Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.
Together with coWPAtty comes genpmk tool, which can make a preliminary calculation of the PMK file. Nevertheless, the process of rendering the necessary data can be significantly speeded up by using a properly configured Pyrit or Hashcat, which can use the power of the graphics processor for calculations.
Author: Joshua Wright
-f Dictionary file -d Hash file (genpmk) -r Packet capture file -s Network SSID (enclose in quotes if SSID includes spaces) -c Check for valid 4-way frames, does not crack -h Print this help information and exit -v Print verbose information (more -v for more verbosity) -V Print program version and exit
-f Dictionary file -d Output hash file -s Network SSID -h Print this help information and exit -v Print verbose information (more -v for more verbosity) -V Print program version and exit
After precomputing the hash file, run cowpatty with the -d argument.
genpmk Usage Example
Use the provided dictionary file (-f /usr/share/wordlists/nmap.lst) to generate a hashfile, saving it to a file (-d cowpatty_dict) for the given ESSID (-s securenet):
genpmk -f /usr/share/wordlists/nmap.lst -d cowpatty_dict -s securenet genpmk 1.1 - WPA-PSK precomputation attack. <email@example.com> File cowpatty_dict does not exist, creating. key no. 1000: pinkgirl 1641 passphrases tested in 4.09 seconds: 401.35 passphrases/second
coWPAtty Usage Example
Use the provided hashfile (-d cowpatty_dict), read the packet capture (-r Kismet-20140515-16-21-37-1.pcapdump), and crack the password for the given ESSID (-s 6F36E6):
cowpatty -d cowpatty_dict -r Kismet-20140515-16-21-37-1.pcapdump -s 6F36E6 cowpatty 4.6 - WPA-PSK dictionary attack. <firstname.lastname@example.org>
How to install coWPAtty
The program is pre-installed on Kali Linux.
The program is a command-line utility.