MS RAS (pptp + MSCHAPv1)

From: Maria Da Re (pentestml_at_yahoo.it)
Date: 01/27/05

  • Next message: Balwant Rathore: "Re: Educational Security Assessment project for Northern Virginia Community College students."
    Date: Thu, 27 Jan 2005 22:41:22 +0100 (CET)
    To: pen-test@securityfocus.com
    
    

    Hi!

    I will execute a penetration test on Windows 2000
    systems responding in dial-up on different telephone
    numbers with pptp protocol handled by Microsoft RAS
    (Routing and Remote Access) server.

    I think to proceed with an analysis composed by these
    steps:

    1) Fingerprint with ppp, trying to use&verify the many
    authentication protocol available such as CHAP,
    MSCHAPv1, MSCHAPv2; very probably the protocol is
    MS-CHAPv1.

    2) Trying to take advantage of this vulnerability:
    www.securityfocus.com/bid/5807. Any suggestion? There
    are other vulnerability?

    3) Trying to bruteforcing the passwords with
    pptp-bruter. There are other good tools for doing
    this?

    Because i can't access to the shared telephone line, i
    can't try man in the middle attacks (decrypting
    credentials or implement a fake server to steal
    credentials)

    Have you some suggestions? There are other types of
    attacks to try or tools to use?

    Thanks for sharing your experience

    -- 
    M. Da Re
    		
    ___________________________________ 
    Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam, Giochi, Rubrica… Scaricalo ora! 
    http://it.messenger.yahoo.it
    

  • Next message: Balwant Rathore: "Re: Educational Security Assessment project for Northern Virginia Community College students."