Cowpatty!



     For my project im going to be taking a look at cowpatty. I've used it before not with much success however I think it will be a great hash to take a look at as it seems to be a smaller project.

      "coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys. If you are auditing WPA-PSK networks, you can use this tool to identify weak passphrases that were used to generate the PMK."

The owner of my repo was nice to comment where the hash is and ask for help!



 File - https://github.com/joswr1ght/cowpatty/blob/bc3c6896ba9b6504c994e32dc7e6737b525fe91b/sha1.c 
This function to me looks rather complected , I dont really know how to approach a problem like this however I am interested in finding out more! I think its best to start with the build flags, I've actually read up on forums and actually made an attempt to edit the makefile as for some reason I was getting a bufferoverflow.  The suggest change to makefile was to edit out a flag
##################################
LDLIBS          = -lpcap
CFLAGS          = -pipe -Wall -DOPENSSL
#CFLAGS         += -O2
LDLIBS          += -lcrypto
CFLAGS          += -g3 -ggdb
...



I decided to grab another source and try it,

LDLIBS = -lpcap
CFLAGS = -pipe -Wall -DOPENSSL
CFLAGS += -O2
LDLIBS += -lcrypto
CFLAGS += -g3 -ggdb
#CFLAGS += -static
PROGOBJ = md5.o sha1.o utils.o cowpatty.o genpmk.o
PROG = cowpatty genpmk
BINDIR = /usr/local/bin
CC = clan

     The new source (actual repo) seems to work as intended. Makefile has no errors. I ran some test files through cowpatty to get a baseline as to how long computations take,  The average amount of time it takes to run the supplied test is 11 seconds (myLaptop)

I think my next steps are trying the tests on other systems then after I have a good benchmark I can begin to play with the flags to see the effects time.

Heres a sample test



Another thing I should consider is making the data set larger this can apparently be done with John the Ripper , which another classmate is actually working on, neat!




* ipad is the byte 0x36 repeated 64 times
opad is the byte 0x5c repeated 64 times




Im not sure if id be going in the right direction but would performance increase if I used a smaller byte?

/* the HMAC_SHA1 transform looks like:
*
* SHA1(K XOR opad, SHA1(K XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times
* and text is the data being protected */

TLDR:

Stage 2:
 
   Rip up some data with John to make my tests much larger!

   Apply these larger and longer tests on multiple systems  including AArch64 systems
   Edit Flags to see how it affected performance with my larger tests

   Use Time and key/sec as benchmark

   See what happens when I use smaller bytes in the ipad + opad

   Learn what the hell is going on!

Stage 3:

   Combine both methods and see affect on performance

   See what else I can do to the hashing if my other attempts fail

   Share what I learned!

 


 



Comments

Post a Comment

Popular posts from this blog

Lab 1: Code Review

Image
Code Review Aircrack-ng    Aircrack has not many contributors, 16, 4 of which are the main contributors.  I found it interesting that issues / bugs are posted right to their Github with collaborators encouraged to fix any issues that are live. Upon viewing the live issues, a group of 3 or 4 people can be seen talking and comparing code in order to fix the issue. Some issues listed are ways they can improve the software. I think this is a good way to continue progression on making your software higher quality.  GetTor     The tor project is a great github, they tell you directly on the page how people can help. They strongly encourage their community to get involved and want people to look at the source code to learn what it does.       The creators of this project also host presentations and demonstrations on how their project works along with future goals. Here is one of the creators speaking abou...
Read more

Stage 3: CowPatty

Image
CowPatty Stage 3 Introduction:     Cowpatty being a tool that related to some of my interests I wanted to take a deeper look into how it works. At the start I understood the basics, feed it a 4-way handshake, SSID name and a dictionary file and it would spit out its best guess of the SSID. While Cowpatty has the ability to 'guess' the SSID's password, its only effective / used to audit networks that have poor / common / default passwords. Interestingly enough in this Defcon video titled "Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog"  - Provided he made his warkitteh sniff for packets and save them, he could attempt to hash SSID+handshake to get passcodes. He got quite the list of SSIDs, Some WEP which I dont think is a setting on new routers (hopefully).  I do not condone Weaponizing you pets or strapping batteries to them, do not attempt. However, it was neat! Since CowPatty has to match keys it has to got through a large d...
Read more