search

http403 / pyrit

Automatically exported from code.google.com/p/pyrit
0 stars 0 forks source link

export_cowpatty produces buffer overflow in cowpatty #10

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. pyrit batch
2. pyrit -f linksys.db export_cowpatty
3. pentest/wireless/cowpatty/cowpatty -d linksys.db -r
/pentest/wireless/cowpatty/wpapsk-linksys.dump -s linksys

What is the expected output? What do you see instead?
cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Collected all necessary data to mount crack against WPA/PSK passphrase.
Starting dictionary attack.  Please be patient.
key no. 10000: ïîêèâàèëîâ
key no. 20000: àíâåðáèê
key no. 30000: ×ÅÞÅÒÎÀÀ
key no. 40000: ïðîñà÷èâàòüñÿ
key no. 50000: òåëîäâèæåíèÿ
key no. 60000: òðàãè÷íîñòè
key no. 70000: ãðîìîçäîê
key no. 80000: íåïåðåâåðíóòûé
key no. 90000: çàìåñòèëî
key no. 100000: Country1
key no. 110000: çàâèñèìîñè
key no. 120000: êîäèôèêàöèþ
*** buffer overflow detected ***: /pentest/wireless/cowpatty/cowpatty
terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7dc76d8]
/lib/tls/i686/cmov/libc.so.6[0xb7dc5800]
/lib/tls/i686/cmov/libc.so.6(__fread_chk+0x143)[0xb7dc60f3]
/pentest/wireless/cowpatty/cowpatty[0x80490af]
/pentest/wireless/cowpatty/cowpatty[0x804a52b]
/pentest/wireless/cowpatty/cowpatty[0x804aa98]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7ce3685]
/pentest/wireless/cowpatty/cowpatty[0x8048d11]
======= Memory map: ========
08048000-0804d000 r-xp 00000000 16:07 18119     
/pentest/wireless/cowpatty/cowpatty
0804d000-0804e000 r--p 00004000 16:07 18119     
/pentest/wireless/cowpatty/cowpatty
0804e000-0804f000 rw-p 00005000 16:07 18119     
/pentest/wireless/cowpatty/cowpatty
086a2000-086c3000 rw-p 086a2000 00:00 0          [heap]
b7cb2000-b7cb3000 rw-p b7cb2000 00:00 0
b7cb3000-b7cc7000 r-xp 00000000 16:07 92663      /usr/lib/libz.so.1.2.3.3
b7cc7000-b7cc9000 rw-p 00013000 16:07 92663      /usr/lib/libz.so.1.2.3.3
b7cc9000-b7ccb000 r-xp 00000000 16:07 443795    
/lib/tls/i686/cmov/libdl-2.8.90.so
b7ccb000-b7ccc000 r--p 00001000 16:07 443795    
/lib/tls/i686/cmov/libdl-2.8.90.so
b7ccc000-b7ccd000 rw-p 00002000 16:07 443795    
/lib/tls/i686/cmov/libdl-2.8.90.so
b7ccd000-b7e25000 r-xp 00000000 16:07 443789    
/lib/tls/i686/cmov/libc-2.8.90.so
b7e25000-b7e27000 r--p 00158000 16:07 443789    
/lib/tls/i686/cmov/libc-2.8.90.so
b7e27000-b7e28000 rw-p 0015a000 16:07 443789    
/lib/tls/i686/cmov/libc-2.8.90.so
b7e28000-b7e2b000 rw-p b7e28000 00:00 0
b7e2b000-b7f5e000 r-xp 00000000 16:07 238066    
/usr/lib/i686/cmov/libcrypto.so.0.9.8
b7f5e000-b7f66000 r--p 00132000 16:07 238066    
/usr/lib/i686/cmov/libcrypto.so.0.9.8
b7f66000-b7f73000 rw-p 0013a000 16:07 238066    
/usr/lib/i686/cmov/libcrypto.so.0.9.8
b7f73000-b7f77000 rw-p b7f73000 00:00 0
b7f77000-b7fa0000 r-xp 00000000 16:07 92253      /usr/lib/libpcap.so.0.9.8
b7fa0000-b7fa1000 r--p 00028000 16:07 92253      /usr/lib/libpcap.so.0.9.8
b7fa1000-b7fa2000 rw-p 00029000 16:07 92253      /usr/lib/libpcap.so.0.9.8
b7fa8000-b7fb5000 r-xp 00000000 16:07 434238     /lib/libgcc_s.so.1
b7fb5000-b7fb6000 r--p 0000c000 16:07 434238     /lib/libgcc_s.so.1
b7fb6000-b7fb7000 rw-p 0000d000 16:07 434238     /lib/libgcc_s.so.1
b7fb7000-b7fbb000 rw-p b7fb7000 00:00 0
b7fbb000-b7fd5000 r-xp 00000000 16:07 434196     /lib/ld-2.8.90.so
b7fd5000-b7fd6000 rw-p b7fd5000 00:00 0
b7fd6000-b7fd7000 r--p 0001a000 16:07 434196     /lib/ld-2.8.90.so
b7fd7000-b7fd8000 rw-p 0001b000 16:07 434196     /lib/ld-2.8.90.so
bf9c3000-bf9d8000 rw-p bffeb000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Aborted

What version of the product are you using? On what operating system?
latest from SVN on backtrack 4 pre

Please provide any additional information below.
cowpatty works well with the same dictionary and database generated by
genpmk that comes with it. I suppose that this error is due to the way
pyrit writes the linksys.db

Original issue reported on code.google.com by kalge...@gmail.com on 8 Jul 2009 at 7:25

GoogleCodeExporter commented 9 years ago 
Please try cowpatty 4.6 from http://www.willhackforsushi.com/?page_id=50

Original comment by lukas.l...@gmail.com on 8 Jul 2009 at 8:40

GoogleCodeExporter commented 9 years ago 
Oh and while you are at it, please post the wordlist that causes this 
behaviour...

Original comment by lukas.l...@gmail.com on 8 Jul 2009 at 8:41

GoogleCodeExporter commented 9 years ago 
the wordlist is 469MB so uploading it is tough but i generated it from 
backtrack wpa
wordlist and some other international languages. It contains over 37 Mil 
passwords.
And bythe way, the 4.6 version of cowpatty fixes it :)
Good job guys, nice project

Original comment by kalge...@gmail.com on 8 Jul 2009 at 8:49

GoogleCodeExporter commented 9 years ago 
Not a problem with Pyrit then :-) Thanks for reporting, closed.

Original comment by lukas.l...@gmail.com on 8 Jul 2009 at 8:59