很怀疑,wpa这么容易搞定么?
知识是无价的。
全是E文看不懂
胃口也太大了。。。。。。
真的这么牛??看看先!
上当了,为什么还要登录密码!!
收费太贵吧
本帖最后由 smilebomb 于 2010-1-14 23:09 编辑
本人最讨厌这种人
coWPAtty for Windows MAIN:
"coWPAtty is designed to audit the pre-shared key (PSK) selection for WPA networks based on the TKIP protocol."
- Joshua Wright.
9 W! N. @4 P6 l
Project Homepage: http://www.willhackforsushi.com/Cowpatty.htmlR4 J: `& r* s# B( H7 s
Local Mirror: Cowpatty-4.0-win32.zip
MD5: aa9ead2aacfcc493da3684351425d4c6
; Pg* r1 A! |0 k% Q
coWPAtty Dictionary Attack3 q- f; E! E4 N$ C( wg; R
Precomputing WPA PMK to crack WPA PSK+ t6 t; S5 }$ y1 K% ]
coWPAtty Precomputed WPA Attack
coWPAtty Recomputed WPA2 Attack+ H+ d* V- T3 \
coWPAtty Tablesw$ ?7 R5 x2 E! x! U
coWPAtty Usage:6 ~$
http://wirelessdefence.org/Contents/Images/cowpatty_win32_1.jpg
coWPAtty Dictionary Attack:
Toperform the coWPAtty dictionary attack we need to supply the tool witha capture file that includes the TKIP four-way handshake, a dictionaryfile of passphrases to guess with and the SSID for the network.
In orderto collect the four-way handshake you can either wait until a clientjoins the network or preferably you can force it to rejoin the networkusing tools like void11 or aireplay and capture the handshakes usingsomething like kismet, ethereal or airodump.
cowpatty -f dict -r wpapsk-linksys.dump-s linksys
' D3 t( M+ N" m
+ e7 }! a5 {) s
http://wirelessdefence.org/Contents/Images/cowpatty_win32_2.jpg/ e" U0 T" m# [+ y
As youcan see this simple dictionary attack took 51 seconds, we can speed upthis process by precomputing the WPA-PMK to crack the WPA-PSK (seebelow).0 d4 E6 IY, L7 |% n5 j6 Y3 w8 Q
wpapsk-linksys.dumpis the capture containing the four-way handshake
dict is the password file
linksys is the network SSID
Precomputing WPA PMK to crack WPA PSK:
genpmkis used to precompute the hash files in a similar way to Rainbow tablesis used to pre-hash passwords in Windows LANMan attacks.There is aslight difference however in WPA in that the SSID of the network isused as well as the WPA-PSK to "salt" the hash.This means that weneed a different set of hashes for each and every unique SSID i.e. aset for "linksys" a set for "tsunami" etc.
So to generate some hash files for a network using the SSID cuckoo we use:7 @) @# C* G* b6 c6 LX3 w) i4 ?
2 Q- n* U0 t1 d0 i3 w+ C" Y
genpmk-fdict-d linksys.hashfile-s linksys
3 e0 X: @) {+ t' r8 @0 T
6 T: P' K$ O5 n) ]! h9 T
http://wirelessdefence.org/Contents/Images/cowpatty_win32_3.jpg
dict is the password file' E, R7 Ri- f$ i' W$ S7 Y& e! X
linksys.hashfile is our output file( E7 _$ F' x( g) W! a; `" o
linksysis the network ESSID
# w1 w2 q0 s: @* O5 C4 N( D
coWPAtty Precomputed WPA Attack:- z5 |# j1 rd
Now wehave created our hash file we can use it against any WPA-PSK networkthat is utilising a network SSID of cuckoo.Remember the capture(wpa-test-01.cap) must contain the four-way handshake to be successful.3 u1 d; w& R\; l0 n. N* {# \8 I
cowpatty-d linksys.hashfile -r wpapsk-linksys.dump-s linksys
( W, L1 N0 G, ^( _/ A$ t
http://wirelessdefence.org/Contents/Images/cowpatty_win32_4.jpg
4 c. ]" P' n5 m5 Y( B
+ @4 Z) w( b0 d+ H" u8 s8 f
wpa-test-01.capis the capture containing the four-way handshake
linksys.hashfile are our precomputed hashes: x" EY. h; I: ?3 a) x
linksys is the network ESSID
Notice that cracking the WPA-PSK took 0.04 seconds with the pre-computed attacked as opposed to 200 secondswith standard dictionary attack mode, albeit you do need to pre-computethe hash files prior to the attack.However, precomputing large hashfiles for common SSIDS (e.g. linksys, tsunami) would be a sensible movefor most penetration testers.
coWPAtty Precomputed WPA2 Attack:
coWPAtty4.0 is also capable of attacking WPA2 captures.Note: The same hashfile as was used with the WPA capture was also used with the WPA2capture.
cowpatty-d linksys.hashfile -r wpa2psk-linksys.dump-s linksys
http://wirelessdefence.org/Contents/Images/cowpatty_win32_5.jpg
+ Q3 a1 C/ A( l9 [' X8 P8 X) [! B
wpa2psk-linksys.dumpis the capture containing the four-way handshake
dict is the password file
linksys is the network SSID#
* g) x8 g: u2 Q
coWPAtty Tables:" q# T+ c, n. p; [+ W
The Church of Wifi have produced some lookup tables for 1000 SSID's computed against a 170,000 word password file.The resultant table are approximately 7 Gigabytes in size and can be downloaded via Torrent:
http://torrents.lostboxen.net/co ... atty-4.0_2006-10-19/ p+ G7 n" D4 e8 ]0 E. V
: x7 S$ l6 R, N: `! [
A 33 Gigabyte set of tables are also available: http://umbra.shmoo.com:6969/
% \- R* _, O. ?9 Y
Or you can buy them via DVD, direct from Renderman (initiator of the project): http://www.renderlab.net/projects/WPA-tables/
我看什么好看的我自己挂字典算还行
路过支持。。
ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
不是買了嗎?
看一次 就不能再看?