Cowpatty is a network tool that can be used to deploy brute-force dictionary attacks on vulnerable wireless networks systems. The tool is especially efficient in performing offline dictionary-based attacks against wireless system (WPA/WPA2 security protocols). This is made possible due to the fact that both security protocols rely on PSK (PreShared Key) authentication procedures. Cowpatty has the ability to intercept these procedures and can audit the algorithms used in the authentication process.
PSK (Pre-Shared Key)
coWPAtty: WPA-PSK Dictionary Attack
This tool can thoroughly asses an SSID (Service Set Identifier) for any pre-computed PMK files which it then uses to launch a brute-force dictionary attack on the wireless network system. Through these attacks, it can access passwords and other important credentials being used to access a specific wireless network.
Cowpatty is very good at cracking weak WPA-PSK passwords and has gained popularity over years; it is highly used in network administration procedures and can also be used by hackers to acquire passwords to wireless networks.
Taking Advantage of PSK (Pre-Shared-Key) Deficiencies
Enterprise networks prefer using PSKs because they are much easier to use and they also carry out authentication procedures very fast compared to the normal certificate WPA-authentication procedures.
Using PSKs is easy and fast, but they also have a couple of loopholes, and this is what cowpatty takes advantage of. Cowpatty has a built-in ability that enables it to intercept the authentication procedure by carrying out a brute-force dictionary attack against WPA passwords.
- Supports offline attacks against WPA-PSK security protocols
- Performs accelerated attacks on SSID
- An out-of-the-box tool package (WPA-PSK dictionary attack, WPA-PSK pre-computation attack)
coWPAtty Tool Package
Cowpatty is equipped with tools that enable it to perform various attacks on wireless network systems, based on the type of attack intended you can use:
cowpattyto perform a WPA-PSK dictionary attack and
genpmkto perform a precomputation WPA-PSK attack.
Cowpatty comes preinstalled in BlachArch and Kali Linux, but can also be installed on any other Linux distro by running the following commands below.
$ wget http://www.wirelessdefence.org/Contents/Files/cowpatty-4.6.tgz $ tar zxfv cowpatty-4.6.tgz $ cd cowpatty-4.6 $ make cowpatty $ sudo cp cowpatty /usr/bin
To get a list of cowpatty options, use
$ cowpatty -h cowpatty 4.8 - WPA-PSK dictionary attack. <firstname.lastname@example.org> Usage: cowpatty [options] -f Dictionary file -d Hash file (genpmk) -r Packet capture file -s Network SSID (enclose in quotes if SSID includes spaces) -c Check for valid 4-way frames, does not crack -h Print this help information and exit -v Print verbose information (more -v for more verbosity) -V Print program version and exit
$ genpmk -h genpmk 1.3 - WPA-PSK precomputation attack. email@example.com Usage: genpmk [options] -f Dictionary file -d Output hash file -s Network SSID -h Print this help information and exit -v Print verbose information (more -v for more verbosity) -V Print program version and exit After precomputing the hash file, run cowpatty with the -d argument.
Cracking the Hash:
$ cowpatty -f /pentest/passwords/wordlists/[WORDLIST.TXT] -r [PACKET_CAPTURE_FILE.CAP] -s [SSID]
Cracking the Password:
$ cowpatty -d [HASH_FILE] -r [PACKET_CAPTURE_FILE] -s [SSID]