MS RAS (pptp + MSCHAPv1)
From: Maria Da Re (pentestml_at_yahoo.it)
Date: 01/27/05
- Previous message: Nicolas RUFF (lists): "Re: priviledge escalation techniques"
- Next in thread: Marc Heuse: "RE: MS RAS (pptp + MSCHAPv1)"
- Reply: Marc Heuse: "RE: MS RAS (pptp + MSCHAPv1)"
- Maybe reply: Todd Towles: "RE: MS RAS (pptp + MSCHAPv1)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jan 2005 22:41:22 +0100 (CET) To: pen-test@securityfocus.com
Hi!
I will execute a penetration test on Windows 2000
systems responding in dial-up on different telephone
numbers with pptp protocol handled by Microsoft RAS
(Routing and Remote Access) server.
I think to proceed with an analysis composed by these
steps:
1) Fingerprint with ppp, trying to use&verify the many
authentication protocol available such as CHAP,
MSCHAPv1, MSCHAPv2; very probably the protocol is
MS-CHAPv1.
2) Trying to take advantage of this vulnerability:
www.securityfocus.com/bid/5807. Any suggestion? There
are other vulnerability?
3) Trying to bruteforcing the passwords with
pptp-bruter. There are other good tools for doing
this?
Because i can't access to the shared telephone line, i
can't try man in the middle attacks (decrypting
credentials or implement a fake server to steal
credentials)
Have you some suggestions? There are other types of
attacks to try or tools to use?
Thanks for sharing your experience
-- M. Da Re ___________________________________ Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam, Giochi, Rubrica… Scaricalo ora! http://it.messenger.yahoo.it
- Previous message: Nicolas RUFF (lists): "Re: priviledge escalation techniques"
- Next in thread: Marc Heuse: "RE: MS RAS (pptp + MSCHAPv1)"
- Reply: Marc Heuse: "RE: MS RAS (pptp + MSCHAPv1)"
- Maybe reply: Todd Towles: "RE: MS RAS (pptp + MSCHAPv1)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
