|
|||||||
| Tutorials & Guides Contributions welcome! Please check the rules & guidelines for posting |
 |
|
|
LinkBack | Thread Tools | Display Modes |
07-21-2007, 05:24 AM
|
|||
|
|||
Airolib-ng and cowpatty
it's not really a tut but some hints for help those who wants to speed up things when attacking wpa
I assume you have a wpa handshake capture in cap format(airodump+deauth) we are working on a network with essid test i assume you already get airolib-ng(1.0 dev) and have initiated a database give it a large password file(mine is 172000+ passwd) and have precomputed it if you have add some essid the trick is to add essid in db, precompute key with airolib-ng and to export pmk for this essid airolib-ng DB2 stats(where DB2 is my database) statsThere are 2 ESSIDs and 172747 passwords in the database. 345494 out of 345494 possible combinations have been computed (100%). ESSID Priority Done Livebox-a5a3 64 100.0 test 64 100.0 hopefully i already get "test" as essid in my db, if not i add it to db and recompute table 172000 password=172000 pmk to generate for an essid (aprox 30 min) i now export it in cowpatty(genpmk) format (where DB2 is database, "test" the essid to export, testpmk the pmk output file) airolib-ng DB2 export cowpatty "test" testpmk exportExporting... Done. now we test the pmk against essid testpmk is the exported file from airolib-ng, "test" the essid, -v verbose -r ...wpa.cap the handshake capture cowpatty -d testpmk -s "test" -v -r /pentest/wireless/aircrack-ng/test/wpa.cap cowpatty 4.0 - WPA-PSK dictionary attack. <jwright@hasborg.com> Collected all necessary data to mount crack against WPA/PSK passphrase. Starting dictionary attack. Please be patient. key no. 10000: arrojadite key no. 20000: calligraphical key no. 30000: contestation key no. 40000: dislocatory key no. 50000: femineity key no. 60000: hemadromometer key no. 70000: interlimitation key no. 80000: marquisotte key no. 90000: nonannulment key no. 100000: pancreatotomy key no. 110000: pontificality key no. 120000: raspingly key no. 130000: semiflashproof key no. 140000: subdecuple key no. 150000: trancedly key no. 160000: unimportance key no. 170000: weightlessness The PSK is "biscotte". 172747 passphrases tested in 2.71 seconds: 63642.26 passphrases/second yep you've done it.... i like the conjonction of cowpatty+sql database of precomputed keys....really nice.....just need time(less and less....) and a HUGE password file.... just a little exemple of what can be done with this nice tools..... 
__________________
|
|
07-27-2007, 07:32 PM
|
||||
|
||||
|
You must have a fast processor Shaman...cause I got almost 500,000 passwords and this is my output after 18 minutes!!!>>>
{-=Xploitz=-} ~ # airolib-ng testdb batch Computed 50000 PMK in 1067 seconds (46 PMK/s, 200000 in buffer). And in another tab..... {-=Xploitz=-} ~ # airolib-ng testdb stats statsThere are 1 ESSIDs and 472992 passwords in the database. 50000 out of 472992 possible combinations have been computed (10.571%). ESSID Priority Done Xploitz Network 64 10.57 only 10%!!!!
__________________
--=Xploitz=-- ®
|
|
07-27-2007, 08:53 PM
|
|||
|
|||
|
well you do need to precompute the all table
when you precompute it you can win 3x times on verifying pmk.... but you need to have your table precompute...... don't you remember prez thread on time memory.... it was with a tl50 core2duo....(not a fast one....) 2 go of ram(maybe that helps)
__________________
|
|
07-27-2007, 09:16 PM
|
||||
|
||||
|
Yea..Im having some MAJOR issues with that thread, balding_parrot, and Funnyman as well. Take a look...we need major help with cowpatty.
Code:
http://forums.remote-exploit.org/showthread.php?p=36325#post36325
__________________
--=Xploitz=-- ®
|
|
07-28-2007, 12:40 AM
|
||||
|
||||
|
So many problems with this as well...geesh. What steps did you take to make the databases? Cause I went to the aircrack-ng main site..and TRIED to follow their tutorial..but after I run the
airolib-ng testdb batch Computed 4292 PMK in 102 seconds (42 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes... I ^C to exit..and try your airolib-ng testdb stats statsThere are 2 ESSIDs and 2146 passwords in the database. 4292 out of 4292 possible combinations have been computed (100%). ESSID Priority Done 64 100.0 Xploitz 64 100.0 Cool so far right?? Now I do your airolib-ng testdb export cowpatty "Xploitz" testpmk exportThere is no such ESSID in the database or there are no PMKs for it. What gives???
__________________
--=Xploitz=-- ®
|
|
07-28-2007, 12:48 AM
|
||||
|
||||
|
Heres a complete list of EVERYTHING I did in order.....
{-=Xploitz=-} ~ # airolib-ng testdb init Now I make a ssidlist.txt and put ONLY Xploitz inside it and save {-=Xploitz=-} ~ # airolib-ng testdb import ascii essid ssidlist.txt importReading... Writing... Done. {-=Xploitz=-} ~ # airolib-ng testdb import ascii passwd algae.txt importReading... Writing... read, 411 invalid lines ignored. Done. {-=Xploitz=-} ~ # airolib-ng testdb batch Computed 4292 PMK in 75 seconds (57 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes... {-=Xploitz=-} ~ # airolib-ng testdb stats statsThere are 2 ESSIDs and 2146 passwords in the database. 4292 out of 4292 possible combinations have been computed (100%). Where in the hell is this 2nd essid?? I only have 1 in it, and its called Xploitz ESSID Priority Done 64 100.0 Xploitz 64 100.0 {-=Xploitz=-} ~ # airolib-ng testdb export cowpatty "Xploitz" testpmk exportThere is no such ESSID in the database or there are no PMKs for it. So I tried it without the quotes...... {-=Xploitz=-} ~ # airolib-ng testdb export cowpatty Xploitz testpmk exportThere is no such ESSID in the database or there are no PMKs for it. {-=Xploitz=-} ~ # WHAT GIVES???? 
__________________
--=Xploitz=-- ®
Last edited by -=Xploitz=-; 07-28-2007 at 12:56 AM.
|
|
07-28-2007, 12:56 AM
|
||||
|
||||
|
I don't know about you, but it seems to me like there is some step missing, something that is assumed that we have previously done before even getting to these steps.
I just cannot find what it is YET
__________________
Any questions you have will get a good answer as long as you have followed the forum rules and show you have tried to help yourself. Your questions are clear and contain as much relevant info as possible, especially error messages, commands you have tried and the output from those commands.
remember: garbage in = garbage out BackTrack needs your donations, no matter how small. Please contribute HERE
|
|
07-28-2007, 01:02 AM
|
||||
|
||||
|
Quote:
__________________
--=Xploitz=-- ®
|
|
07-28-2007, 01:11 AM
|
||||
|
||||
|
Quote:
Not sure about it saving time..... It is certainly using up enough..... Just think when we do get it working, with the amount of time we have spent on it, it's going to tell us the key before we even ask for it 
__________________
Any questions you have will get a good answer as long as you have followed the forum rules and show you have tried to help yourself. Your questions are clear and contain as much relevant info as possible, especially error messages, commands you have tried and the output from those commands.
remember: garbage in = garbage out BackTrack needs your donations, no matter how small. Please contribute HERE
|
|
07-30-2007, 07:05 PM
|
||||
|
||||
|
C'mon Shaman...what are all the steps you took from begenning to end? This damn airolib is driving me crazy!! I asked on the aircrack forums..and darkAudix said he was doing EXACTLY the same thing as me with the same dev or aircrack..and he got it to work..but mine won't!! So my other question for you Niko is...
Could it be that balding_parrots sqlite module is at fault? Aircrack main site says You must be running version 3.3.17 or above ..and parrots is 3.4..please help us Shaman.
__________________
--=Xploitz=-- ®
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 12:27 AM.
