感觉象是骗金币的。
地方生生世世
你太强了,请给我发一个,谢谢!jiankang.520@163.com
有点坑人的嫌疑!!
没有找到介绍。
估计是假的?
太貴了,我不想买
ALFAjiushile
5555555555555555555555
coWPAtty for Windows MAIN:
' m0 R( K- c( G% ~% ?& [
"coWPAtty is designed to audit the pre-shared key (PSK) selection for WPA networks based on the TKIP protocol." - Joshua Wright. & \4 h; g. W% d3 v6 M
Project Homepage: http://www.willhackforsushi.com/Cowpatty.html
# p" \. l5 S1 ^9 K
# O/ h5 L2 R; v* l' x; Y8 C
Local Mirror: Cowpatty-4.0-win32.zipMD5: aa9ead2aacfcc493da3684351425d4c6
% u, ~& w1 w4 I5 s0 l
6 Y9 B! t) |- O$ G. s
coWPAtty Dictionary Attack
! d' N! RR8 l. [i* r
Precomputing WPA PMK to crack WPA PSK
; y# N6 X" K4 A
coWPAtty Precomputed WPA Attack
1 s" c! d0 f: G4 g
coWPAtty Recomputed WPA2 Attack
8 ( u* m4 h5 ^
coWPAtty Tables
N& l! e0 W, D0 z+ Q7 KcoWPAtty Usage:
1 `) ]. f% `+ w5 Ne* N$ rD2 T" b( Y( g
1 K$ r; F" ~" O( L
coWPAtty Dictionary Attack:
( o: Z1 ~4 y% w0 \0 q. _6 e6 f
Toperform the coWPAtty dictionary attack we need to supply the tool witha capture file that includes the TKIP four-way handshake, a dictionaryfile of passphrases to guess with and the SSID for the network.
, u4 l+ O, f+ @6 ~( ?5 y- a9 z
In orderto collect the four-way handshake you can either wait until a clientjoins the network or preferably you can force it to rejoin the networkusing tools like void11 or aireplay and capture the handshakes usingsomething like kismet, ethereal or airodump.
5 h2 R- b- w, d' s% m
cowpatty -f dict -r wpapsk-linksys.dump-s linksys
. t2 x( `: {4 D( Z2 B9 M' q& _8 D( W+ ?. |5 r
9 G0 n( B9 @( j8 ]
+ {% x7 I8 GPd9 @1 ^1 J7 Y; L8 x( T2 R! W0 p4 Z
As youcan see this simple dictionary attack took 51 seconds, we can speed upthis process by precomputing the WPA-PMK to crack the WPA-PSK (seebelow).
/ Q2 w5 F! ^! p; O& S$ i
wpapsk-linksys.dump is the capture containing the four-way handshake
5 a- o|3 Q4 I
dict is the password file
4 e% G8 H# X! Z& D' D$ f
linksys is the network SSID
' b( g$ S4 M# t
, B. l8 Z: D( uPrecomputing WPA PMK to crack WPA PSK:, {# Z6 QT, s( e) w" c- s" E8 u
genpmkis used to precompute the hash files in a similar way to Rainbow tablesis used to pre-hash passwords in Windows LANMan attacks.There is aslight difference however in WPA in that the SSID of the network isused as well as the WPA-PSK to "salt" the hash.This means that weneed a different set of hashes for each and every unique SSID i.e. aset for "linksys" a set for "tsunami" etc.
0 n2 B+ u/ M4 P4 h& l
: U# C, F. V0 P0 ]
So to generate some hash files for a network using the SSID cuckoo we use:
9 g9 h/ ~- |" B7 p
( v6 J/ _" w3 h3 r, n
genpmk-fdict-d linksys.hashfile-s linksys
! Z. r' P) k/ \: k+ n
, ]2 \! kb" q$ ~
7 A0 k% ^$ ]! ~0 XZ" S
+ W: H1 d4 k. F/ Z. V+ s# e6 u1 u
dict is the password file
1 M6 ty; T9 k& m2 O7 ]3 p
linksys.hashfile is our output file
/ x: k# X, N- E+ C6 D6 s; x' R! q
linksys is the network ESSID
* D# L6 F) T# D) D& ?+ A( j( l; A! T0 K3 t0 K
coWPAtty Precomputed WPA Attack:$ r4 n4 v$ |) [- ]* }/ }3 D
Now wehave created our hash file we can use it against any WPA-PSK networkthat is utilising a network SSID of cuckoo.Remember the capture(wpa-test-01.cap) must contain the four-way handshake to be successful.
5 eM2 [9 F- U+ {5 t2 S! x
" m( }9 _8 N6 |
cowpatty-d linksys.hashfile -r wpapsk-linksys.dump-s linksys
' |1 z8 P3 h- X5 O
" X* L. Q; CE" c6 x
; W" a% b6 F7 d- K$ F
wpa-test-01.cap is the capture containing the four-way handshake
& }, r1 H; M0 a! X8 ]6 G
linksys.hashfile are our precomputed hashes
& S2 @: ]1 S+ W' b" g: U, @
linksys is the network ESSID
2 U" ^' H- P2 ?& F; zD/ D' B: L" ?/ N4 j. P/ @$ g- J8 m& g
Notice that cracking the WPA-PSK took 0.04 seconds with the pre-computed attacked as opposed to 200 secondswith standard dictionary attack mode, albeit you do need to pre-computethe hash files prior to the attack.However, precomputing large hashfiles for common SSIDS (e.g. linksys, tsunami) would be a sensible movefor most penetration testers.
$ A+ g' \8 Y! p$ D- Y
6 m" ?1 I8 M- kcoWPAtty Precomputed WPA2 Attack:
$ M" u7 ?5 o6 F$ _
coWPAtty4.0 is also capable of attacking WPA2 captures.Note: The same hashfile as was used with the WPA capture was also used with the WPA2capture.
1 D0 j, P; f0 i! g: f8 u4 |) ?7 O
cowpatty-d linksys.hashfile -r wpa2psk-linksys.dump-s linksys
1 q& m& `; O3 M& u* x! A' u( `
- A* u6 M# X5 X1 Q
/ A* pF: r7 [" \
wpa2psk-linksys.dump is the capture containing the four-way handshake
: K$ x8 n2 H" m/ IT
dict is the password file
* {0 g7 Y/ L. x0 O
linksys is the network SSID
0 J1 m) \3 D0 o; P+ h0 t
% |5 u4 Q5 m8 [. b7 {9 {
coWPAtty Tables:
- E# r' A7 D7 r/ g2 X% z' s$ O5 _. PThe Church of Wifi have produced some lookup tables for 1000 SSID's computed against a 170,000 word password file.The resultant table are approximately 7 Gigabytes in size and can be downloaded via Torrent:& @) N; `' R2 Y- a
4 {; `8 {# I# n$ lhttp://torrents.lostboxen.net/co ... atty-4.0_2006-10-197 e0 b3 o8 O4 D) j2 ^5 C2 s! Y
- l6 K. ^0 z6 e: m# q2 ~A 33 Gigabyte set of tables are also available: http://umbra.shmoo.com:6969/7 ^, e/ H) c1 v7 w: \9 I6 x! q/ F: ?
* g9 W0 ?# z5 u
Or you can buy them via DVD, direct from Renderman (initiator of the project): http://www.renderlab.net/projects/WPA-tables/
# tH& p* P; \2 _# m本文地址:http://forum.anywlan.com/thread-37302-1-1.html
怎么ME看不见阿...5555....
想分享的话,就别搞的这么贵嘛