Saturday, June 18, 2011

How to Generate Rainbow Tables for Cowpatty using genpmk to crack WPA/WPA2

Over the past few days I've had people ask me how to generate rainbow tables for Cowpatty. It's quite simple. Just a few things you should know first:

- Each table is for ONE ESSID. In WPA/WPA2, the SSID of the network is used as a salt to the encryption.

- You will want to find a good password dictionary file. I recommend the Renderlab church of wifi's password list found here.

- Passwords MUST be over 8 characters in length. So if you have a password list, weed out any smaller passwords.

And on with the show. Let's first look at the help screen.

genpmk 1.1 - WPA-PSK precomputation attack.
genpmk: Must specify a dictionary file with -f
Usage: genpmk [options]

-f Dictionary file
-d Output hash file
-s Network SSID
-h Print this help information and exit
-v Print verbose information (more -v for more verbosity)
-V Print program version and exit

After precomputing the hash file, run cowpatty with the -d argument.

So, to generate a rainbow table we need to provide a dictionary, an SSID, and a output file for it to write the hashes. so using the above we can do the following

genpmk -f final-wordlist.txt -s HackMe -d HackMe

This will make it create a Rainbow table called "HackMe" which will contain hashes of all the passwords in the file "final-wordlist.txt" salted with the SSID "HackMe". The output of the shell should update as every 1,000 hashes are created.

The whole process isn't actually all that bad for time and the file size for a rainbow table using the password file I suggest is ~40 MB. Not to bad considering the speed boost it will give when you go to crack it.