Cowpatty: disgusting name, serious network tool. Authored by Joshua Wright, Cowpatty provides hackers, attackers, and network administrators with a way to implement.

1. How To Install Cowpatty In Linux Terminal

As part of my series on hacking Wi-Fi, I want to demonstrate another excellent piece of hacking software for cracking WPA2-PSK passwords, coWPAtty. In this tutorial, we’ll use the piece of software developed by wireless security researcher Joshua Wright (often stylized as coWPAtty). This app simplifies and speeds up the dictionary/hybrid attack against WPA2 passwords. It is easier than you think, so let’s get to it! Step 1: Find the Cowpatty Cowpatty is one of the hundreds of pieces of software that are included in the BackTrack and Kali OS’s.

If you are using a different Distro, you can download and install. For this demo, I will be using BackTrack. For some reason in BackTrack, it was not placed in the /pentest/wireless directory, but instead was left in the /usr/local/bin directory, so let’s navigate there. Cd /usr/local/bin Because cowpatty is in the /usr/local/bin directory and this directory should be in your PATH, we should be able to run it from any directory in BackTrack.

Step 2: Find the Cowpatty Help Screen To get a brief rundown of the cowpatty options, simply type: cowpatty BackTrack will provide you a brief help screen. Take a note that cowpatty requires all of the following:.

a word list. a file where the password hash has been captured. the SSID of the target AP Step 3: Find the AP Just as in cracking with aircrack-ng, we need to put the wireless adapter into monitor mode.

Airmon-ng start wlan0 Now, look at the available APs using the monitor interface and airodump: airodump-ng mon0 leave this screen by hitting CTRL+C Step 4: Start a Capture File Next, we need to start a capture file where the hashed password will be stored when we capture the 4-way handshake. Airodump-ng –bssid 00:25:9C:97:4F:48 -c 9 -w cowcrack mon0 This will start a dump on the selected AP (00:25:9C:97:4F:48), on the selected channel (-c 9) and save the the hash in a file named cowcrack. Step 5: Capture the Handshake Now when someone connects to the AP, we’ll capture the hash and airdump-ng will show us it has been captured in the upper right-hand corner.

Some people just wait for a computer to connect. Other people send DEAUTH packets to kick them off the wifi, and then they automatically connect again, at which time you will capture the handshake.

I may cover this tomorrow or the next day. Step 6: Run the Cowpatty Now that we have the hash of the password, we can use it with cowpatty and our wordlist to crack the hash. Cowpatty -f /pentest/passwords/wordlists/darkc0de.lst -r /root/cowcrack-01.cap -s Mandela2 As you can see in the screenshot above, cowpatty is generating a hash of every word on our wordlist with the SSID as a seed and comparing it to the captured hash. When the hashes match, it dsplays the password of the AP. Step 7: Make Your Own Hash Although running cowpatty can be rather simple, it can also be very slow. The password hash is hashed with SHA1 with a seed of the SSID. This means that the same password on different SSIDs will generate different hashes.

This prevents us from simply using a rainbow table against all APs. Cowpatty must take the password list you provide and compute the hash with the SSID for each word. This is very CPU intensive and slow.

How To Install Cowpatty In Linux Terminal

Cowpatty now supports using a pre-computed hash file rather than a plain-text word file, making the cracking of the WPA2-PSK password 1000x faster! Pre-computed hash files are available from the Church of WiFi , and these pre-computed hash files are generated using 172,000 dictionary file and the 1,000 most popular SSIDs. As useful as this is, if your SSID is not in that 1,000, the hash list really doesn’t help us. Plus rainbow tables are Gargantuan to download! In that case, we need to generate our own hashes for our target SSID. We can do this by using an application called genpmk. We can generate our hash file for the “darkcode” wordlist for the SSID “Mandela2” by typing: genpmk -f /pentest/passwords/wordlists/darkc0de.lst -d hashes -s Mandela2 Step 8: Using Our Hash Once we have generated our hashes for the particular SSIDs, we can then crack the password with cowpatty by typing: cowpatty -d hashfile -r dumpfile -s ssid Stay Tuned for More Wireless Hacking Guides Keep coming back for more on Wi-Fi hacking and other hacking techniques!

Cowpatty is a great tool for cracking WPA/WPA2 keys via either a dictionary attack or via rainbow tables. All it needs to see it a client connect to the network (this is called a 'handshake'). However cowpatty isn't perfect and has a problem with reading handshakes incorrectly.

After looking into this I found a way to install it with the patch on my Ubuntu box. First we need to download the required files. If you already have them you can skip them.

Sudo apt-get install build-essential sudo apt-get install libssl-dev sudo apt-get install libpcap0.8-dev sudo apt-get install libdigest-hmac-perl Next Download cowpatty 4.6 wget md5sum cowpatty-4.6.tgz you should get b90fd36ad987c99e7cc1d2a05a565cbd as the MD5 sum. If so, extract and move into the directory using the following tar -xvf cowpatty-4.6.tgz cd cowpatty-4.6 Next we need to download the patch and patch the source code. Wget patch /dev/null cd cowpatty-4.6 /dev/null echo -e ' n e1;34m. Downloading Cowpatty Patch e0m' wget echo -e ' n e1;34m. Patching Cowpatty code' patch /dev/null rm -r -f cowpatty-4.6 /dev/null echo -e ' n e1;34m.

Removing cowpatty-4.6.tgz e0m' rm cowpatty-4.6.tgz /dev/null echo -e ' n e1;34m. testing to see if cowpatty works e0m' cowpatty echo -e ' n e1;34m. Done! E0m' Links: - Get coWPAtty here - Patch to fix several issues with cowpatty - A place to get 33GB of Rainbow tables for free download.