KALI -- Genpmk cmd error

(Leonard Bernael) #1

Hello Everyone,
I’m relatively new to Kali Linux, and very new to pentesting. I have some background in HTML as well as shell/bash scripting, took a long break, and decided to get involved with Kali Linux and pentesting.

Anyways, so I am working on the first step in where I want to go - cracking a wifi wpa2 password (my own ACTUAL network, not virtual network).

I realized that using crunch, piped through pyrit would’ve taken… a very long time, and was directed to one of the tutorials here - using genpmk & cowpatty.

Sounded great after reading it, and decided to give it a shot. Unfortunately I must have missed something because the very first command [after compiling everying (which isn’t necessary as cowpatty, and genpmk are already installed on the current version of kali)] is something to the effect of

genpmk -f “WORDLIST.TXT” -d “Output file” -s "ESSID of Wifi"
which in the tutorial -f didn’t exist and was created…

Then I tried it, and received the following message:
genpmk 1.1 - WPA-PSK precomputation attack. jwright@hasborg.com
fopen: No such file or directory

This tells me a few things:

  1. that particular file does not exist in the given location (which I already knew)
  2. for some particular reason or another, a program designed to generate pmk’s isn’t generating what it’s supposed to
  3. something about this is broken.

Unfortunately, I couldn’t find any man pages for genpmk, nor did genpmk -h really tell me anything that would help me figure this one out. Ironically, I tried to google this particular issue with genpmk, and didn’t find anything particularly useful either.

Although it would be appreciated, I’m not exactly looking for someone to straight-up give me the answer, since I believe in learning through trial/error, but at the very least give me some directions, and maybe show me what the road sign is that I need (if you get my metaphor)


Edited to fix error in post 2018-12-26 16:05 EST

(Harry) #2

try full path to the wordlist file with -f parameter.
Either type the path or dragging wordlist file into the terminal will reflect its path.

(Leonard Bernael) #3

My understanding was that genpmk generates the file…

But if I’m understanding you right, t=what you’re saying is that I have to have an existing wordlist in order to use gen pmk…?

So… hold on a minute…
Let’s pretend for a moment that I don’t know the password and it isn’t my wifi… I’m assuming at that point, the best idea would be to study the intended subject, make sure they’re home, use wireshark/zenmap/nmap to gather information, and gain access to the subject’s computer, possibly implant a key-logger and go from there?

My thinking was that the first and “most easy” way to get to the above step, was to crack the subject’s wifi first, then listen while on the same network, pretending to be a device that belongs there, and then afterwards go through the above step…?

Because I thought that in this tutorial genpmk used the information from the SSID traffic to generate a pswd text file, which could then be used with cowputty to crack the wifi passkey “without knowing the password” and without manually placing it into the word list…?

Pretty much every scenario I go through, regardless whether it’s exploitation, password cracking, wpa cracking, data recovery etc. I use my own system (generally 1 Laptop using a 1TB live HDD via USB, and an external device such as my raspberry pi rather than a virtualbox – that way I have a rather “realistic” scenario, not one I can always entirely control…

(Harry) #4

Note the quotes for -f and -s. They are both different. You might’ve used copy paste from the article. btter type it out yourself or use tab autocomplete(with escape characters) to enter the filename.
I just ran the command with my wordlist 1.txt and it works perfectly fine. See output:

genpmk -f 1.txt -d "myGenPMK" -s "rootsh3ll"

genpmk 1.1 - WPA-PSK precomputation attack. jwright@hasborg.com
File myGenPMK does not exist, creating.
key no. 1000: VANO940426
key no. 2000: lizingt1westnergorika1997
key no. 3000: ru1058700pc26
key no. 4000: 000000

(Harry) #5

Gen PMK means Generate PMK (Pairwaise Master Key) which is a derivative is PSK in case of WPA2-Personal. read here:

genpmk takes

  1. passphrase, each theough the wordlist you provide
  2. SSID
    and then you match the generated PMKs with the captured handshake using cowpatty.
    In no case we use said traffic.
    just the passphrase and SSID are enough to automate the process and match the PMK with the captured one.
    if they match. well, then that’s where your passphrase is.