coWPAtty 介绍

实施采用PSK的认证(如WPA-Personal)的对WPA/WPA2网络脱机字典攻击。许多企业网络中部署的WPA/WPA2 PSK的认证机制,因为它比建立需要WPA-Enterprise身份验证所需的RADIUS,请求者和证书颁发机构的架构要容易得多。 Cowpatty可以实现加速攻击如果一个预先计算的PMK的文件都可以用于正在进行评估的SSID。

资料来源:http://www.willhackforsushi.com/?page_id=50br
coWPAtty 首页
coWPAtty 源代码版本库

Author: Joshua Wright
License: GPLv2

包含在cowpatty里的工具

cowpatty - WPA-PSK字典攻击
:~# cowpatty -h
cowpatty 4.6 - WPA-PSK dictionary attack. <>

Usage: cowpatty [options]

    -f  Dictionary file
    -d  Hash file (genpmk)
    -r  Packet capture file
    -s  Network SSID (enclose in quotes if SSID includes spaces)
    -c  Check for valid 4-way frames, does not crack
    -h  Print this help information and exit
    -v  Print verbose information (more -v for more verbosity)
    -V  Print program version and exit

genpmk - WPA-PSK预计算攻击

:~# genpmk -h
genpmk 1.1 - WPA-PSK precomputation attack. <>
Usage: genpmk [options]

    -f  Dictionary file
    -d  Output hash file
    -s  Network SSID
    -h  Print this help information and exit
    -v  Print verbose information (more -v for more verbosity)
    -V  Print program version and exit

After precomputing the hash file, run cowpatty with the -d argument.

genpmk 示例

使用随机提供的字典文件(-f /usr/share/wordlists/nmap.lst)生成hashfile,将其保存到一个文件(-d cowpatty_dict)为给定的ESSID(-s安联):

:~# genpmk -f /usr/share/wordlists/nmap.lst -d cowpatty_dict -s securenet
genpmk 1.1 - WPA-PSK precomputation attack. <>
File cowpatty_dict does not exist, creating.
key no. 1000: pinkgirl

1641 passphrases tested in 4.09 seconds:  401.35 passphrases/second

cowpatty 示例

使用随机提供的hashfile(-d cowpatty_dict),读取数据包捕获(-r天命-20140515-16-21-37-1.pcapdump),以及破解的密码给定的ESSID(-s 6F36E6):

:~# cowpatty -d cowpatty_dict -r Kismet-20140515-16-21-37-1.pcapdump -s 6F36E6
cowpatty 4.6 - WPA-PSK dictionary attack. <>