coWPAtty用法

1、防范Cowpatty for Windows的主要： "coWPAtty is designed to audit the pre-shared key (PSK) selection for WPA networks based on the TKIP protocol." - Joshua Wright. “防范Cowpatty设计审核预共享密钥（PSK）网络选择WPA协议基于TKIP的。” -约书亚赖特。 Project Homepage: Local Mirror: Cowpatty-4.0-win32.zip MD5: aa9ead2aacfcc493da3684

2、351425d4c6本地镜像： 防范Cowpatty - 4.0 - win32.zip 的MD5：aa9ead2aacfcc493da3684351425d4c6 coWPAtty Dictionary Attack 防范Cowpatty字典攻击 Precomputing WPA PMK to crack WPA PSK 预计算的WPA破解的WPA的PSK胡椒基甲基酮 coWPAtty Precomputed WPA Attack 防范Cowpatty预计算WPA的攻击 coWPAtty Recomputed WPA2 Attack 防范Cowpatty重新计算WPA2的攻击 coWPAtt

3、y Tables 防范Cowpatty表 c oWPAtty Usage: ç oWPAtty用法： coWPAtty Dictionary Attack: 防范Cowpatty字典攻击： To perform the coWPAtty dictionary attack we need to supply the tool with a capture file that includes the TKIP four-way handshake, a dictionary file of passphrases to guess with and the SSID for the

4、network.要执行防范Cowpatty字典攻击，我们需要提供网络的工具捕获文件，其中包括TKIP的四向握手字典文件，一个口令猜测与和的SSID。 In order to collect the four-way handshake you can either wait until a client joins the network or preferably you can force it to rejoin the network using tools like void11 or aireplay and capture the handshakes using somethi

5、ng like kismet, ethereal or airodump.为了收集的4次握手你可以等待，直到客户端加入网络或最好你能迫使它重新加入网络使用aireplay void11或工具，如握手，并捕获使用克斯梅特是像这样的空灵或airodump中。 cowpatty -f dict -r wpapsk-linksys.dump  -s linksys 防范Cowpatty - F座的dict - R的wpapsk - linksys.dump - S的Linksys公司 As you can see this simple dictionary attack took

6、 51 seconds, we can speed up this process by precomputing the WPA-PMK to crack the WPA-PSK (see below).正如你可以看到这个简单的字典攻击了51秒，我们可以加快这一进程，预计算的PSK的WPA -胡椒基甲基酮破解WPA的（见下文）。 wpapsk-linksys.dump is the capture containing the four-way handshake wpapsk - linksys.dump是捕获包含4路握手 dict is the password file dict的是密

7、码文件 linksys is the network SSID Linksys公司是网络的SSID Precomputing WPA PMK to crack WPA PSK: 预计算的WPA破解的WPA的PSK胡椒基甲基酮： genpmk is used to precompute the hash files in a similar way to Rainbow tables is used to pre-hash passwords in Windows LANMan attacks.  There is a slight difference however in WPA

8、in that the SSID of the network is used as well as the WPA-PSK to "salt" the hash.  This means that we need a different set of hashes for each and every unique SSID ie a set for "linksys" a set for "tsunami" etc. genpmk用于预先计算哈希表文件以类似的方式，以彩虹是用来在Windows兰曼袭击前的哈希密码。有一个

9、略有不同的WPA但是在该网络的SSID的使用以及WPA的云芝多糖为“盐”的哈希。这意味着，我们需要“等”海啸一套不同的哈希每一个独特的SSID即设置“为”Linksys的一集 So to generate some hash files for a network using the SSID cuckoo we use:因此，要产生一些哈希文件1使用网络使用的SSID杜鹃，我们： genpmk  -f dict  -d linksys.hashfile  -s linksys genpmk - F座dict的三维linksys.hashfile - S

10、的Linksys公司 dict is the password file dict的是密码文件 linksys.hashfile is our output file linksys.hashfile是我们的输出文件 linksys is the network ESSID Linksys公司是网络的ESSID coWPAtty Precomputed WPA Attack: 防范Cowpatty预计算WPA的攻击： Now we have created our hash file we can use it against any WPA-PSK network that is utili

11、sing a network SSID of cuckoo.  Remember the capture (wpa-test-01.cap) must contain the four-way handshake to be successful.现在，我们已经创造了哈希文件，我们可以使用它杜鹃对任何WPA - PSK和网络，这是一个利用网络的SSID。记住捕获（WPA的试验01.cap）必须包含4次握手是成功的。 cowpatty  -d linksys.hashfile -r wpapsk-linksys.dump  -s linksys 防范Cowpatty

12、三维linksys.hashfile - R的wpapsk - linksys.dump - S的Linksys公司 wpa-test-01.cap is the capture containing the four-way handshake WPA的试验01.cap是捕获包含4路握手 linksys.hashfile are our precomputed hashes linksys.hashfile是我们预先计算哈希 linksys is the network ESSID Linksys公司是网络的ESSID Notice that cracking the WPA-PSK too

13、k 0.04 seconds with the pre-computed attacked as opposed to 200 seconds with standard dictionary attack mode, albeit you do need to pre-compute the hash files prior to the attack.  However, precomputing large hash files for common SSIDS (eg linksys, tsunami) would be a sensible move for most pe

14、netration testers.请注意，破解WPA - PSK和采取0.04秒与预先计算的攻击，而不是字典攻击模式，以200秒的标准，尽管你需要预先计算哈希文件之前攻击。然而，预计算大文件哈希常见的SSID（例如Linksys公司，海啸）将是一个渗透测试的最明智的举措。 coWPAtty Precomputed WPA2 Attack: 防范Cowpatty预计算WPA2的攻击： coWPAtty 4.0 is also capable of attacking WPA2 captures.  Note: The same hash file as was used with t

15、he WPA capture was also used with the WPA2 capture.防范Cowpatty 4.0也能够捕获攻击的WPA2。注：同哈希文件作为被捕捉用于捕获的WPA也使用与WPA2。 cowpatty  -d linksys.hashfile -r wpa2psk-linksys.dump  -s linksys 防范Cowpatty三维linksys.hashfile - R的wpa2psk - linksys.dump - S的Linksys公司 wpa2psk-linksys.dump is the capture containing

16、 the four-way handshake wpa2psk - linksys.dump是捕获包含4路握手 dict is the password file dict的是密码文件 linksys is the network SSID Linksys公司是网络的SSID coWPAtty Tables: 防范Cowpatty表： The Church of Wifi have produced some lookup tables for 1000 SSID's computed against a 170,000 word password file .  The resultant table are approximately 7 Gigabytes in size and