trying to NOT mess up yet another machine trying to force-install non-compatible GPU drivers.)

    # Only use my CPU:
    > hashcat -m 2500 my.hccap mydict.txt

    Always fails:
    hashcat (v3.10) starting…
    OpenCL Platform #1: Mesa, skipped! No OpenCL compatible devices found
    ERROR: No devices found/left

Leave a Reply

Your email address will not be published. Required fields are marked *