Amir Roknifard
Amir Roknifard is a cyber security professional with years of professional experience and proven track record in cyber security management and risk consulting, helping boards to better manage their cyber risk and transform their cyber security practices. He is the founder of Academician Journal that aims to close the gap between academy and InfoSec industry. He also has authored and reviewed books, published articles, and developed a master's degree program in cyber security.

Brute-Force WPA/WPA2 via GPU without dictionary

I personally don’t like dictionary attacks, although many people still believe they are safe while their favorite passwords are from their personal data or from the nearest dictionary around.

Here, I will show you how to pipe different tools in order to crack a WPA/WPA2 protected WiFi by generating different passwords on-the-fly through GPU and use them in cracking process to find the match.

Before we start, you should check if your graphic card is CUDA enabled, as we need it in the process. But if you do not have a good graphic card, you can always rent a small elastic compute cluster from Amazon for a cheap price and do your job remotely.

First you need to capture a handshake. How you want to get it, I will leave it to you. After you got your handshake, you will have it in a *.cap file. Then send it through this chain of commands:

john --stdout --incremental:all | pyrit -e WIFIESSID -i - -o - passthrough | cowpatty -r yourhandshake.cap -d - -s WIFIESSID

The Pyrit uses GPU which eventually leads to a better performance in cracking process. Instead of Cowpatty you can also use Aircrack-ng.

I leave it to your imagination that how far it can go, and I am sure you have lots of ideas :D

Share your experiences with me. Happy high-speed cracking :)