coWPAtty包装说明

实施采用PSK的认证(如WPA-Personal)的对WPA / WPA2网络脱机字典攻击。许多企业网络中部署的WPA / WPA2 PSK的认证机制,因为它比建立需要WPA-Enterprise身份验证所需的RADIUS,请求者和证书颁发机构的架构要容易得多。 Cowpatty可以实现加速攻击如果一个预先计算的PMK的文件都可以用于正在进行评估的SSID。

资料来源:http://www.willhackforsushi.com/?page_id=50br />
coWPAtty首页 | 卡利coWPAtty回购

  • 作者:约书亚·赖特
  • 许可:GPL第二版

包含在cowpatty包工具

cowpatty - WPA-PSK字典攻击
root@kali:~# cowpatty -h
cowpatty 4.6 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Usage: cowpatty [options]

    -f  Dictionary file
    -d  Hash file (genpmk)
    -r  Packet capture file
    -s  Network SSID (enclose in quotes if SSID includes spaces)
    -c  Check for valid 4-way frames, does not crack
    -h  Print this help information and exit
    -v  Print verbose information (more -v for more verbosity)
    -V  Print program version and exit

genpmk - WPA-PSK预计算攻击

root@kali:~# genpmk -h
genpmk 1.1 - WPA-PSK precomputation attack. <jwright@hasborg.com>
Usage: genpmk [options]

    -f  Dictionary file
    -d  Output hash file
    -s  Network SSID
    -h  Print this help information and exit
    -v  Print verbose information (more -v for more verbosity)
    -V  Print program version and exit

After precomputing the hash file, run cowpatty with the -d argument.

genpmk用法示例

使用随机提供的字典文件(-f /usr/share/wordlists/nmap.lst)生成 hashfile,将其保存到一个文件(-d cowpatty_dict)为给定的ESSID(-s安联):

root@kali:~# genpmk -f /usr/share/wordlists/nmap.lst -d cowpatty_dict -s securenet
genpmk 1.1 - WPA-PSK precomputation attack. <jwright@hasborg.com>
File cowpatty_dict does not exist, creating.
key no. 1000: pinkgirl

1641 passphrases tested in 4.09 seconds:  401.35 passphrases/second

cowpatty用法示例

使用随机提供的hashfile(-d cowpatty_dict),读取数据包捕获(-r天命-20140515-16-21-37-1.pcapdump),以及破解的密码给定的ESSID(-s 6F36E6):

root@kali:~# cowpatty -d cowpatty_dict -r Kismet-20140515-16-21-37-1.pcapdump -s 6F36E6
cowpatty 4.6 - WPA-PSK dictionary attack. <jwright@hasborg.com>