RE: Decrypting PPTP network traffic



Most tools (and there isn't an awful lot of them anyway!) focus on
breaking MS-
CHAP(v1|v2). This seems to be an area where some significant papers were
published
back in the days, but very few tools were actually implemented and
published openly!

If you have packet captures of a tunnel initiation, the username is in clear
text and you can use asleap (http://www.willhackforsushi.com/?page_id=41) to
crack the CHAP challenge/response.

PaulM




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Password Cracking Issues
    ... I thinks the test was not if you had previosuly knew the password but if you can crakc it. ... If you cannot crack it you cannot said you crack it, even if you know the passwd, you must test if you can obtain that pwd. ... or skip password cracking and then advise to reinforce the password policy? ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Automated wireless testing script (Project Page Created)
    ... Crack all access points within the range in one go!! ... Just recently I wrote a program for testing wireless security. ...  to type commands while roaming around the client's premises during ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: SQL passwords
    ... Cain will crack these. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: Decrypting PPTP network traffic
    ... I am aware of tools like asleap and cain and abel that do password ... cracking for MS-CHAP, as I tried to explain in my previous post. ... Information Assurance Certification Review Board ...
    (Pen-Test)