Skip to main content

Pwnagotchi

In order to setup your Pwnagotchi, read https://pwnagotchi.ai/installation/. I have this on a Pi Zero W, and just have that connected to a Power Brick with a MicroUSB charger. This page is meant for what I do after the Pwnagotchi is set up.

Accessing Handshakes

The handshakes are located in /root/handshakes/. The way I go about accessing the files is by SSH-ing into the machine as root. I then run cp -r /root/handshakes/ /home/pi/handshakes/. This makes a copy of the handshakes folder in the pi home directory. I then use FileZilla, to then log in to the pi user and download the files (from port 22).

Handshake to Hash file

Once you have the handshakes, they will all be in .pcap format. In order to convert all of them at once to hashcat-readable hashes, I ran the following command:

hcxpcapngtool -o hash.hc22000 -E wordlist.txt *

The hcxpcapngtool command is part of the hcxtools install (apt install hcxtools). The -o is for where the output to be PMKID/EAPOL hash file should go. The -E is to output the ESSIDs as a potential word-list for cracking later. This part is not necessary, but helps if you want to add those just as a precaution. The * is a wildcard which will convert all of the pcaps in the current directory.

Cracking

For cracking I run the following hashcat command:

hashcat -m 22000 <hash_file> <wordlist>

The -m 22000 specifies the hash to be WPA-PBKDF2-PMKID+EAPOL format. I usually use rockyou.txt as the default wordlist.

In order to read the cracked passwords you can run the following:

hashcat -m 22000 <hash_file> <wordlist> --show

OR you can read the potfile by running cat hashcat.potfile where you have hashcat downloaded.

Statistics

Crack #1

Hardware: Apple MacBook Air (M1, 2020)

OS: macOS Monterey

Chip: Apple M1

RAM: 16 GB

.pcap files: 46

hashes extracted: 17

cracked:

PasswordWordlist
0123456789rockyou.txt
1234567890rockyou.txt
flores08rockyou.txt
Grocery1rockyou.txt

Time for cracking: 45 min, 49 sec

More info can be found: https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2.