Many tools exist in order to speed up the cracking process and in this lesson we are going to look at Cowpatty or “coWPAtty” created by a security researcher called Joshua Wright along with another tool called genpmk also created by Joshua.
First the Pre-Shared Key (PSK) or Pairwise Master Key (PMK)
This can be a very time consuming task calculating the Pre-Shared Key using the CPU, you can also use a GPU but for now we are working off the CPU on the Raspberry Pi. The Pre-Shared Key is derived from the WPA/WPA2 passhrase in this lesson “password12345” along with the SSID which is “test”. The combination of the passhprase and the SSID are passed through the “Password Based Key Derivation Function” or PBKDF which then outputs a 256 bit Pre-Shared key (PSK). After this the cracking involves using the 256 bit PSK with the four-way handshake and verifying it against the Message Integrity Code also known as the MIC or referred to as the “Michael” which is there to prevent against forgery attacks. These parameters vary in the handshake every time therefore this step cannot be precomputed.
The PBKDF is a SHA-1 based function documented under RFC 2898
DK = PBKDF2(HMAC-SHA-1, passphrase, SSID, 4096, 256)
DK is your derived key
PBKDF is your password based key derivation function
HMAC-SHA-1 is the default pseudorandom function
passphrase is you guessed it, your passphrase
SSID is of course your network Service Set Identifier or network name of the access point
4096 is the amount of times the combination is hashed, this can be over 4096 times
256 is the intended length of the derived final key which is 256
The four-way handshake
The four-way handshake is used in order to derive the Pairwise Transient Key (PTK), think of this as temporary encryption used to encrypt the data and confirm the identity of any wireless clients trying to connect to the access point. The handshake also contains the Group Temporal Key (GTK) which is used to decrypt multicast and broadcast traffic.
The PTK is generated by concatenating together the following attributes: PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address. This is then put through a pseudorandom function.
PTK is the Pairwise Transient Key which is 64 bytes
PMK is the Pairwise Master Key aka the Pre-Shared key or PSK
1 – AP nonce (ANonce) is an arbitrary number or value sent to the STA or client station used only once in the first packet from the Access Point
2 – STA nonce (SNonce) is an arbitrary number or value sent from the client to the access point with a message integrity code (MIC) along with authentication which makes it a message authentication integrity code or MAIC
3 – The access point then sends the Group Temporal Key (GTK) including a sequence number along with another MIC to the client station
4 – The client station sends an acknowledgment confirming to the access point that everything is ok.
This can be seen in the diagram below:Now that we have gone through a little bit of background information on this it is time to run Cowpatty by simply typing “cowpatty” in the terminal to see a list of filters which you can useCowpatty requires the following in order to run successfully
1 – A word list
2 – A file in which the password hash has been captured
3 – The SSID of the target access point
Referring the the previous lesson on cracking a WPA2 network you will need the capture file in which the four way handshake was obtained in order to proceed, if you don’t have it just follow the lesson and then come back when you have it and continue on from here.
If you look in the /usr/share/wordlists directory you will see a lot of different word lists to choose from already stored in KaliI copied this to my current working directory for this cowpatty lesson which is /root/WPA_cowpattyUsing gunzip to extract the currently compressed word list you can see we now have a txt file to work with To check the size of the file above I am using stat which on it’s own will give you the size in bytes but pipeing this into awk we then focus on the “Size:” and then print it out calculating into MB’s so in this case we see 133.44 MB’s worth of a word list to play with.Just so this is not a waste of time it’s probably a good time to verify the password is actually contained within the word list by using grep
“grep” to use grep
“password12345” this is the search query and the password used for the WPA2 cracking lesson earlier
“rockyou.txt” is the name of the file in which to search
Now in order to create a precomputed PMK file in order to speed up the cracking on the SSID being assessed you can run cowpatty with the following filters
“cowpatty” to start cowpatty
“-f” to specify the location of your word list which is the current working directory in my case
“-r” to specify the pcap directory in which the handshake has been obtained in this case the current working directory.
“-s” in order to specify the SSID of the access point which is testOnce working you will see output like above in the terminal and as suggested you need to be patient here especially if doing this on the Raspberry Pi 2 like I am!
It didn’t take that long to find the password as you can see below cowpatty generated a hash for every password in the word list and then using the SSID as a seed compared it to the captured hash and once the correct hash was matched it is displayed on the screen along with the amount of passphrases tested and the amount of time it took which was 12 minutes 34 seconds and much quicker than running without cowpatty.Now that we have used cowpatty to calculate the hash of the password in 12 minutes 24 seconds it would be nice to crack the password even faster by generating a hash for future use on the same SSID so let’s do that with genpmk!
Running genpmk will show you a list of switches you can use:“genpmk” starts genpmk
“-f” is the option for selecting your password word list
“-d” is the option to use for the file you create for your precomputed hash file
“-s” is the option for the SSID you are creating the precomputed hashes forSomething noteworthy to add here is that this takes ages on the Raspberry Pi 2 and that is why I will be covering password cracking using “The cloud” in a future lesson, and yes I did use that phrase “The cloud”.
Now after leaving this running all night it is still running and has created a huge file which is going to topple my Pi soon so I am going to kill it off, but an example of what it looks like now is below:Size generated so farTime taken to generate the word list so far which was 13 hours 37 minutes (13.37) which is actually a really random time to stop at hahaha.Now as the file created was guaranteed to have “password12345” as the initial running of cowpatty cracked it at key no. 15,000 and the generated hashed list using genpmk was at key no. 979,000 when I stopped it so I decided to run it and see how quickly this would crack the password to get an answer before I move on here.
“cowpatty” to run cowpatty
“-d” for the hashfile you are using
“-r” is the pcap file in which your four way handshake was captured
“-s” is followed by the SSID of the access point that you obtained the four way handshake fromAs you can see above 15,123 passphrases were tested against in 1.11 seconds which meant that instead of 20.44 passphrases a second as had been previously the case now we are cycling through 13651.49 passhrases a second which is a significant jump on the Raspberry Pi 2 for cracking passwords.
Now just so that we could have some comparison with the rockyou password list I decided to end this by running the list through aircrack-ng to see the time saving we gained to put this into perspective15,146 keys were cycled through at a speed of 320.18 keys per second in 3 minutes 2 seconds which is much slower than using genpmk as you seen a moment ago.Lesson learned:
WPA/WPA2 cracking can be sped up a great deal by using coWPAtty and genpmk which means we can then compute the password a lot quicker than just using aircrack-ng to do so. It’s worth checking your access point passphrase against a list like this or better yet making up an extremely long random passhrase not in a dictionary but even with something like that with enough computational power anything is possible. It just really means you make an attack like this more costly for your attacker to carry out.