Crack WiFi Passwords with GPU

Capture and crack WPA2-PSK networks via four-way handshake or PMKID attacks

WPA2-PSK (pre-shared key) network cracking where offline dictionary attack is faster than online brute-force.

• · Target BSSID, ESSID, channel from prior recon
• · Wi-Fi adapter in monitor mode with packet injection
• · Wordlist or mask for dictionary/brute-force attack

• · WPA2-PSK handshake (EAPOL frames) captured and verified for cracking
• · PMKID hash extracted (no client reconnect needed)
• · Cracked pre-shared key and plaintext password

• · airodump-ng (target capture on single channel)
• · aireplay-ng (client deauth to force reconnect)
• · hcxdumptool / hcxpcapngtool (handshake → hashcat format conversion)
• · hashcat -m 22000 (GPU-accelerated WPA/PMKID cracking)
• · asleap (NetNTLMv1 cracking for MSCHAPv2 if WPA-Enterprise variant)

• · Prior recon phase complete (BSSID, channel, encryption confirmed WPA2-PSK)
• · At least one client currently associated or will reconnect during capture window
• · Adapter passes aireplay-ng injection test (30/30 ack rate)

• · PMF enabled blocks EAPOL deauthentication (handshake cannot be forced)
• · Client doesn't reconnect after deauth (timed out or roaming to other SSID)
• · Handshake incomplete (only 1-3 EAPOL frames captured, need all 4)
• · PMKID extraction fails if AP doesn't include PMKID in Beacon/Probe frame (optional field)
• · Wordlist missing correct password (time spent on futile cracking)

• · Handshake capture and PMKID extraction documented separately (different workflows)
• · Injection test validation ensures adapter compatibility before attempt
• · Clear separation of handshake vs. PMKID workflows (choose based on client availability)