New Asleap Release

joswr1ght · 12-21-2004

I've released version 1.4 of Asleap. For those that don't know, Asleap was designed to be a passive or active LEAP audit tool to pull LEAP passwords out of the air. My Pentium II 233 development system (yeah, I'm 'leet) can handle 45 million passwords in under one second.

The cool new things with Asleap include the ability to handle dictionary files up to 4 TB in size, and support for pulling passwords out of PPTP transactions too. Apparently, lots of people use PPTP (aka "Microsoft VPN") for wireless security, but it suffers from the same MS-CHAPv2 flaws that plague LEAP networks.

Detailed feature list, Microsoft's response to my alerting them to Asleap+PPTP support and download available at http://asleap.sf.net/.

Boring screen-shot attached.

Comments, questions, lewd remarks welcome to jwright@hasborg.com. Thanks.

-Josh

nashr · 12-21-2004

Joshua,

You are da man! I've enjoyed your work (I've been snarfing up your Perl scripts as I learn) and I saw this new release written up this morning at /.

Congrats on your latest work, and thank you for your contributions to the community!!!

ZioPRoTo · 12-21-2004

No brute force option ??

ZioPRoTo

joswr1ght · 12-21-2004

Quote:

Originally Posted by ZioPRoTo

No brute force option ??

I get this question often. I don't think brute-force makes sense with today's computing power and the amount of processing time it takes for MD4 and three DES rounds, but I do have a different option.

The -W parameter for Asleap let's you skip using a genkeys database and index file in lieu of using a straight dictionary file. It also accepts input from STDIN. If you really want to do brute-foce, write a C or Perl script that prints brute-force characters to STDOUT and pipe it to Asleap as such:

Code:

$ cd asleap/
$ perl scripts/morewords.pl ../dict/openwall-list | ./asleap -r ../out.dump -W -
asleap 1.4 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
Using STDIN for words.
Using the passive attack method.

Captured LEAP exchange information:
        username:          NDOMAIN\billybob
        challenge:         0e68d98e546bd0d0
        response:          a43795c112294497983a10065168ab09b0583f79925349a3
        hash bytes:        c915
        Testing 2500000: southland79

Or, you could use John the Ripper to use their built-in (or customized) dictionary permutations:

Code:

$ john -rules -wordfile:wordlist.txt -stdout | ./asleap -r ../out.dump -W -
(omitted)

However, disk space is cheap. If you ever plan to do more than one Asleap attack against a LEAP or PPTP transaction, you might consider dropping the $200 on a 400GB hard drive and just making a big-old dictionary file with John or the morewords.pl script.

Thanks,

-Josh

devine · 12-21-2004

Quote:

Originally Posted by joswr1ght

The cool new things with Asleap include the ability to handle dictionary files up to 4 TB in size, and support for pulling passwords out of PPTP transactions too. Apparently, lots of people use PPTP (aka "Microsoft VPN") for wireless security, but it suffers from the same MS-CHAPv2 flaws that plague LEAP networks.

Impressive! WTG, Josh

12-21-2004	#2 (permalink)
nashr Uber Geek Join Date: Aug 2002 Location: Virginia Posts: 1,615	Joshua, You are da man! I've enjoyed your work (I've been snarfing up your Perl scripts as I learn) and I saw this new release written up this morning at /. Congrats on your latest work, and thank you for your contributions to the community!!! __________________ Help! I've been Simpsonized!

12-21-2004	#3 (permalink)
ZioPRoTo Registered Member Join Date: Jun 2004 Posts: 34	No brute force option ?? ZioPRoTo __________________ See my stupid personal web site! http://zioproto.serveftp.com

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode