Results 1 to 3 of 3

Thread: Precomputed WPA Attack on hidden ssid AP

  1. #1
    Just burned his ISO
    Join Date
    May 2008
    Posts
    2

    Unhappy Precomputed WPA Attack on hidden ssid AP

    I have been trying to test the strength of our office wlan passphrase and I captured the handshake file & ran multiple dictionary attacks to rule out a weak password that can be found in a dictionary.
    I am now trying to run a precomputed WPA attack using cowpatty, I already got a hash file from shmoo group for the ssid but when I ran the command below:

    cowpatty -r capfile.cap -d hashfile.hash -s hidden_ssid_name
    .
    End of pcap capture file, incomplete TKIP four-way exchange. Try using a different capture.


    I know I captured the handshake from looking at airodump output and when i ran aircrack-ng against the capfile I get this result and I am able to run a dictionary attack against it:

    # BSSID ESSID Encryption
    1 00:11:22:xx:xx:xx WPA (1 Handshake)
    2 00:AA:BB:xx:xx:xx sum_other_ssid No Data - WEP or WAP


    Anyway, so I searched my cap files for another capture and when I ran cowpatty against it i get this:

    Collected all necessary...
    Starting dictionary attack...
    Invalid word length -33
    Found a record that was too short, this shouldn't happen in practice!
    Unable to identify the PSK from dictionary file. Try expanding your passphrase list, and double-check SSID. Sorry it didn't work out.

    0 passphrases tested in 0.00 seconds: 0.00 passphrases/second


    I'm thinking maybe its because the cap file does contain the handshake but does not have the associated ap ssid name because it was hidden despite having the bssid - and cowpatty does not provide an option to use the mac address in the -s option since the ssid is what was used to precompute the hash...
    so at this point I am looking for extra input as to why I may be getting this error and if anyone has been able to use this approach on a hidden ssid ap audit.

    Thanks for looking.

  2. #2
    Member M1ck3y's Avatar
    Join Date
    Jul 2008
    Location
    Lost in the darkness
    Posts
    72

    Default

    I had the same problem (but the ssid was broadcasted) trying to use Cowpatty against a WPA CCMP-cipher handshake. I think Cowpatty only works with WPA TKIP handshakes...

    Try using Airolib-ng instead of Cowpatty, I hope this will help.
    --~ Internet is in the air we are breathing, so it should be free for everyone. We'll get there, just wait and see... ~--

  3. #3
    Junior Member
    Join Date
    Nov 2008
    Posts
    27

    Default

    yes you're right cowpatty as far as I know and have tried only works with wpa-tkip for anything else you're gonna have to run airolib-ng and than run that through aircrack

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •