Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: pyrit passthrough help needed

  1. #1
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    10

    Default pyrit passthrough help needed

    Hi, spent most of the sunday working on this and im stuck, google wont help me, hoping someone here might have a clue.

    Running BT4 on a USBstick with no persistent changes, pyrit is 0.2.3 and cowpatty is BT4 original.
    I'm trying to run pyrit in passthrough but this is as far as i get...

    root@bt:/mnt/sdc1/wordlist# pyrit -e default -f /mnt/sdc1/wordlist/wpa1.txt passthrough | cowpatty -d - -r /mnt/sdc1/wpahs/default-01.cap -s default
    cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>

    Collected all necessary data to mount crack against WPA/PSK passphrase.
    Starting dictionary attack. Please be patient.
    Using STDIN for hashfile contents.
    key no. 1000: 15NORAINI
    key no. 2000: 1SCHIELDT
    key no. 3000: 0wireman
    key no. 4000: 0shallot
    key no. 5000: 1ROTTLER
    key no. 6000: 1ROHAYATI
    key no. 7000: 1SAELENS
    key no. 8000: 0martial
    key no. 9000: 1LIANDRAT
    key no. 10000: 0abreact
    key no. 11000: 1HOUCHIN
    key no. 12000: 1deflate
    key no. 13000: 1BROCKETT
    key no. 14000: 1ESSLINGER
    key no. 15000: 0bandage
    key no. 16000: 1MLADEJOVSKY
    key no. 17000: 0bumming
    key no. 18000: 1aqueous
    key no. 19000: 1MURAOKA
    key no. 20000: 1HEITMAN
    key no. 21000: 1SINISCALCHI
    key no. 22000: 2HIRAYAMA
    *** buffer overflow detected ***: cowpatty terminated
    ======= Backtrace: =========
    /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7ec6548]
    /lib/tls/i686/cmov/libc.so.6[0xb7ec4670]
    /lib/tls/i686/cmov/libc.so.6(__fread_chk+0x143)[0xb7ec4f63]
    cowpatty[0x804942f]
    cowpatty[0x804abda]
    cowpatty[0x804b15f]
    /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7de2685]
    cowpatty[0x8049091]
    ======= Memory map: ========
    08048000-0804f000 r-xp 00000000 00:0d 15293 /usr/local/bin/cowpatty
    0804f000-08050000 r--p 00006000 00:0d 15293 /usr/local/bin/cowpatty
    08050000-08051000 rw-p 00007000 00:0d 15293 /usr/local/bin/cowpatty
    08051000-08079000 rw-p 08051000 00:00 0 [heap]
    b7d93000-b7da0000 r-xp 00000000 00:0d 830 /lib/libgcc_s.so.1
    b7da0000-b7da1000 r--p 0000c000 00:0d 830 /lib/libgcc_s.so.1
    b7da1000-b7da2000 rw-p 0000d000 00:0d 830 /lib/libgcc_s.so.1
    b7db1000-b7db2000 rw-p b7db1000 00:00 0
    b7db2000-b7dc6000 r-xp 00000000 00:0d 8241 /usr/lib/libz.so.1.2.3.3
    b7dc6000-b7dc8000 rw-p 00013000 00:0d 8241 /usr/lib/libz.so.1.2.3.3
    b7dc8000-b7dca000 r-xp 00000000 00:0d 259 /lib/tls/i686/cmov/libdl-2.8.90.so
    b7dca000-b7dcb000 r--p 00001000 00:0d 259 /lib/tls/i686/cmov/libdl-2.8.90.so
    b7dcb000-b7dcc000 rw-p 00002000 00:0d 259 /lib/tls/i686/cmov/libdl-2.8.90.so
    b7dcc000-b7f24000 r-xp 00000000 00:0d 172 /lib/tls/i686/cmov/libc-2.8.90.so
    b7f24000-b7f26000 r--p 00158000 00:0d 172 /lib/tls/i686/cmov/libc-2.8.90.so
    b7f26000-b7f27000 rw-p 0015a000 00:0d 172 /lib/tls/i686/cmov/libc-2.8.90.so
    b7f27000-b7f2a000 rw-p b7f27000 00:00 0
    b7f2a000-b805c000 r-xp 00000000 00:0d 11624 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b805c000-b805d000 ---p 00132000 00:0d 11624 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b805d000-b8065000 r--p 00132000 00:0d 11624 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b8065000-b8072000 rw-p 0013a000 00:0d 11624 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b8072000-b8076000 rw-p b8072000 00:00 0
    b8076000-b809f000 r-xp 00000000 00:0d 11237 /usr/lib/libpcap.so.0.9.8
    b809f000-b80a0000 r--p 00028000 00:0d 11237 /usr/lib/libpcap.so.0.9.8
    b80a0000-b80a1000 rw-p 00029000 00:0d 11237 /usr/lib/libpcap.so.0.9.8
    b80ae000-b80b2000 rw-p b80ae000 00:00 0
    b80b2000-b80cc000 r-xp 00000000 00:0d 166 /lib/ld-2.8.90.so
    b80cc000-b80cd000 rw-p b80cc000 00:00 0
    b80cd000-b80ce000 r--p 0001a000 00:0d 166 /lib/ld-2.8.90.so
    b80ce000-b80cf000 rw-p 0001b000 00:0d 166 /lib/ld-2.8.90.so
    bfeba000-bfecf000 rw-p bffeb000 00:00 0 [stack]
    ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
    IOError while writing to stdout ignored...
    Aborted
    root@bt:/mnt/sdc1/wordlist#

