只有顶起了
阿斯顿发送到飞
太无语了.要那么多钱..唉.不看了.
想分享的话,就别搞的这么贵嘛。
:@ {:2_31:} {:3_47:} 上当了,全是鸟文![分享] 直接搞定WPA和WPA2 无线密码P解工具
记录付费主题, 价格:金币 5 元
coWPAtty for Windows MAIN:" c# [' V" W5 W: S0 @- t+ L- A" K
"coWPAtty is designed to audit the pre-shared key (PSK) selection for WPA networks based on the TKIP protocol." - Joshua Wright. ! j4 _$ I9 I$ ~6 {, C, a
Project Homepage: http://www.willhackforsushi.com/Cowpatty.html
7 {4 K% j& u, O0 Z/ r+ V% x* X* u& b. U
Local Mirror: Cowpatty-4.0-win32.zipMD5: aa9ead2aacfcc493da3684351425d4c69 b3 @4 E& O' [: O7 [
' u8 t9 G) I5 T@
coWPAtty Dictionary Attack
; ~7 h4 W' N$ U0 v0 j Precomputing WPA PMK to crack WPA PSK
- F% P/ E$ w7 Q$ e7 b- j coWPAtty Precomputed WPA Attack; i, y# U4 E4 B
coWPAtty Recomputed WPA2 Attack$ C( N7 |* e# d. k
coWPAtty Tables
+ [: [- K- w- b! [$ Y8 ?n4 CcoWPAtty Usage:" l' Q1 y& _/ ]; a, B. K
http://wirelessdefence.org/Contents/Images/cowpatty_win32_1.jpg5 V! ~) Y/ b2 T- G1 @
8 g* d6 s' \R# D
coWPAtty Dictionary Attack:
9 a, {2 P& pm( @ Toperform the coWPAtty dictionary attack we need to supply the tool witha capture file that includes the TKIP four-way handshake, a dictionaryfile of passphrases to guess with and the SSID for the network.
9 g1 _6 x5 V$ c, m) e: q+ k# @% d In orderto collect the four-way handshake you can either wait until a clientjoins the network or preferably you can force it to rejoin the networkusing tools like void11 or aireplay and capture the handshakes usingsomething like kismet, ethereal or airodump.0 u' ]8 p( o- ~% F; \1 z; Y$ Q; @& B7 o
cowpatty -f dict -r wpapsk-linksys.dump-s linksys' e! ?0 H5 D0 @# p
3 _& H1 X/ PN& ^" Z
http://wirelessdefence.org/Contents/Images/cowpatty_win32_2.jpg
, S: ^' f$ N( z, M6 d. m
5 T. h5 ^/ s! d; M- }' H" q! g% M/ v% a% e
As youcan see this simple dictionary attack took 51 seconds, we can speed upthis process by precomputing the WPA-PMK to crack the WPA-PSK (seebelow)., M+ W6 X7 x2 \7 F* Y( K0 F# p/ S
wpapsk-linksys.dump is the capture containing the four-way handshake1 G4 P# A/ r" Z# c8 y$ j& x; t0 E7 M
dict is the password fileB& R( A8 E) j5 \
linksys is the network SSID& b, @' m2 p4 p4 ^1 @6 C; @2 V
3 f: [" z; k3 X6 T3 Z
Precomputing WPA PMK to crack WPA PSK:& ?( q1 a- w9 ?+ R, ^4 }& y8 k& Z' [
genpmkis used to precompute the hash files in a similar way to Rainbow tablesis used to pre-hash passwords in Windows LANMan attacks.There is aslight difference however in WPA in that the SSID of the network isused as well as the WPA-PSK to "salt" the hash.This means that weneed a different set of hashes for each and every unique SSID i.e. aset for "linksys" a set for "tsunami" etc.
