Welcome, my hacker friend
As part of my series on hacking Wi-Fi, I want to demonstrate another excellent piece of hacking software for cracking WPA2-PSK passwords. In my last post, we cracked WPA2 using aircrack-ng. In this tutorial, we'll use a piece of software developed by wireless security researcher Joshua Wright called cowpatty (often stylized as coWPAtty). This app simplifies and speeds up the dictionary/hybrid attack against WPA2 passwords, so let's get to it!
Step 1: Find the Cowpatty
Cowpatty is one of the hundreds of pieces of software that are included in the BackTrack suite of software. For some reason, it was not placed in the /pentest/wireless directory, but instead was left in the /usr/local/bin directory, so let's navigate there.
cd /usr/local/bin
Because cowpatty is in the /usr/local/bin directory and this directory should be in your PATH, we should be able to run it from any directory in BackTrack.
Step 2: Find the Cowpatty Help Screen
To get a brief rundown of the cowpatty options, simply type:
cowpatty
BackTrack will provide you a brief help screen. Take a note that cowpatty requires all of the following.
a word list
a file where the password hash has been captured
the SSID of the target AP
Step 3: Place the Wireless Adapter in Monitor Mode
Just as in cracking with aircrack-ng, we need to put the wireless adapter into monitor mode.
airmon-ng start wlan0
Step 4: Start a Capture File
Next, we need to start a capture file where the hashed password will be stored when we capture the 4-way handshake.
airodump-ng --bssid 00:25:9C:97:4F:48 -c 9 -w cowpatty mon0
This will start a dump on the selected AP (00:25:9C:97:4F:48), on the selected channel (-c 9) and save the the hash in a file named cowcrack.
Step 5: Capture the Handshake
Now when someone connects to the AP, we'll capture the hash and airdump-ng will show us it has been captured in the upper right-hand corner.
Step 6: Run the Cowpatty
Now that we have the hash of the password, we can use it with cowpatty and our wordlist to crack the hash.
cowpatty -f /pentest/passwords/wordlists/darkc0de.lst -r /root/cowcrack-01.cap -s Mandela2
As you can see in the screenshot above, cowpatty is generating a hash of every word on our wordlist with the SSID as a seed and comparing it to the captured hash. When the hashes match, it dsplays the password of the AP.
Step 7: Make Your Own Hash
Although running cowpatty can be rather simple, it can also be very slow. The password hash is hashed with SHA1 with a seed of the SSID. This means that the same password on different SSIDs will generate different hashes. This prevents us from simply using a rainbow table against all APs. Cowpatty must take the password list you provide and compute the hash with the SSID for each word. This is very CPU intensive and slow.
Cowpatty now supports using a pre-computed hash file rather than a plain-text word file, making the cracking of the WPA2-PSK password 1000x faster! Pre-computed hash files are available from the Church of WiFi, and these pre-computed hash files are generated using 172,000 dictionary file and the 1,000 most popular SSIDs. As useful as this is, if your SSID is not in that 1,000, the hash list really doesn't help us.
In that case, we need to generate our own hashes for our target SSID. We can do this by using an application called genpmk. We can generate our hash file for the "darkcode" wordlist for the SSID "Mandela2" by typing:
genpmk -f /pentest/passwords/wordlists/darkc0de.lst -d hashes -s Mandela2
Step 8: Using Our Hash
Once we have generated our hashes for the particular SSIDs, we can then crack the password with cowpatty by typing:
cowpatty -d hashfile -r dumpfile -s ssid
GREAT DEVELOPMENT GOALS ON ONLINE FUNDING ACCOUNTS. (3min read.)
ReplyDeleteCRYPTOCURRENCY (BITCOIN) underhanded agency. The world's interesting array on financial change you wouldn't ever want to regret missing out on. Here is a global focus fully immersed to a degree that the subject in question Is an highly profitable finance worthwhile experience on merits. The organisation Constructing a long focus on funding your cryptocurrency(bitcoin) wallet with an enormous amounts of coins, including PAYPAL ACCOUNT, ONLINE BANK ACCOUNTS, ATM, and CREDIT CARD LOADING/CREDIT CARD DEPT CLEARANCE. Up a world of unimagined decentralized possibilities, where more online banking funds on value can be built, transferred, and managed with greater ease and transparency via Hacking.
Being a victim of CRYPTOCURRENCY(bitcoin) Funds Mishap prompt our effort on finance cyber scandal focus (CSF). And the most interesting, Bitcoin Wallet Hack Rectification (BWHR), Bitcoin loading, PayPal loading, credit cards/ATM hack.
Firstly,⚠warning!
With money making, scam is a pretty common occurence today. Consumers have to be on a watch at any atrempt on financial fraud. That includes an ultimate addition of insult to injury. Be wary of forgeries who target victim of previous con, luring you in with bogus promises and you can even be charge for actions you could do on your own.
This is a life time transformation with the professionals."
You been trying so hard to meet with the real deal and changing your financial status to a massive ultimate crypto/dollar bill here is where your search ends. There is never a pleasure in been poor.
As a strong and established personnel of cryptocurrency (bitcoin), PayPal, credit card user, in the terms of solid community, we strive to continue our mission on helping Individuals who are facing various cyber problems mostly the bitcoin hack swindles. Good news comes rare and it's left for us to whether cherish such glittering ounce of it like a priceless diamond or the otherwise.
As part of our core mission and value to fix a dysfunctional bitcoin wallet accounts back to it normal stability and increasingly loading different accounts with huge funds via a dominant online crocked cyber tech algorithms. Taking a weighty focus on bitcoin hacks, For instance, wallet account facing problems which incudes.
▪Slack hacking bots,
Fradulent bitcoin minning through brokers
▪Wallet hack,
▪Bitcoin minning pool and exchage hacking,
▪Changing wallet addresses
▪Cryptocurrency theft,
▪Freeze mining on crptocurrency.
Here you are been given a chance to recover what you thought you lost and earnestly making a lot of funds via this highly classified information. This is a global information that navigates a newbie to a prominent encounter. We treat every request with patience and outmost confidence. Basically, hacking requires patience and no funds related successful hack goes lesser than 16 hours. The bottomline is we make a purposeful use of the time in lenience to attain a positive result to our clients.
For our prominent services like Paypal funds loading, credit card dept clearance, credit card loading, website hack, social media hack, and one of the most important is loading up an empty online bank account with huge funds according to the account's capacity, you will all find your deepest longings to be reviewed. It's always like a dream.
The job with the Globalhacks will be a sudden bursts of complete transformative joy and this is reality to your dreams.
For more solid info and help,
Contact:
Cryptobase.hack(at)protonmail(.)com
Globalhacktech(at)protonmail(.)com for proficient services.
AndrewHay©️LLC 2019