If you are using Backtrack Linux for your wireless Pentesting needs you will not need this how to, however, if you are using another distro or a older version of cowpatty you will have this issue.
Here is what the issue looks like:
- root@bt:/pentest/wireless/cowpatty# ./cowpatty -s 2WIRE735 -d 2wire735 -r 2WIRE735-01.cap
- cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>
- Collected all necessary data to mount crack against WPA/PSK passphrase.
- Starting dictionary attack. Please be patient.
- key no. 10000: 1Seaport
- key no. 20000: 53dog162
- key no. 30000: CHARLESW
- *** buffer overflow detected ***: ./cowpatty terminated
- ======= Backtrace: =========
- /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7d276d8]
- /lib/tls/i686/cmov/libc.so.6[0xb7d25800]
- /lib/tls/i686/cmov/libc.so.6(__fread_chk+0x143)[0xb7d260f3]
- ./cowpatty[0x80490af]
- ./cowpatty[0x804a52b]
- ./cowpatty[0x804aa98]
- /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7c43685]
- ./cowpatty[0x8048d11]
- ======= Memory map: ========
- 08048000-0804d000 r-xp 00000000 00:10 5828 /pentest/wireless/cowpatty/cowpatty
- 0804d000-0804e000 r--p 00004000 00:10 5828 /pentest/wireless/cowpatty/cowpatty
- 0804e000-0804f000 rw-p 00005000 00:10 5828 /pentest/wireless/cowpatty/cowpatty
- 084ab000-084cc000 rw-p 084ab000 00:00 0 [heap]
- b7c12000-b7c13000 rw-p b7c12000 00:00 0
- b7c13000-b7c27000 r-xp 00000000 00:10 521 /usr/lib/libz.so.1.2.3.3
- b7c27000-b7c29000 rw-p 00013000 00:10 521 /usr/lib/libz.so.1.2.3.3
- b7c29000-b7c2b000 r-xp 00000000 00:10 33 /lib/tls/i686/cmov/libdl-2.8.90.so
- b7c2b000-b7c2c000 r--p 00001000 00:10 33 /lib/tls/i686/cmov/libdl-2.8.90.so
- b7c2c000-b7c2d000 rw-p 00002000 00:10 33 /lib/tls/i686/cmov/libdl-2.8.90.so
- b7c2d000-b7d85000 r-xp 00000000 00:10 39 /lib/tls/i686/cmov/libc-2.8.90.so
- b7d85000-b7d87000 r--p 00158000 00:10 39 /lib/tls/i686/cmov/libc-2.8.90.so
- b7d87000-b7d88000 rw-p 0015a000 00:10 39 /lib/tls/i686/cmov/libc-2.8.90.so
- b7d88000-b7d8b000 rw-p b7d88000 00:00 0
- b7d8b000-b7ebe000 r-xp 00000000 00:10 1846 /usr/lib/i686/cmov/libcrypto.so.0.9.8
- b7ebe000-b7ec6000 r--p 00132000 00:10 1846 /usr/lib/i686/cmov/libcrypto.so.0.9.8
- b7ec6000-b7ed3000 rw-p 0013a000 00:10 1846 /usr/lib/i686/cmov/libcrypto.so.0.9.8
- b7ed3000-b7ed7000 rw-p b7ed3000 00:00 0
- b7ed7000-b7f00000 r-xp 00000000 00:10 5937 /usr/lib/libpcap.so.0.9.8
- b7f00000-b7f01000 r--p 00028000 00:10 5937 /usr/lib/libpcap.so.0.9.8
- b7f01000-b7f02000 rw-p 00029000 00:10 5937 /usr/lib/libpcap.so.0.9.8
- b7f02000-b7f0f000 r-xp 00000000 00:10 1097 /lib/libgcc_s.so.1
- b7f0f000-b7f10000 r--p 0000c000 00:10 1097 /lib/libgcc_s.so.1
- b7f10000-b7f11000 rw-p 0000d000 00:10 1097 /lib/libgcc_s.so.1
- b7f11000-b7f15000 rw-p b7f11000 00:00 0
- b7f15000-b7f2f000 r-xp 00000000 00:10 27 /lib/ld-2.8.90.so
- b7f2f000-b7f30000 rw-p b7f2f000 00:00 0
- b7f30000-b7f31000 r--p 0001a000 00:10 27 /lib/ld-2.8.90.so
- b7f31000-b7f32000 rw-p 0001b000 00:10 27 /lib/ld-2.8.90.so
- bff1c000-bff31000 rw-p bffeb000 00:00 0 [stack]
- ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
- Aborted
If this happens to you it just means you need a patch. The patch was written by my good friend Edgan. I will show you how to get your cowpatty patched and back up and running.
