I have added a patch to enable multi-threading (via pthreads) to the genpmk.c program of the coWPAtty wireless tools suite. genpmk.c breaks down the WPA/WPA2 dictionary attack process into two functions. The first allows you to pre-compute hashes for a given ssid from a given wordlist. Second, you use the hash file created to perform the dictionary attack on a 4-way handshake capture file. I have added posix thread support to help speed up the time it takes to calculate the hashes. You can download the source files from my github page here:
coWPAtty 4.7 multithreaded
You might be thinking, that breaking the process down doesn't speed it up any, and you would be correct. The benefit of this program is to allow for precomputing of hashes for common essid's. The WPA/WPA2 hashing algorithm does 4096 iterations, and salts it with the essid, so getting those calculations out of the way once will speed up future runs significantly. To prevent against this type of attack you would need to change your essid to something somewhat unique, and definitely something other than the default (if the default is not unique). Some ISP's have been trying to thwart this type of attack by giving default essid's containing the serial number part of the device's MAC ID. You might have seen Comcast's "HOME-XXXX" networks around, this coupled with a long default password that is random alpha-numeric sequence where a wordlist would take petabytes of space, makes the wifi network pretty secure against any attacks. The genpmk/cowpatty software is best used to attack essid's that you find most frequently, e.g. a default essid of "linksys". This program could also be ran in a shell script to calculate hashes for multiple essid's.
Usage:
./genpmk -f wordlist -d output_hashfile -s linksys -n 4
The -n flag is optional, it tells genpmk how many threads to create. It will default to the number of cpu's on the system + 1
Lists of essid's can be created easily too, with tools like crunch and seq. Here is a command that will generate all variations of the "NETGEARXX" essid:
seq 00 99 | perl -pe "s/^(.*)$/NETGEAR\1/g;"
or to generate all "HOME-XXXX" networks, we could use crunch:
crunch 4 4 ABCDEF0123456789 | perl -pe "s/^(.*)$/HOME-\1/g;"
No comments:
Post a Comment