I’ve decided to take Pyrit one step further and add actual “attack capabilities”. I have some difficulties with this as the actual legal situation in germany is – putting it mildly – undefined. On the other hand I’m disappointed with the state of tools that currently are available….
So here is the juicy stuff: Pyrit 0.2.4-dev rev146 adds four new commands to the commandline-client:
- ‘analyze’ parses a pcap-dump and shows some information about AccessPoints, Stations and the presence of WPA-PSK handshakes.
- ‘attack_passthrough‘ is the most basic attack mode and resembles piping PMKs to other tools like cowpatty. It takes a pcap-dump and attacks available handshakes using passwords read from a file. The database is not touched at all by this. Good for LiveCDs but you lose the advantage of having pre-computed PMKs.
- ‘attack_batch‘ uses passwords and PMKs stored in the database to attack the handshake. The PMKs are taken from the databased if already computed. Otherwise the passwords are translated into their respective PMKs which are stored on-the-fly for later re-use.
- ‘attack_db‘ uses only PMKs that are already in the database. Handy if you don’t want your box to get crushed under load.
And here is what it looks like:
pyrit -r test.pcap -e dlink attack_batch
Pyrit 0.2.4-dev (svn r146) (C) 2008, 2009 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3
Parsing file ‘test.pcap’… 426 packets (375 802.11-packets), 4 APs
Picked AccessPoint [hidden] automatically…
Attacking handshake with Station [hidden]…
Tried 3443172 PMKs so far; 675577 PMKs per second.
The password is ‘12345678’.
Notice the number of 675,577 passwords per second :-) Oh and by the way: Pyrit will from now on require scapy to be installed, so check your package manager…