First of all get rid of whatever you got either with your package manager or with rm -rf
Then grab the latest source:
- r00t@infected ~ $ wget http://www.willhackforsushi.com/code/cowpatty/4.6/cowpatty-4.6.tgz
- --2009-12-24 00:19:02-- http://www.willhackforsushi.com/code/cowpatty/4.6/cowpatty-4.6.tgz
- Resolving www.willhackforsushi.com... 74.208.19.32
- Connecting to www.willhackforsushi.com|74.208.19.32|:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 104979 (103K) [application/x-gtar]
- Saving to: `cowpatty-4.6.tgz'
- 100%[======================================================================================================================================>] 104,979 90.2K/s in 1.1s
- 2009-12-24 00:19:04 (90.2 KB/s) - `cowpatty-4.6.tgz' saved [104979/104979]
Open the archive:
- r00t@infected ~ $ tar xvf cowpatty-4.6.tgz
- cowpatty-4.6/
- cowpatty-4.6/FAQ
- cowpatty-4.6/TODO
- cowpatty-4.6/dict
- cowpatty-4.6/wpa2psk-linksys.dump
- cowpatty-4.6/eap-test.dump
- cowpatty-4.6/Makefile
- cowpatty-4.6/md5.c
- cowpatty-4.6/md5.h
- cowpatty-4.6/README
- cowpatty-4.6/wpapsk-linksys.dump
- cowpatty-4.6/cowpatty.c
- cowpatty-4.6/cowpatty.h
- cowpatty-4.6/file_magic
- cowpatty-4.6/genpmk.c
- cowpatty-4.6/CHANGELOG
- cowpatty-4.6/common.h
- cowpatty-4.6/sha1.c
- cowpatty-4.6/sha1.h
- cowpatty-4.6/AUTHORS
- cowpatty-4.6/utils.c
- cowpatty-4.6/utils.h
- cowpatty-4.6/INSTALL
- cowpatty-4.6/radiotap.h
- cowpatty-4.6/COPYING
Next we will grab my buddy Edgan’s patch:
- r00t@infected ~ $ wget http://proton.cygnusx-1.org/~edgan/cowpatty/cowpatty-4.6-fixup16.patch
- --2009-12-24 00:21:18-- http://proton.cygnusx-1.org/~edgan/cowpatty/cowpatty-4.6-fixup16.patch
- Resolving proton.cygnusx-1.org... 173.8.189.9
- Connecting to proton.cygnusx-1.org|173.8.189.9|:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 14227 (14K) [text/plain]
- Saving to: `cowpatty-4.6-fixup16.patch'
- 100%[======================================================================================================================================>] 14,227 72.7K/s in 0.2s
- 2009-12-24 00:21:19 (72.7 KB/s) - `cowpatty-4.6-fixup16.patch' saved [14227/14227]
Next we will patch the two source files in question:
- r00t@infected ~ $ cd cowpatty-4.6 ; cat ../cowpatty-4.6-fixup16.patch | patch -p1
- patching file cowpatty.c
- patching file cowpatty.h
After that we will go ahead and build the binary:
- r00t@infected ~/cowpatty-4.6 $ make
- cc -pipe -Wall -DOPENSSL -O2 -g3 -ggdb -c -o md5.o md5.c
- cc -pipe -Wall -DOPENSSL -O2 -g3 -ggdb -c -o sha1.o sha1.c
- cc -pipe -Wall -DOPENSSL -O2 -g3 -ggdb -c -o utils.o utils.c
- cc -pipe -Wall -DOPENSSL -O2 -g3 -ggdb -c -o cowpatty.o cowpatty.c
- cowpatty.c: In function 'dictfile_attack':
- cowpatty.c:908: warning: format '%u' expects type 'unsigned int', but argument 3 has type 'size_t'
- cc -pipe -Wall -DOPENSSL -O2 -g3 -ggdb -c -o genpmk.o genpmk.c
- genpmk.c: In function 'main':
- genpmk.c:250: warning: format '%u' expects type 'unsigned int', but argument 3 has type 'size_t'
- cc -pipe -Wall -DOPENSSL -O2 -g3 -ggdb cowpatty.c -o cowpatty utils.o md5.o sha1.o -lpcap -lcrypto
- cowpatty.c: In function 'dictfile_attack':
- cowpatty.c:908: warning: format '%u' expects type 'unsigned int', but argument 3 has type 'size_t'
- cc -pipe -Wall -DOPENSSL -O2 -g3 -ggdb genpmk.c -o genpmk utils.o sha1.o -lpcap -lcrypto
- genpmk.c: In function 'main':
- genpmk.c:250: warning: format '%u' expects type 'unsigned int', but argument 3 has type 'size_t'
And then we can install it:
- r00t@infected ~/cowpatty-4.6 $ sudo make install
- install -d /usr/local/bin
- install -m 755 cowpatty genpmk /usr/local/bin
That’s all there is to it. Your cowpatty and genpmk binaries should work fine now.
Thank you so much.
It is great help.
hi i’m trying this install and this is what i get in bt 5 after i type make
any ideas ??
cc -pipe -Wall -DOPENSSL -O2 -g3 -ggdb -c -o md5.o md5.c
md5.c:20:25: error: openssl/md5.h: No such file or directory
md5.c: In function ‘md5_mac’:
md5.c:28: error: ‘MD5_CTX’ undeclared (first use in this function)
md5.c:28: error: (Each undeclared identifier is reported only once
md5.c:28: error: for each function it appears in.)
md5.c:28: error: expected ‘;’ before ‘context’
md5.c:29: warning: implicit declaration of function ‘MD5_Init’
md5.c:29: error: ‘context’ undeclared (first use in this function)
md5.c:30: warning: implicit declaration of function ‘MD5_Update’
md5.c:33: warning: implicit declaration of function ‘MD5_Final’
md5.c: In function ‘hmac_md5_vector’:
md5.c:40: error: ‘MD5_CTX’ undeclared (first use in this function)
md5.c:40: error: expected ‘;’ before ‘context’
md5.c:48: error: ‘context’ undeclared (first use in this function)
make: *** [md5.o] Error 1
i have the same problem with bt5
same problem for me… and no ideas
root@bt:~/cowpatty-4.6# make
cc -pipe -Wall -DOPENSSL -O2 -g3 -ggdb -c -o md5.o md5.c
md5.c:20:25: error: openssl/md5.h: No such file or directory
md5.c: In function ‘md5_mac’:
md5.c:28: error: ‘MD5_CTX’ undeclared (first use in this function)
md5.c:28: error: (Each undeclared identifier is reported only once
md5.c:28: error: for each function it appears in.)
md5.c:28: error: expected ‘;’ before ‘context’
md5.c:29: warning: implicit declaration of function ‘MD5_Init’
md5.c:29: error: ‘context’ undeclared (first use in this function)
md5.c:30: warning: implicit declaration of function ‘MD5_Update’
md5.c:33: warning: implicit declaration of function ‘MD5_Final’
md5.c: In function ‘hmac_md5_vector’:
md5.c:40: error: ‘MD5_CTX’ undeclared (first use in this function)
md5.c:40: error: expected ‘;’ before ‘context’
md5.c:48: error: ‘context’ undeclared (first use in this function)
make: *** [md5.o] Error 1