hashcat -m 22000 handshake_hash.hc22000 -a 0 probable.txt -r best64.rule Rules can add numbers, capitals, leet speak ( e → 3 ), and years. This often cracks passwords that plain wordlists miss. If you know the password pattern (e.g., 8 lowercase letters + 2 digits), use a mask:
cat rockyou.txt probable.txt > combined.txt This is the most powerful next step. Rules mutate existing words (e.g., password → Password123! ). hashcat -m 22000 handshake_hash
It balances size and effectiveness. It’s much larger than rockyou.txt (often 14 million entries) but not as massive as rockyou-75.txt or full hashcat rule-based attacks. Rules mutate existing words (e
| Step | Command / Action | Purpose | |------|------------------|---------| | 1 | aircrack-ng capture.cap | Confirm handshake is present | | 2 | wc -l probable.txt | Count lines; ensure file not empty | | 3 | head -n 5 probable.txt | Verify format (one password per line) | | 4 | aircrack-ng capture.cap -w probable.txt | Run again, watch for “tried X passwords” | | 5 | Try a tiny custom wordlist with the suspected password | If that cracks, handshake is good; the list is the problem. | It’s much larger than rockyou