coWPAtty: Brute-force Dictionary Attack Against WPA-PSK


coWPAtty: Brute-force Dictionary Attack Against WPA-PSK

Introduction

Cowpatty is a network tool that can be used to deploy brute-force dictionary attacks on vulnerable wireless networks systems. The tool is especially efficient in performing offline dictionary-based attacks against wireless system (WPA/WPA2 security protocols). This is made possible due to the fact that both security protocols rely on PSK (PreShared Key) authentication procedures. Cowpatty has the ability to intercept these procedures and can audit the algorithms used in the authentication process.

PSK (Pre-Shared Key)

PSK is a Pre-Shared-Key used in security algorithms such as WEP, WPA, and WPA2 security protocols. It represents the shared key/secret which was previously shared between the two parties using some secure channel.

coWPAtty: WPA-PSK Dictionary Attack

This tool can thoroughly asses an SSID (Service Set Identifier) for any pre-computed PMK files which it then uses to launch a brute-force dictionary attack on the wireless network system. Through these attacks, it can access passwords and other important credentials being used to access a specific wireless network.

Cowpatty is very good at cracking weak WPA-PSK passwords and has gained popularity over years; it is highly used in network administration procedures and can also be used by hackers to acquire passwords to wireless networks.

Taking Advantage of PSK (Pre-Shared-Key) Deficiencies

PSK (PreShared Key) is a simple security authentication procedure that is used by most enterprise networks to secure all kinds of wireless communications within a wireless network system. This type of authentication procedure is mainly applied in WPA/WPA2 network security protocols; it helps in encrypting passwords used on wireless network systems.

Enterprise networks prefer using PSKs because they are much easier to use and they also carry out authentication procedures very fast compared to the normal certificate WPA-authentication procedures.

Using PSKs is easy and fast, but they also have a couple of loopholes, and this is what cowpatty takes advantage of. Cowpatty has a built-in ability that enables it to intercept the authentication procedure by carrying out a brute-force dictionary attack against WPA passwords.

Features:

  • Supports offline¬†attacks against WPA-PSK security protocols
  • Performs accelerated attacks on SSID
  • An out-of-the-box tool package (WPA-PSK dictionary attack, WPA-PSK pre-computation attack)

coWPAtty Tool Package

Cowpatty is equipped with tools that enable it to perform various attacks on wireless network systems, based on the type of attack intended you can use:

  • cowpatty to perform a WPA-PSK dictionary attack and
  • genpmk to perform a precomputation WPA-PSK attack.

Supported Platforms

  • Linux

coWPAtty Install

Cowpatty comes preinstalled in BlachArch and Kali Linux, but can also be installed on any other Linux distro by running the following commands below.

$ wget http://www.wirelessdefence.org/Contents/Files/cowpatty-4.6.tgz
$ tar zxfv cowpatty-4.6.tgz
$ cd cowpatty-4.6
$ make cowpatty
$ sudo cp cowpatty /usr/bin

Usage

Kali users: If you are using BackTrack it is important to remember that cowpatty is located in the /usr/local/bin directory and not the /pentest/wireless directory.

To get a list of cowpatty options, use -h:

$ cowpatty -h
cowpatty 4.8 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Usage: cowpatty [options]

   -f Dictionary file
   -d Hash file (genpmk)
   -r Packet capture file
   -s Network SSID (enclose in quotes if SSID includes spaces)
   -c Check for valid 4-way frames, does not crack
   -h Print this help information and exit
   -v Print verbose information (more -v for more verbosity)
   -V Print program version and exit  

genpmk:

$ genpmk -h
genpmk 1.3 - WPA-PSK precomputation attack. jwright@hasborg.com
Usage: genpmk [options]

   -f Dictionary file
   -d Output hash file
   -s Network SSID
   -h Print this help information and exit
   -v Print verbose information (more -v for more verbosity)
   -V Print program version and exit 

 After precomputing the hash file, run cowpatty with the -d argument. 

Examples:

Cracking the Hash:

$ cowpatty -f /pentest/passwords/wordlists/[WORDLIST.TXT] -r [PACKET_CAPTURE_FILE.CAP] -s [SSID]

Cracking the Password:

$ cowpatty -d [HASH_FILE] -r [PACKET_CAPTURE_FILE] -s [SSID] 
Download Box