    Any help is greatly appreciated.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Use the cowpatty in the /pentest/oc/cowpatty directory

  3. #3
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    10

    Default

    Quote Originally Posted by pureh@te View Post
    Use the cowpatty in the /pentest/oc/cowpatty directory
    Thx for reply.

    I have been using /pentest/password/open-ciphers/cowpatty-v4.3/cowpatty

    actually, i don't have a /pentest/oc/cowpatty directory. i have a /pentest/password/oc-v0.7/ but that only contains an aircrack folder.

    I poked around a bit and found /pentest/wireless/cowpatty folder so i tried with that cowpatty but it didnt even start. I patched it using the hashpatch and fixuppatch with command:

    patch -fp1 < filename.patch

    and that got me back to the original error.

    im doing something wrong but i can't see it, im no linux pro.

    ideas, anyone?

    thx

  4. #4
    Junior Member otkaz's Avatar
    Join Date
    Jan 2010
    Location
    Houston, TX
    Posts
    38

    Default

    pyrit 0.2.3 requires cuda 2.2 according to pyrits website. Are you using the version from BT4, or did you update it? cuda 2.2 hasn't been publicly released yet, but I don't know if the developer beta is floating around out there or not.

  5. #5
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    10

    Default

    Quote Originally Posted by otkaz View Post
    pyrit 0.2.3 requires cuda 2.2 according to pyrits website. Are you using the version from BT4, or did you update it? cuda 2.2 hasn't been publicly released yet, but I don't know if the developer beta is floating around out there or not.
    ok, so I went pyrit 0.2.2 instead, and I tried to apply the hashfix patch to the cowpatty in the /pentest/password/open-ciphers/cowpatty-v4.3/cowpatty directory but it failed so im guessing its already patched?

    Next I changed my 37.1 MB wordlist to a 6.6 MB wordlist and what do you know, it worked.
    Then I tried with the 96 KB dict file in /pentest/password/open-ciphers/cowpatty-v4.3 directory and it worked. After this I tried the 8.1 MB wordlist in the same directory and the buffer overflow error appeared again.

    I have a core2duo 3 Ghz cpu and xfx geforce 8800 gtx, hardware problems?

  6. #6
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    1

    Default

    I had the same problem in the past, until I discovered it was one of the passwords in
    the dic file.
    once you find it, remove it from the file and you will be ok.

