Results 1 to 2 of 2

Thread: WPA:Cowpatty Buffer overflow on CoWF lookup table after key 30k

  1. #1
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    1

    Question WPA:Cowpatty Buffer overflow on CoWF lookup table after key 30k

    Hello everybody, I've lurked the site for a while since I've been able to solve most issues up to this point by searching.

    I'm running tests on my WAP network using BackTrack4 on VMWare. The wireless interface is a belking usb adapter (rt73 driver) and I've successfully been able to capture a four-way handshake but I've run into a issue using the Church of WiFi's lookup table for my SSID (2wire735)

    root@bt:/pentest/wireless/cowpatty# ./cowpatty -s 2WIRE735 -d 2wire735 -r 2WIRE735-01.cap
    cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>

    Collected all necessary data to mount crack against WPA/PSK passphrase.
    Starting dictionary attack. Please be patient.
    key no. 10000: 1Seaport
    key no. 20000: 53dog162
    key no. 30000: CHARLESW
    *** buffer overflow detected ***: ./cowpatty terminated
    ======= Backtrace: =========
    /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7d276d8]
    /lib/tls/i686/cmov/libc.so.6[0xb7d25800]
    /lib/tls/i686/cmov/libc.so.6(__fread_chk+0x143)[0xb7d260f3]
    ./cowpatty[0x80490af]
    ./cowpatty[0x804a52b]
    ./cowpatty[0x804aa98]
    /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7c43685]
    ./cowpatty[0x8048d11]
    ======= Memory map: ========
    08048000-0804d000 r-xp 00000000 00:10 5828 /pentest/wireless/cowpatty/cowpatty
    0804d000-0804e000 r--p 00004000 00:10 5828 /pentest/wireless/cowpatty/cowpatty
    0804e000-0804f000 rw-p 00005000 00:10 5828 /pentest/wireless/cowpatty/cowpatty
    084ab000-084cc000 rw-p 084ab000 00:00 0 [heap]
    b7c12000-b7c13000 rw-p b7c12000 00:00 0
    b7c13000-b7c27000 r-xp 00000000 00:10 521 /usr/lib/libz.so.1.2.3.3
    b7c27000-b7c29000 rw-p 00013000 00:10 521 /usr/lib/libz.so.1.2.3.3
    b7c29000-b7c2b000 r-xp 00000000 00:10 33 /lib/tls/i686/cmov/libdl-2.8.90.so
    b7c2b000-b7c2c000 r--p 00001000 00:10 33 /lib/tls/i686/cmov/libdl-2.8.90.so
    b7c2c000-b7c2d000 rw-p 00002000 00:10 33 /lib/tls/i686/cmov/libdl-2.8.90.so
    b7c2d000-b7d85000 r-xp 00000000 00:10 39 /lib/tls/i686/cmov/libc-2.8.90.so
    b7d85000-b7d87000 r--p 00158000 00:10 39 /lib/tls/i686/cmov/libc-2.8.90.so
    b7d87000-b7d88000 rw-p 0015a000 00:10 39 /lib/tls/i686/cmov/libc-2.8.90.so
    b7d88000-b7d8b000 rw-p b7d88000 00:00 0
    b7d8b000-b7ebe000 r-xp 00000000 00:10 1846 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b7ebe000-b7ec6000 r--p 00132000 00:10 1846 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b7ec6000-b7ed3000 rw-p 0013a000 00:10 1846 /usr/lib/i686/cmov/libcrypto.so.0.9.8
    b7ed3000-b7ed7000 rw-p b7ed3000 00:00 0
    b7ed7000-b7f00000 r-xp 00000000 00:10 5937 /usr/lib/libpcap.so.0.9.8
    b7f00000-b7f01000 r--p 00028000 00:10 5937 /usr/lib/libpcap.so.0.9.8
    b7f01000-b7f02000 rw-p 00029000 00:10 5937 /usr/lib/libpcap.so.0.9.8
    b7f02000-b7f0f000 r-xp 00000000 00:10 1097 /lib/libgcc_s.so.1
    b7f0f000-b7f10000 r--p 0000c000 00:10 1097 /lib/libgcc_s.so.1
    b7f10000-b7f11000 rw-p 0000d000 00:10 1097 /lib/libgcc_s.so.1
    b7f11000-b7f15000 rw-p b7f11000 00:00 0
    b7f15000-b7f2f000 r-xp 00000000 00:10 27 /lib/ld-2.8.90.so
    b7f2f000-b7f30000 rw-p b7f2f000 00:00 0
    b7f30000-b7f31000 r--p 0001a000 00:10 27 /lib/ld-2.8.90.so
    b7f31000-b7f32000 rw-p 0001b000 00:10 27 /lib/ld-2.8.90.so
    bff1c000-bff31000 rw-p bffeb000 00:00 0 [stack]
    ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
    Aborted
    from the output it appears cowpatty successfully begins trying entries in the lookup table but then encounters something after "Key no. 30000:" that triggers the buffer overflow exception. Would anybody be able to help me troubleshoot this issue?

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    You have not searched because I have answered this question at least 5 times.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •