Cracking a WPA/2 handshake

Anyone know the best way to crack a .cap file to get the key? i have tried aircrack but it was just too slow.

rainbow tables, also try to find a good gpu cracker

wainbow tables will only work if the essid is a defult one (like "linksys") as the password is hashed, then salted with the essid.

gpu cracking is... not mentioned much on the internet... but yeah, pyrit -> cowpatty -> aircrack-ng (lots of piping with that one)

the other way is a good wordlist. which is the quickets method, but it probubly wont work unless its crazy large.


also, are you sure the wpa handshake was captured? make sure when you run airodump it says wpa handshake up at the top. for this to happen, someone needs to connect to the network while you are scanning. if its taking to long you can do a deauthentication attack to get one (aireplay -0 4)

Attack WPS instead of WPA it takes around 6-12 hours

WPS might be disabled, the routers that Verizon gives you has WPS disabled by default

use wash to see if WPS is enabled and if it is you can use reaver to crack it

I find that cracking WPA handshakes isn't worth the effort. It's really only going to make sense in spending time on it if the router has a generic name such as 'linksys' or 'NETGEAR'. Otherwise it could takes years to crack unless you have a farm of GPU's.


When I had FiOS installed Verizon's default WiFi encryption was WEP and mostly everyone in my neighborhood is still using WEP with FiOS. It's really sad.

I havr had fios for a little less than a year and the router came with WPA2 by default