  7. #7
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    11

    Default

    I have the same buffer overflow fail in mine.

    What word do you mean we have too remove from our wordlists?

    Here is the command i did:
    pyrit -e KomCntr-Public -f /pentest/password/wordlists/wpa.txt passthrough | /pentest/wireless/cowpatty/cowpatty -d - -s KomCntr-Public -r /home/jacob/skane-01.cap

    cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>

    Collected all necessary data to mount crack against WPA/PSK passphrase.
    Starting dictionary attack. Please be patient.
    Using STDIN for hashfile contents.
    *** buffer overflow detected ***: /pentest/wireless/cowpatty/cowpatty terminated
    ======= Backtrace: =========
    /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7eea6d8]
    /lib/tls/i686/cmov/libc.so.6[0xb7ee8800]
    /lib/tls/i686/cmov/libc.so.6(__fread_chk+0x143)[0xb7ee90f3]
    /pentest/wireless/cowpatty/cowpatty[0x80490af]
    /pentest/wireless/cowpatty/cowpatty[0x804a52b]
    /pentest/wireless/cowpatty/cowpatty[0x804aa98]
    /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7e06685]
    /pentest/wireless/cowpatty/cowpatty[0x8048d11]
    ======= Memory map: ========
    08048000-0804d000 r-xp 00000000 08:07 1550120 /pentest/wireless/cowpatty/cowpatty
    0804d000-0804e000 r--p 00004000 08:07 1550120 /pentest/wireless/cowpatty/cowpatty
    0804e000-0804f000 rw-p 00005000 08:07 1550120 /pentest/wireless/cowpatty/cowpatty
    092f9000-0931a000 rw-p 092f9000 00:00 0 [heap]
    b7dd5000-b7dd6000 rw-p b7dd5000 00:00 0
    b7dd6000-b7dea000 r-xp 00000000 08:07 2200734 /usr/lib/libz.so.1.2.3.3
    b7dea000-b7dec000 rw-p 00013000 08:07 2200734 /usr/lib/libz.so.1.2.3.3
    b7dec000-b7dee000 r-xp 00000000 08:07 2917288 /lib/tls/i686/cmov/libdl-2.8.90.so
    b7dee000-b7def000 r--p 00001000 08:07 2917288 /lib/tls/i686/cmov/libdl-2.8.90.so
    b7def000-b7df0000 rw-p 00002000 08:07 2917288 /lib/tls/i686/cmov/libdl-2.8.90.so
    b7df0000-b7f48000 r-xp 00000000 08:07 2917282 /lib/tls/i686/cmov/libc-2.8.90.so
    b7f48000-b7f4a000 r--p 00158000 08:07 2917282 /lib/tls/i686/cmov/libc-2.8.90.so
    b7f4a000-b7f4b000 rw-p 0015a000 08:07 2917282 /lib/tls/i686/cmov/libc-2.8.90.so
    b7f4b000-b7f4e000 rw-p b7f4b000 00:00 0
    b7f4e000-b8081000 r-xp 00000000 08:07 2320740 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b8081000-b8089000 r--p 00132000 08:07 2320740 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b8089000-b8096000 rw-p 0013a000 08:07 2320740 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b8096000-b809a000 rw-p b8096000 00:00 0
    b809a000-b80c3000 r-xp 00000000 08:07 2200324 /usr/lib/libpcap.so.0.9.8
    b80c3000-b80c4000 r--p 00028000 08:07 2200324 /usr/lib/libpcap.so.0.9.8
    b80c4000-b80c5000 rw-p 00029000 08:07 2200324 /usr/lib/libpcap.so.0.9.8
    b80c6000-b80d3000 r-xp 00000000 08:07 2900030 /lib/libgcc_s.so.1
    b80d3000-b80d4000 r--p 0000c000 08:07 2900030 /lib/libgcc_s.so.1
    b80d4000-b80d5000 rw-p 0000d000 08:07 2900030 /lib/libgcc_s.so.1
    b80d5000-b80d9000 rw-p b80d5000 00:00 0
    b80d9000-b80f3000 r-xp 00000000 08:07 2899988 /lib/ld-2.8.90.so
    b80f3000-b80f4000 rw-p b80f3000 00:00 0
    b80f4000-b80f5000 r--p 0001a000 08:07 2899988 /lib/ld-2.8.90.so
    b80f5000-b80f6000 rw-p 0001b000 08:07 2899988 /lib/ld-2.8.90.so
    bfee0000-bfef5000 rw-p bffeb000 00:00 0 [stack]
    ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
    IOError while writing to stdout ignored...
    Aborted
    root@lappy:~

  8. #8
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    7

    Default progress

    I think it's because your computer "can't hang"... or in direct speech, it ran out of RAM / swap space and died.

    try these steps to let your hard drive do the work. It's going to take longer because you can't pipe pre-computed hash table output from pyrit to cowpatty on the fly, but it's better than no progress at all Alternatively you could just get a better computer with more RAM and a better video card I'm working off a T61 with 4GB of RAM, albeit the installation partition is tiny, so that might add to the problem I'm experiencing... haven't tested with more swap space...

    anyway, I've by-passed the "passthrough" option in pyrit 2.3-dev to achieve the aforementioned. I take no credit for such creativity as it's posted directly on pyrit.googlecode.com's FirstSteps section (can't post direct URL because I'm "too new" and need 14 more posts)

    Create some ESSID using 'pyrit.py -e FOOBAR create_essid'
    Import some list of passwords using 'pyrit.py -f foobar.txt import_passwords'
    Start batchprocessing using 'pyrit.py batchprocess'
    Export to cowpatty with 'pyrit.py -e FOOBAR -f output.cow export_cowpatty'
    *omitting airolib-ng line as I believe cowpatty should be able to do the job once it has the .cow file. After I have the .cow file, I will run it through cowpatty. That's my theory/gameplan, anyway. If I am off base, I welcome helpfule comments, please.

    My mobile Nvidia 140 card has basically helped me get to a point where by tomorrow morning (if the process doesn't choke), I should get my .cow file. I have 573663 PMKs in 994 secs as it stands.

    Should I have success (or output worth posting) I will update accordingly.

    -ajonez

  9. #9
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    7

    Default update

    ok, I have to run to work so this is going to be a quick post...

    As of today 7/22/09, the buffer overflow issue seems to be related to cowpatty 4.5 which is the latest build in backtrack's repo according to apt-get update. I found out that in fact the latest release is 4.6 of cowpatty on willhackforsushi.com, which apparently fixes the buffer overflow issue found in 4.5.

    Posted a new version of coWPAtty (4.6) with the following changes:

    Fixed buffer overflow on modern OpenSSL systems when caching hashed hmac-sha1 ipad and opad values (just stupidity on my part, not an exploitable vulnerability);
    Corrected compile warnings with modern gcc.
    Special thanks to Kevin Kestinggolrer, Philipp Schroedel, Max Moser, Nathan Grennan, Jason Franks and Michal Knobel for their help and support.
    If I can request of the backtrack folks to update cowpatty from 4.5 to 4.6, I'm sure that would be most helpful.

    I have yet to really test 4.6 because apparently my wpa 4 way handshake wasn't fully captured when I tried to run the pyrit-generated hash table.

    More to come soon...

    EDIT 7/26/09: the version of cowpatty that comes by default in backtrack (at least at the time of posting is 4.3). This doesn't play nice with the default version of openssl that is on the machine upon install (again, as of today's date). Download and compile 4.6 to fix the aforementioned cowpatty issue. Oh, and you want to use 4.6 NOT 4.5. I say this because google turns up 4.5 first, and it looks like it's the latest, and it is not. Do not use it, it will break. Use 4.6.

  10. #10
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    7

    Default update

    Just spoke to balding_parrot in IRC, and he is going to adjust the repository settings so the latest cowpatty is downloaded. It appears that typo is preventing the latest cowpatty from being updated with apt-get.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •