EvilMog

Disclaimer: I am not a hashcat developer but I am on Team Hashcat, I am going to apologize for some corrections but they need to be made. 1) wpaclean is part of the aircrack-ng suite, it should not be used for extracting hashes from wpa traffic for use in hashcat, the format it extracts in has been superceded and any requests for support using it will be denied. There is an alternative wlandump from hcxtools https://github.com/ZerBea/hcxtools which is supported under the most recent versions of hashcat and these tools are very specific and purpose built, other tools in the suite include: wlandump-ng Small, fast and simple but powerfull WLAN scanner wlanresponse Extreme fast deauthentication/authentication/response tool wlanrcascan Small, fast and simple passive WLAN channel assignment scanner (status output) pioff Turns Raspberry Pi off via GPIO switch wlancapinfo Shows info of pcap file wlancap2hcx Converts cap to hccapx (recommended for use with wlandump-ng and wlanresponse) wlanhcx2cap Converts hccapx to cap wlanhc2hcx Converts hccap to hccapx wlanhcx2essid Merges hccapx containing the same ESSID wlanhcx2ssid Strips BSSID, ESSID, OUI wlanhcx2john Converts hccapx to format expected by John the Ripper wlanhcxinfo Shows detailed info from contents of hccapxfile wlanhcxmnc Manually do nonce correction on byte number xx of a nonce whoismac Show vendor information pwhash Generate hash of a word by using a given charset 2) from your post "I generally use john. When done, if i can't see a password in the terminal because it scrolled off screen, you type "john hashfile.txt --show" hashcat has had this support for some time with --show, also --username if you are using a dump with usernames so there is no need to use john 3) from your post "I've dabbled with hashcat, but i don't have a GPU to use with it" Hashcat supports CPU as of 3.00 with the correct opencl libraries 4) from your post "had to use the older CPU only version, where John just seems so much faster in this respect " hashcats opencl cpu code is multiple times faster than johns native cpu code because of algorithms are optimized on math level 5) from your post "you can pipe crunch directly into aircrack" Crunch is a legacy processor, you really should be using hashcat-utils maskprocessor instead, its much faster. That being said you don't need to use it as hashcat has it built in with -a 3 plus its markov-chain optimized In summary stop using legacy tools like pyrit they haven't been updated in ages and no new research is being done, the guy who is writing hcxtools is the one who pushes WPA cracking today. There's not been any improvement on wpa based attacks since a long time for aircrack-ng and pyrit and both fail to do deauth attacks cleanly (without creating invalid handshakes) For some good reading: WPA Cracking with hashcat https://hashcat.net/forum/thread-6150.html New parameter: --nonce-error-corrections https://hashcat.net/forum/thread-6361.html hashcat v3.00 release notes https://hashcat.net/forum/thread-5559.html For anything else please visit the hashcat forums, wiki and IRC channel