Date: 02/24/04

  • Next message: Eric Paynter: "Re: manipulating query strings"
    To: pen-test@securityfocus.com
    Date: Tue, 24 Feb 2004 16:04:42 +0000


    At Defcon last year, Joshua Wright released a paper documenting a number of
    flaws in LEAP, in particular relating to sniffing the challenge-response
    traffic, compromising the username, and cracking the user password offline.
    His paper is available from

    I am currently undertaking a wireless test for a client who I've found is
    using LEAP. I've sniffed a number of LEAP challenge-response frames, and it
    would be great if I could perform some active attacks to spoof LEAP-logoff
    and STA deauthenticate frames, sniff more LEAP challenge-response traffic,
    and perform the offline cracking operation as described by Joshua Wright.

    Joshua wrote a tool called asleap / asleap-imp, which he demonstrated at
    Defcon, but did not release. I have yet to find asleap available online,
    although various media sources state that the tool will be available in
    February. I even mailed Joshua, but he hasn't yet responsed.

    My question is if anyone knows of any tools or hacks of software like
    kismet that can perform any element of this LEAP attack?



    Chris McNab
    Technical Director

    Matta Consulting Limited
    18 Noel Street
    London W1F 8GN

     08700 77 11 00


  • Next message: Eric Paynter: "Re: manipulating query strings"