So far, I've conquered WEP, and started to move to WPA-PSK (TKIP)
After getting my PCAP and verifying it has a 4 way handshake (Wireshark, filter EAPOL), I ran the following:
cowpatty -s 2WIRE529 -d /mnt/sda2/patty/c* -r 529
note that the hashes are named c1, c2, etc and are in the above specified location (a windows HDD)
cowpatty 3.0 - WPA-PSK...
Collected all necessary data...
Starting dictionary attack...
Invalid word length: -33
Found a record that was too short, this shouldn't happen in practice!
Unable to identify the PSK from the dictionary file. Try expanding your passphrase list, and double-check the SSID. Sorry it didn't work out.
335676973 passphrases tested in 0.00 seconds: 100672123545123.44 passprhrases/second
Note: I am suspecting that the hash I got from shmoo is not the right one... and maybe I should get the one from renderlab (which I'm downloading right now). let me know if that's where I went wrong.
When I ran the above code, I sometimes got an invalid word length on lines 160, 85, etc (when I specified the exact file, such as -r c2)
I downloaded the 1.2 gb hash file/torrent from Shmoo (hxxp://rainbowtables.shmoo.com/), named alpha_num, and then unzipped it with 7 zip (in windows).
And yes, the SSID (2WIRE529) is one of the top 1000 commonly used ESSID.
There are .md5 for every file (5 separate ~200mb files) I did not run a md5 hash on the files (which were compresssed as .lzma, and decompressed to .rt, but renamed to be just c1, c2, etc) [I'm suggesting that they may have been corrupted] Example:
Any suggestion, or clue about the Invalid word length: -33 ?
Or workarounds? Or should I try and uncompress it again?
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
use airolib-ng instead