Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Cowpatty Output

  1. #1
    Junior Member
    Join Date
    Aug 2009
    Posts
    34

    Default Cowpatty Output

    ok, so i am using crunch to ultimately pipe 8 uppercase characters to cowpatty!

    this is a slow process, so i have decided to get cuda up and running with with pyrit, which is now working fine! My GPU is listed under the cores, and when benchmarking im just shy of 7000 PMKs/s total

    My problem is that the output to cowpatty looks strange. I am expecting something like this:

    Code:
    root@BT4:./crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ | cowpatty -f - -s ssid -r /path/to/cap/file.cap
    cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>
    
    Collected all necessary data to mount crack against WPA/PSK passphrase.
    Starting dictionary attack.  Please be patient.
    Using STDIN for words.
    key no. 1000: AAAAABML
    key no. 2000: AAAAACYX
    key no. 3000: AAAAAELJ
    However i am recieving outputs of:
    Code:
    ./crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ | pyrit -e ssid -f - passthrough | cowpatty -f - -s <essid> -r /path/to/cap/file.cap
    cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>
    
    Collected all necessary data to mount crack against WPA/PSK passphrase.
    Starting dictionary attack.  Please be patient.
    Using STDIN for words.
    The ESSID-blobspace seems to be empty; you should create an ESSID...
    
    key no. 1000: AARTP��!▒�ܒ�B�h▒  �.�U~�F���Z)AAAAAZDPd���X���B����vC
    key no. 2000: ��Řea��+���������b�΄�hu�)AAAAALCAo{�Ƚų����d~N��cy�A9
    I can obviously see a string of uppercase characters amongst the symbols...but is this OK? or is cowpatty processing the symbols as well?

    Also what is an empty ESSID-blobspace?

    Thanks

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    The essid blob space is what pyrit uses to store the essid. if you are using passthrough mode you do not use that function. If you try batch proccess mode you no longer will see that error message.

    On the cowpatty subject, check your list. make sure you dont have weird chars, ^M at the end of lines from windows or other stuff like that.

  3. #3
    Junior Member
    Join Date
    Aug 2009
    Posts
    34

    Default

    Thanks... I am not using a pass list though, as the output from crunch is being piped through to cowpatty!

    I have read that pyrit can now also handle hash's itself as of 2.4 so will grab the latest trunk r158, and the latest scapy ... see how it goes with just crunch and pyrit!

    Would be nice to eliminate the need for crunch - I would like to use crunch or any other program to gen password files in the following manner: I want to create 8 character uppercase lists, but as they are large, i want to break them down into various files... 26 to be exact, so one list for Axxxxxxx another for Bxxxxxxx etc!

    I have looked everywhere with no luck, and most password gens just output massive files!

  4. #4
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    Would be nice to eliminate the need for crunch - I would like to use crunch or any other program to gen password files in the following manner: I want to create 8 character uppercase lists, but as they are large, i want to break them down into various files... 26 to be exact, so one list for Axxxxxxx another for Bxxxxxxx etc!
    crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWYXZ | split -n 900000000
    output should be xaa,9.8 gig xab,9.8 ... out of 208billion passwords / 26
    maybe around 70gig and a year to generate

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    You can also set static chars in crunch. read the instructions. Its like -t A@@@@@@@ or something like that.

  6. #6
    Junior Member
    Join Date
    Aug 2009
    Posts
    34

    Default

    Quote Originally Posted by pureh@te View Post
    On the cowpatty subject, check your list. make sure you dont have weird chars, ^M at the end of lines from windows or other stuff like that.
    The list is being generated by crunch in linux, and is piped directly -> pyrit -> cowpatty so there is no saved wordlist in use!

    As stated below, if i use crunch -> cowpaty the output is normal, but slow... however, at least i can see that it is running the attack against 8 uppercase chars.
    Code:
    key no. 1000: AAAAABML
    The faster way crunch -> pyrit -> cowpatty has the following output which makes me think cowpatty is processing garbage, although uppercase chars seem to be visible!
    Code:
    key no. 1000: AARTP��!▒�ܒ�B�h▒  �.�U~�F���Z)AAAAAZDPd���X���B����vC
    All i really want to know is will something like the above string of 'garbage' still be a valid passphrase in cowpatty? and will it eventually yield a result knowing that the passphrase is, lets say something like KYGVSTNB? or will it not find anything because it is processing ?!("£$"£_$ instead??

  7. #7
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    pureh@te already told you that crunch will generate a password based on some known character attacks, why don't you make it generate your password (make it skip a few characters so it has a lot to process) and see if it gets it.

    Seems like an easy solution to your problem, and bonus of bonuses it means you're learning things for yourself, the hallmark for any decent IT.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  8. #8
    Junior Member
    Join Date
    Aug 2009
    Posts
    34

    Default

    Not really the answer to the question i asked, but hey...! i do now however understand what purehate was getting at with a little assistance from you so thanks!

    I thought purehate was just going on about generating another passlist!

    Will post my findings...

  9. #9
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    Not really the answer to the question i asked, but hey...! i do now however understand what purehate was getting at with a little assistance from you so thanks!

    I thought purehate was just going on about generating another passlist!

    Will post my findings...
    pyrit might be designed to out the file as binary(wb) were as crunch is (wt), try passing pyrit thought something else.
    try crunch -->pyrit -print0 -->xargs -cowpatty
    or crunch -->pyrit-->sed-->cowpatty

    use sed to generate a \n after 8chars and pass that on

  10. #10
    Junior Member
    Join Date
    Aug 2009
    Posts
    34

    Default

    Well it seems the bollocks that was being processed by cowpatty is exactly that...! changed my WPA key on my test router to AAAAABCD and crunch->pyrit->cowpatty didn't work! crunch->cowpatty did!

    I have changed the passphrase back to 8 random digits to spice things up again! (starting with D though so it doesnt take too long )

    Quote Originally Posted by compaq View Post
    pyrit might be designed to out the file as binary(wb) were as crunch is (wt), try passing pyrit thought something else.
    try crunch -->pyrit -print0 -->xargs -cowpatty
    or crunch -->pyrit-->sed-->cowpatty

    use sed to generate a \n after 8chars and pass that on
    Any info anywhere on using sed? looked around but useful results were scarce!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •