OclHashcat-plus

Oclhashcat-plus is the faster wpa cracker.
More info at http://hashcat.net/oclhashcat-plus/
It's use only the gpu and have many unique feature:

- leave free your cpu during calculation
- pause-resume while cracking
- Integrated thermal watchdog
- Worlds first and only GPGPU based rule engine

Requirement

For gpu computing you have to install only amd driver or nvidia drivers:
How_to_install_Nvidia_CUDA_drivers_and_toolkit
amd-driver-and-amd-app-sdk-installation

Installation

To use it you need to convert your capture handshake in particular format "hccap".
To do this you can choice to use cap2hccap
cap2hccap <input.pcap> [input.pcap] [input.pcap] ... <outfile>
or the convert page of author of oclhashcat

http://hashcat.net/cap2hccap/

or compile the lastest svn sources of aircrack-ng.

sudo apt-get install sudo apt-get install build-essential make subversion libssl-dev zlib1g zlib1g-dev libnl1 libnl-dev libpcap0.8 libpcap0.8-dev cracklib-runtime
sudo svn co http://trac.aircrack-ng.org/svn/trunk /opt/aircrack-ng
cd /opt/aircrack-ng
sudo make
clean your cap file and convert to hccap format

/opt/aircrack-ng/src/wpaclean [cap_clean_name] [cap_file]
/opt/aircrack-ng/src/aircrack-ng -J [hccap_name] [cap_clean_file]
now install oclHashcat-plus
sudo apt-get install oclhashcat-plus
Usage
Usage: oclHashcat-plus [options] hash|hashfile|hccapfile [wordfiles|directories]

Startup:
  -V,  --version                     print version
  -h,  --help                        print help
       --eula                        print EULA

Logging and Files:
       --quiet                       suppress output
       --show                        show cracked passwords
       --left                        show uncracked passwords
       --username                    enable ignore of usernames in hashfile
       --remove                      enable remove of hash from hashfile once it is cracked
  -o,  --outfile=FILE                outfile for recovered hash
       --outfile-format=NUM          0 = hash[:salt]:pass
                                     1 = hash[:salt]:hex_pass
                                     2 = hash[:salt]:pass:hex_pass

Session:
       --runtime=NUM                 automatically abort session after NUM seconds

Misc:
       --hex-salt                    assume salt is given in hex

Attacks:
  -a,  --attack-mode=NUM             number of attack-mode
                                     0 = Straight *
                                     4 = Permutation
                                     * = for rule-based attack use -r or -g
Resources:
  -c,  --segment-size=NUM            number of mb to cache from wordfile
       --gpu-async                   use non-blocking async calls (NVidia only)
  -d,  --gpu-devices=STR             CUDA devices to use, seperate with comma
  -n,  --gpu-accel=NUM               workload tuning: 1, 8, 40, 80, 160
       --gpu-loops=NUM               workload fine-tuning if -n is not precise enough
       --gpu-watchdog=NUM            automatically abort session at NUM celsius

Rules:
  -r,  --rules-file=FILE             rules-file for rule-engine
  -g,  --generate-rules=NUM          number of self-generating rules
       --generate-rules-func-min=NUM force number of functions per rule min
       --generate-rules-func-max=NUM force number of functions per rule max

Permutation specific:
       --perm-min=NUM                number of chars in dictionary minimum
       --perm-max=NUM                number of chars in dictionary maximum

Hash types:
  -m,  --hash-type=NUM               number correlates to hash-type

    0 = MD5
    5 = vBulletin < v3.8.5
    9 = IPB2, MyBB1.2
   15 = vBulletin > v3.8.5
  100 = SHA1
  300 = MySQL > v4.1
  400 = phpass, MD5(Wordpress), MD5(phpBB3)
  500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
  600 = nsldap, SHA-1(Base64), Netscape LDAP SHA
  700 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
  900 = MD4
 1000 = NTLM
 1100 = Domain Cached Credentials, mscash
 1300 = MSSQL(2000)
 1400 = SHA256
 1500 = descrypt, DES(Unix), Traditional DES
 1600 = md5apr1, MD5(APR), Apache MD5
 2000 = Oracle 11g
 2100 = Domain Cached Credentials2, mscash2
 2300 = MSSQL(2005)
 2400 = Cisco-PIX MD5
 2500 = WPA/WPA2
Example
 
backuser@Backbox:~$ /opt/oclHashcat-plus-0.06/oclHashcat-plus64.bin -m 2500 -n 80 --gpu-loops 1024 wpa2.eapol.clean.cap.hccap 500000.uniq.txt
oclHashcat-plus v0.06 by atom starting...

Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 1024
GPU-Accel: 80
Password lengths range: 8 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: ATI RV770, 512MB, 0Mhz, 10MCU
Device #1: Allocating 60MB host-memory
Device #1: Kernel /opt/oclHashcat-plus-0.06/kernels/4098/m2500.ATI RV770.64.kernel (2040367 bytes)

Scanned dictionary ../Scrivania/500000.uniq.txt: 5013698 bytes, 499992 words, starting attack...

Harkonen:12345678

Status.......: Cracked
Input.Mode...: File (../Scrivania/500000.uniq.txt)
Hash.Target..: Harkonen
Hash.Type....: WPA/WPA2
Time.Running.: 16 secs
Time.Util....: 16994.7ms/27.5ms Real/CPU, 0.2% idle
Speed........:    19983 c/s Real,    18296 c/s GPU
Recovered....: 1/1 Digests, 1/1 Salts
Progress.....: 341396/499992 (68.28%)
Rejected.....: 1789/341396 (0.52%)
HW.Monitor.#1: 99% GPU, 48c Temp

What if you have the •Intel HD graphics 4000 card, would this not work?

NVIDIA does not support CUDA on anything other than their own GPUs.

I didn't try to do that with Intel cards. But it's posible with opencl, i think so. I made cracking machine with my friends few years ago, and we didn't use CUDA, only multi GPU's. But that is not all what you need to crack passwords. You need to find tool and learn how to use that tool. Tool like Hashcat, John the Ripper etc.. . With cards you get speed and with good tool settings you get max usage of all machine GPU's.