Re: Decrypting PPTP network traffic



Thanks but that's not what I'm after.

I'm looking for something which, given the keys, can decrypt a network
capture containing MPPE data, i.e. PPTP encrypted traffic.

Think of airdecap-ng (comes with aircrack-ng) but for PPTP rather than
to decrypt WEP / WPA.


On Fri, Mar 19, 2010 at 12:10 AM, h0W@12D <flee74@xxxxxxxxx> wrote:

http://revision3.com/hak5/asleap
http://forums.hak5.org/index.php?showtopic=14755&st=0&gopid=145700
(find Sc00bz's)

check this out :D


On Fri, Mar 19, 2010 at 1:39 AM, Paul Melson <pmelson@xxxxxxxxx> wrote:

Most tools (and there isn't an awful lot of them anyway!) focus on
breaking MS-
CHAP(v1|v2). This seems to be an area where some significant papers were
published
back in the days, but very few tools were actually implemented and
published openly!

If you have packet captures of a tunnel initiation, the username is in
clear
text and you can use asleap (http://www.willhackforsushi.com/?page_id=41)
to
crack the CHAP challenge/response.

PaulM




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Passive PenTesting
    ... Network Miner is a Windows tool that can pull a lot of information from ... , and also extracts files and text from the capture. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: Stealing Wireless Password with fake ap
    ... i first connected to my real AP and i can capture ... My netbook connected to fake AP. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Can we decrypt ssh session?
    ... We have tcpdump all the ssh session and capture the sshd ... Can we decrypt the ssh session from the tcpdump ...
    (comp.security.ssh)