谢谢楼主 分享
有用吗?用过的说说
不懂用,太贵了!!!
不管好不好,先鄙视下楼主
我不会下的
真的有这么神奇的工具么?这个要学习一下了。
没钱啦。。。
不是吧这么贵
呵呵 ,妈的全是EN
能不能有用啊。呵呵
coWPAtty for Windows MAIN:
* d- G. a$ H. W
"coWPAtty is designed to audit the pre-shared key (PSK) selection for WPA networks based on the TKIP protocol." - Joshua Wright.
, v& T. o3 E0 [) J8 m. k8 r1 [1 Y/ _
Project Homepage: http://www.willhackforsushi.com/Cowpatty.html
4 z4 ^+ c9 b5 vF, G" N
0 l# y( z0 X$ U+ C/ S. y1 A
Local Mirror: Cowpatty-4.0-win32.zipMD5: aa9ead2aacfcc493da3684351425d4c6
8 E$ l4 M& Wf1 E! B- }' e/ g; r! ]6 V6 [: u2 QM! G& L6 F
coWPAtty Dictionary Attack
: v) |+ G4 z6 y9 O
Precomputing WPA PMK to crack WPA PSK
8 L@* c$ r1 yV
coWPAtty Precomputed WPA Attack
, r0 |2 h4 X+ S9 A
coWPAtty Recomputed WPA2 Attack
( b3 O- G% L( _6 }2 V+ L% V2 M8 I7 v, s* z
coWPAtty Tables
JZ6 w0 w* B6 l! i: K
coWPAtty Usage:
! P/ i* _1 j; a3 c
3 t) z% k- i/ d& D ( z+ A& s, x0 t( m- d- R
coWPAtty Dictionary Attack:: u, g: R' Q( j- T5 Yi1 O1 g2 T
Toperform the coWPAtty dictionary attack we need to supply the tool witha capture file that includes the TKIP four-way handshake, a dictionaryfile of passphrases to guess with and the SSID for the network.
( S2 I3 h0 x/ j. y2 Z' {% b
In orderto collect the four-way handshake you can either wait until a clientjoins the network or preferably you can force it to rejoin the networkusing tools like void11 or aireplay and capture the handshakes usingsomething like kismet, ethereal or airodump.
/ x& L0 O1 Mv6 V* g9 j, e3 Y% k* k
cowpatty -f dict -r wpapsk-linksys.dump-s linksys
5 U6 f) y' N! }3 L2 E0 d
9 xt3 n3 s' e1 r, b% J% I_
8 j" O. D0 F( w3 }$ p/ r" Q" o# n( r# M: {
" L6 F+ }' F0 v: Q6 y
As youcan see this simple dictionary attack took 51 seconds, we can speed upthis process by precomputing the WPA-PMK to crack the WPA-PSK (seebelow).
: @; x* X/ J; M
wpapsk-linksys.dump is the capture containing the four-way handshake
0 N. I5 h9 e" V/ fT
dict is the password file
, ~) W: L! d6 I& f' h5 w9 K. g) ?
linksys is the network SSID
' V& W2 D; {# f7 HZ. m% @4 y6 r- `( c* R* e( I
Precomputing WPA PMK to crack WPA PSK:
. ^% z1 ^) f3 h/ M: {" Q
genpmkis used to precompute the hash files in a similar way to Rainbow tablesis used to pre-hash passwords in Windows LANMan attacks.There is aslight difference however in WPA in that the SSID of the network isused as well as the WPA-PSK to "salt" the hash.This means that weneed a different set of hashes for each and every unique SSID i.e. aset for "linksys" a set for "tsunami" etc.
