Tuesday 31 March 2015

Cracking WPA/WPA2 With Aircrack-ng and Cowpatty :

Cracking WPA/WPA2 With Aircrack-ng and Cowpatty :

Performing the Crack

The Wi-Fi Alliance was wise to implement an eight character minimum for WPA-PSK. Making the key that long essentially renders brute force methods useless. This is because the number of possible typeable character combinations for keys of an eight character length is just above six quadrillion (that's 948 or about 6 x 1015).
My poor little laptop can only crunch about 35 hashes a second, so it would take me about five-and-a-half million years (I'm not kidding here either, I did the math!) to create a hash table for an eight character hash table or to test all possible combinations when brute-forcing a key.
And what's more, since the hash is salted with the SSID of the AP, that hash table I just spent five million years creating, would be good only against APs with that exact SSID. So, clearly we're not going to be brute-forcing any WPA keys anytime soon.
What we can do, however, is limit the list of possible passphrases by making educated guesses, compute the hashes of those guesses and check them against our captured key. This technique is referred to as adictionary attack.

BackTrack v2 comes bundled with a good offering of simple wordlists, as well as four lists of passwords common in the '90s, reverse-sorted by occurrence (more common passwords are at the top, less common passwords are at the bottom). The lists seem to be missing from Backtrack v3, but there areplenty of wordlists around the 'net.
Using the wordlists in Backtrack version 2, we can mount a dictionary attack on our captured WPA handshake using either aircrack-ng or coWPAtty. Aircrack-ng runs much faster on my attacking system (testing 3740 keys took 35 seconds), and has native optimization for multiple processors. coWPAtty, on the other hand, runs much slower (testing the same 3740 keys took almost 2 minutes) and can accept hash files precomputed by genpmk.
aircrack-ng attack
Start a dictionary attack against a WPA key with the following:
General Form:
aircrack-ng -e AP_SID -w dictionary_file capture_file
Example (BackTrack v3):
aircrack-ng -e snb -w /pentest/wireless/cowpatty-4.0/dict Kismet-Jan-15-2008-1.dump
Aircrack-ng shows the hex hashes of the keys as it tries them, which is nice since some attacks can take a long time. Figure 8 shows that Aircrack-ng took 35 seconds to find the test key "dictionary".
Aircrack-ng, Key Found!coWPAtty
First move into the cowpatty directory, either by selecting it from the menu or by changing to/pentest/wireless/cowpatty-4.0. Then run:
General Form:
./cowpatty -s AP_SID -f dictionary_file -r capture_file
Example:
./cowpatty -s snb -f dict -r Kismet-Jan-15-2008-1.dump
coWPAtty doesn't say much about its run-time status, but prints updates every thousand keys. Figure 9 shows that coWPAtty took a little over two minutes to recover the test key "dictionary".
coWPAtty, Key Found!
coWPAtty, Key Found!
Alternately, coWPAtty can use a precomputed hash file to attack a WPA key. Precomputed hash files use a technique similar to Rainbow Tables allowing you to trade the amount of time required to crack a given key for hash file size (and precomputation time).
Hashes are paired with their plain text precursor allowing the engine to simply look up the captured WPA key hash and read off its corresponding plain text key. Since WPA keys are salted, this technique only works against AP's with the same SSID used to compute the table.
Hash tables can be very effective but require disk space to store the tables that can get rather large, quickly. Even with these limitations, the Church of WiFi has computed hash tables for the 1000 most common SSID's against one million common passphrases.
You can generate a hash table from within the cowpatty directory with coWPAtty's genpmk:
General Form:
./genpmk -s AP_SID -f dictionary_file -d hash_output_file
Example:
./genpmk -s snb -f dict -d dict_hash
genpmk Hash Table Generation
genpmk Hash Table Generation
Now, using the newly created hash table, the crack takes only a fraction of a second (0.11 to be precise). This is just shy of 1/1100th the time it took when not using a hash table.
General Form:
./cowpatty -s AP_SID -d hash_output_file -r capture_file
Example:
./cowpatty -s snb -d dict_hash -r Kismet-Jan-15-2008-1.dump


coWPAtty Hash Table Attack

coWPAtty Hash Table Attack
Posted by at

3 comments:

  1. Amalia Eva11 December 2020 at 15:26

    I Want to use this medium to appreciate an online ghost hacker, after being ripped off my money he helped me find my cheating lover and helped me hacked his WHATSAPP, GMAIL, kik and all his social media platforms and i got to know that he has being cheating on me and in less than 24 hours he helped me out with everything, hacking setting is trust worthy, contact him via: hackingsetting50@gmail.com

    ReplyDelete
  2. felisha green5 March 2021 at 21:05

    Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete
  3. Anonymous13 March 2022 at 13:17

    Mohanthemass: Cracking Wpa/Wpa2 With Aircrack-Ng And Cowpatty : >>>>> Download Now

    >>>>> Download Full

    Mohanthemass: Cracking Wpa/Wpa2 With Aircrack-Ng And Cowpatty : >>>>> Download LINK

    >>>>> Download Now

    Mohanthemass: Cracking Wpa/Wpa2 With Aircrack-Ng And Cowpatty : >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete

Subscribe to: Post Comments (Atom)