5 j/ J; c% [+ H( w8 i8 z5 ]' V4 E2 p; p1 q8 c! u
So to generate some hash files for a network using the SSID cuckoo we use:3 ~: Z! Q. |$ b/ u2 [& |! Y
$ n* e0 x' C) z* Z- [
genpmk-fdict-d linksys.hashfile-s linksys" e: r5 S, a8 M1 L
( E: Q' u1 `( T( Kg( ~0 A http://wirelessdefence.org/Contents/Images/cowpatty_win32_3.jpg
' t- \0 G7 ~* y# s! Y. s+ H8 `, i2 {: ~
dict is the password file$ u! {* J: _; d0 ]
linksys.hashfile is our output file
% F" u( XV' o+ `9 `; P linksys is the network ESSID
" v8 X; L7 M: j4 E; n! n9 I4 z# l. N: E5 X, X1 |+ b( P. O( b
coWPAtty Precomputed WPA Attack:4 z7 T. n" N& jp5 E1 G! A3 g
Now wehave created our hash file we can use it against any WPA-PSK networkthat is utilising a network SSID of cuckoo.Remember the capture(wpa-test-01.cap) must contain the four-way handshake to be successful.8 @f& i$ s1 l+ \; n
( Z' W) n7 _A) X$ P: B
cowpatty-d linksys.hashfile -r wpapsk-linksys.dump-s linksys
. w8 {, G( v' j# c8 G! n3 L! ? http://wirelessdefence.org/Contents/Images/cowpatty_win32_4.jpg
$ }6 G8 b) O& We5 U6 K% G$ z3 ]4 e" V5 \8 f2 ^9 d
wpa-test-01.cap is the capture containing the four-way handshake
) h0 T) X8 j# m linksys.hashfile are our precomputed hashes
/ N( I! Y% d7 e, s linksys is the network ESSID7 r! r& ?$ D& r: }. A* ~
, d/ K: u. o3 D- S7 K* ]: }
Notice that cracking the WPA-PSK took 0.04 seconds with the pre-computed attacked as opposed to 200 secondswith standard dictionary attack mode, albeit you do need to pre-computethe hash files prior to the attack.However, precomputing large hashfiles for common SSIDS (e.g. linksys, tsunami) would be a sensible movefor most penetration testers.
8 W& s, p' @& zY
# `. W7 b$ h- v' ?3 z1 ccoWPAtty Precomputed WPA2 Attack:- d( ^7 X: ~* l+ ]0 B
coWPAtty4.0 is also capable of attacking WPA2 captures.Note: The same hashfile as was used with the WPA capture was also used with the WPA2capture.
% X+ ]& j9 d3 ^+ Y3 p: {; P& A cowpatty-d linksys.hashfile -r wpa2psk-linksys.dump-s linksys
3 v0 F1 M' Z4 k# ~ http://wirelessdefence.org/Contents/Images/cowpatty_win32_5.jpg3 y8 E" u
9 N* U- [" ~# J6 ], c& k7 A+ g wpa2psk-linksys.dump is the capture containing the four-way handshake
4 O- o: ^4 }! m. ~ dict is the password file
1 {3 V! b% U0 ?+ Y% O linksys is the network SSID]/ tN9 Y( E) _: eb0 _/ q1 A
: v9 t6 @# J' Y. P7 t* G, X6 `/ LcoWPAtty Tables:
8 ?! h5 l% \6 E, G3 `" n9 g1 i( ?- AThe Church of Wifi have produced some lookup tables for 1000 SSID's computed against a 170,000 word password file.The resultant table are approximately 7 Gigabytes in size and can be downloaded via Torrent:
( w0 `+ d& ~3 Zp9 A: H8 d8 ?% c- `& w
http://torrents.lostboxen.net/co ... atty-4.0_2006-10-19
2 K9 `" L& E+ T$ x, r& g4 S9 Q6 H6 y# _! P3 J% n
A 33 Gigabyte set of tables are also available: http://umbra.shmoo.com:6969/$ d5 C" P* g$ p! D, i8 a
4 j1 N8 u) d+ W% V' ?2 W% rOr you can buy them via DVD, direct from Renderman (initiator of the project): http://www.renderlab.net/projects/WPA-tables/
就是,太贵了吧
有用吗??????????????
有用吗??????????????看看
啥东东啊?
你穷疯了哦
:victory::lol
全部鸟语的!!!! 直接复制!日