+ X# o5 YI0 x* \4 |1 f! b3 g! F) ?& X# n2 M_
So to generate some hash files for a network using the SSID cuckoo we use:
. {2 Ij' Q0 Z6 e, W; l' Y
8 t; J: I( l% B6 C
genpmk-fdict-d linksys.hashfile-s linksys
8 M4 z7 x0 S( b3 I- F. P# |( F
- ?2 i8 E]3 Y. R4 Q0 N3 |6 ?0 Z
5 m" k/ ?7 H) f& S
1 F( c$ E, W?* s6 Y
dict is the password file
1 v! Q. v1 \4 H/ j# W% ^1 y) G
linksys.hashfile is our output file
9 C1 `0 I$ m; E; |
linksys is the network ESSID
6 v6 {7 b0 b5 H' {* S; ^4 B
( P8 a% S% `0 r5 r( XcoWPAtty Precomputed WPA Attack:# ?/ x) d2 _& C+ W/ i
Now wehave created our hash file we can use it against any WPA-PSK networkthat is utilising a network SSID of cuckoo.Remember the capture(wpa-test-01.cap) must contain the four-way handshake to be successful.
3 m" r/ l3 a2 G; @+ I# A1 Q
0 K; o" p/ Z+ I5 u+ @! H
cowpatty-d linksys.hashfile -r wpapsk-linksys.dump-s linksys
+ {# d\& b( s, m, N
& R1 V1 Xu4 A# O
# }( e$ }9 ?( M' |! ]9 l
wpa-test-01.cap is the capture containing the four-way handshake
. {e2 Rw8 A3 n% x7 S% K
linksys.hashfile are our precomputed hashes
; e- M" y* t# g+ i
linksys is the network ESSID
+ H! o[1 |3 a8 E8 y0 l& e
# w) ?( }2 j( u# n9 x
Notice that cracking the WPA-PSK took 0.04 seconds with the pre-computed attacked as opposed to 200 secondswith standard dictionary attack mode, albeit you do need to pre-computethe hash files prior to the attack.However, precomputing large hashfiles for common SSIDS (e.g. linksys, tsunami) would be a sensible movefor most penetration testers.
" k& a: p/ u. L4 |* C0 e
1 z4 O: }- l$ l- F$ O* _$ C3 _
coWPAtty Precomputed WPA2 Attack:
0 P$ y5 O0 Z3 d
coWPAtty4.0 is also capable of attacking WPA2 captures.Note: The same hashfile as was used with the WPA capture was also used with the WPA2capture.
- W9 m7 }. Z' Q! B1 S
cowpatty-d linksys.hashfile -r wpa2psk-linksys.dump-s linksys
; G* X9 x' b# N3 J$ o* S
# h: S0 |6 {$ p$ h6 _3 }8 ?/ U4 W
% g6 _# a! fX( K1 ?
wpa2psk-linksys.dump is the capture containing the four-way handshake
6 O8 l6 N, C/ w, B5 E7 f8 R
dict is the password file
6 E% `/ y: Y# I2 b
linksys is the network SSID
+ S! m& n4 m! a6 a# |; u8 }
_! m, M' b9 {9 @, A8 {
coWPAtty Tables:
2 I; ], f: ~. u& `4 t, P8 gThe Church of Wifi have produced some lookup tables for 1000 SSID's computed against a 170,000 word password file.The resultant table are approximately 7 Gigabytes in size and can be downloaded via Torrent:
+ u~( W) a2 a, \1 J8 Nb9 ve! c+ W0 y6 }0 e. M7 k* j
http://torrents.lostboxen.net/co ... atty-4.0_2006-10-19
( _+ F4 M3 K9 d5 d
4 l% Y- E. {3 Z5 w9 B$ PA 33 Gigabyte set of tables are also available: http://umbra.shmoo.com:6969/1 P" V6 G( J9 W
6 J3 t- q, E; ^0 A0 Z
Or you can buy them via DVD, direct from Renderman (initiator of the project): http://www.renderlab.net/projects/WPA-tables/. J% }2 r' B; I6 C+ ~; `
5金币就给你一堆英文的,你看懂了吗
这么贵不买