RE: MS RAS (pptp + MSCHAPv1)
From: Omar Herrera (oherrera_at_prodigy.net.mx)
Date: 01/29/05
- Previous message: Jay D. Dyson: "RE: MS RAS (pptp + MSCHAPv1)"
- In reply to: Maria Da Re: "RE: MS RAS (pptp + MSCHAPv1)"
- Next in thread: Todd Towles: "RE: MS RAS (pptp + MSCHAPv1)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Jan 2005 19:03:25 -0600 To: pen-test@securityfocus.com
> -----Original Message-----
> From: Maria Da Re [mailto:pentestml@yahoo.it]
> > wasnt there a release by team-teso to fingerprint
> > ppp?
>
> In Google and packetstorm i find nothing.
>
> > : THC-pptp-bruter: Brute force program against PPTP
> > VPN Gateways (tcp port 1723).
>
> Now, i know that bruter isn't useful for my purpose,
> because i not working on ip but in dial-up. So i can't
> connect to tcp port 1723 *before* the MSCHAPv1
> authentication on PPTP.
True, THC-pptp-bruter won't be useful if you are using dialup, but you won't
work with PPTP neither; you will be using PPP alone. Point to Point
Tunneling Protocol is designed to work over an IP network (therefore the
confusion).
This paper talks about MS-CHAPv2 and its vulnerabilities, but it also gives
you a good overview of how MS-CHAPv1 works and might be worth reading:
http://www.schneier.com/paper-pptpv2.pdf.
THC has another (~ updated, 2003) tool for ppp brute forcing using unix
scripts and minicom (it used to be included in most Linux distros but I
haven't checked lately). The tool is called: THC-dialup Login Hacker v1.1
and is available here:
http://www.thc.org/download.php?t=r&f=login_hacker-1.1.tar.gz
I'm not sure whether this tool already supports MS-Chap and have not seen
specific tools for MS-Chap, but I think you could modify the scripts to send
whatever is needed through minicom. The protocol (from the paper above) is
this:
"
1. Client requests a login challenge from the Server.
2. The Server sends back an 8-byte random challenge.
3. The Client uses the LAN Manager hash of its password to derive three
DES keys. Each of these keys is used to encrypt the challenge. All three
encrypted blocks are concatenated into a 24-byte reply. The Client creates
a second 24-byte reply using the Windows NT hash and the same
procedure.
"
Instructions are also given in the paper on how to derive the keys.
In synthesis, you might use a dictionary attack using hashes of the
passwords in your dictionary and the challenge. The speed of the attack is
not dependant upon the hashing stuff but it is upon the dialing/reconnecting
speed since you will have to reconnect several times to the server with your
modem. Even then you should be aware that RAS accounts might have been
configured to block after a number of unsuccessful attempts, so the task,
even with the right tools is far from easy :-).
I hope this is useful.
Regards,
Omar Herrera
- Previous message: Jay D. Dyson: "RE: MS RAS (pptp + MSCHAPv1)"
- In reply to: Maria Da Re: "RE: MS RAS (pptp + MSCHAPv1)"
- Next in thread: Todd Towles: "RE: MS RAS (pptp + MSCHAPv1)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
