210 lines
6.9 KiB
Diff
210 lines
6.9 KiB
Diff
|
Binary files ../asleap-2.2.orig/asleap and ./asleap differ
|
||
|
diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c
|
||
|
--- ../asleap-2.2.orig/asleap.c 2020-10-02 14:57:07.512000000 +0300
|
||
|
+++ ./asleap.c 2020-10-02 15:01:55.719000000 +0300
|
||
|
@@ -136,6 +136,7 @@ void usage(char *message)
|
||
|
"\t-V \tPrint program version and exit\n"
|
||
|
"\t-C \tChallenge value in colon-delimited bytes\n"
|
||
|
"\t-R \tResponse value in colon-delimited bytes\n"
|
||
|
+ "\t-U \tUsername (required if PPTP Challenge/Response specified)\n"
|
||
|
"\t-W \tASCII dictionary file (special purpose)\n"
|
||
|
"\t-G \tBruteforce attack\n"
|
||
|
"\t-g \tBruteforce charset (default: a-zA-Z0-9)\n"
|
||
|
@@ -1502,11 +1503,14 @@ int main(int argc, char *argv[])
|
||
|
int ret=0;
|
||
|
extern int success;
|
||
|
uint8_t verifypassword = 0;
|
||
|
+ int username_specified = 0;
|
||
|
|
||
|
memset(dictfile, 0, sizeof(dictfile));
|
||
|
memset(dictidx, 0, sizeof(dictidx));
|
||
|
memset(pcapfile, 0, sizeof(pcapfile));
|
||
|
memset(&asleap, 0, sizeof(asleap));
|
||
|
+ asleap.challenge = asleap.leapchallenge;
|
||
|
+ asleap.response = asleap.leapresponse;
|
||
|
device = NULL;
|
||
|
|
||
|
signal(SIGINT, cleanup);
|
||
|
@@ -1516,57 +1520,94 @@ int main(int argc, char *argv[])
|
||
|
printf("asleap %s - actively recover LEAP/PPTP passwords. "
|
||
|
"<jwright@hasborg.com>\n", VER);
|
||
|
|
||
|
- while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) {
|
||
|
+ while ((c = getopt(argc, argv,
|
||
|
+ "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) {
|
||
|
switch (c) {
|
||
|
case 's':
|
||
|
asleap.skipeapsuccess = 1;
|
||
|
break;
|
||
|
case 'C':
|
||
|
- if (strlen(optarg) == 23) {
|
||
|
- if (str2hex(optarg, asleap.challenge,
|
||
|
- sizeof(asleap.challenge)) < 0) {
|
||
|
+ if (strlen(optarg) == 47) {
|
||
|
+ if (str2hex(optarg, asleap.pptpchallenge,
|
||
|
+ sizeof(asleap.pptpchallenge)) < 0) {
|
||
|
usage("Malformed value specified as "
|
||
|
- "challenge.\n");
|
||
|
+ "pptp challenge.\n");
|
||
|
+ exit(1);
|
||
|
+ }
|
||
|
+ asleap.challenge = asleap.pptpchallenge;
|
||
|
+ asleap.pptpchalfound=1;
|
||
|
+ } else if (strlen(optarg) == 32) {
|
||
|
+ if (decodeHexString(optarg, asleap.pptpchallenge,
|
||
|
+ sizeof(asleap.pptpchallenge)) < 0) {
|
||
|
+ usage("Malformed value specified as "
|
||
|
+ "pptp challenge.\n");
|
||
|
exit(1);
|
||
|
}
|
||
|
+ asleap.challenge = asleap.pptpchallenge;
|
||
|
+ asleap.pptpchalfound=1;
|
||
|
+ } else if (strlen(optarg) == 23) {
|
||
|
+ if (str2hex(optarg, asleap.leapchallenge,
|
||
|
+ sizeof(asleap.leapchallenge)) < 0) {
|
||
|
+ usage("Malformed value specified as "
|
||
|
+ "leap challenge.\n");
|
||
|
+ exit(1);
|
||
|
+ }
|
||
|
+ asleap.leapchalfound=1;
|
||
|
} else if (strlen(optarg) == 16) {
|
||
|
- if (decodeHexString(optarg, asleap.challenge,
|
||
|
- sizeof(asleap.challenge)) < 0) {
|
||
|
+ if (decodeHexString(optarg, asleap.leapchallenge,
|
||
|
+ sizeof(asleap.leapchallenge)) < 0) {
|
||
|
usage("Malformed value specified as "
|
||
|
- "challenge.\n");
|
||
|
+ "leap challenge.\n");
|
||
|
exit(1);
|
||
|
}
|
||
|
+ asleap.leapchalfound=1;
|
||
|
} else {
|
||
|
usage("Incorrect challenge input length "
|
||
|
"specified.\n");
|
||
|
exit(1);
|
||
|
}
|
||
|
-
|
||
|
- asleap.leapchalfound=1;
|
||
|
asleap.manualchalresp=1;
|
||
|
break;
|
||
|
case 'R':
|
||
|
- if (strlen(optarg) == 71) {
|
||
|
- if (str2hex(optarg, asleap.response,
|
||
|
- sizeof(asleap.response)) < 0) {
|
||
|
+ if (strlen(optarg) == 146) {
|
||
|
+ if (str2hex(optarg, asleap.pptpresponse,
|
||
|
+ sizeof(asleap.pptpresponse)) < 0) {
|
||
|
+ usage("Malformed value specified as "
|
||
|
+ "pptp response1.\n");
|
||
|
+ exit(1);
|
||
|
+ }
|
||
|
+ asleap.response = asleap.pptpresponse;
|
||
|
+ asleap.pptprespfound=1;
|
||
|
+ } else if (strlen(optarg) == 98) {
|
||
|
+ if (decodeHexString(optarg, asleap.pptpresponse,
|
||
|
+ sizeof(asleap.pptpresponse)) < 0) {
|
||
|
+ usage("Malformed value specified as "
|
||
|
+ "pptp response2.\n");
|
||
|
+ exit(1);
|
||
|
+ }
|
||
|
+ asleap.response = asleap.pptpresponse;
|
||
|
+ asleap.pptprespfound=1;
|
||
|
+ } else if (strlen(optarg) == 71) {
|
||
|
+ if (str2hex(optarg, asleap.leapresponse,
|
||
|
+ sizeof(asleap.leapresponse)) < 0) {
|
||
|
usage("Malformed value specified as "
|
||
|
- "response.\n");
|
||
|
+ "leap response.\n");
|
||
|
exit(1);
|
||
|
}
|
||
|
+ asleap.leaprespfound=1;
|
||
|
} else if (strlen(optarg) == 48) {
|
||
|
- if (decodeHexString(optarg, asleap.response,
|
||
|
- sizeof(asleap.response)) < 0) {
|
||
|
+ if (decodeHexString(optarg, asleap.leapresponse,
|
||
|
+ sizeof(asleap.leapresponse)) < 0) {
|
||
|
usage("Malformed value specified as "
|
||
|
- "response.\n");
|
||
|
+ "leap response.\n");
|
||
|
exit(1);
|
||
|
}
|
||
|
+ asleap.leaprespfound=1;
|
||
|
} else {
|
||
|
usage("Incorrect response input length "
|
||
|
"specified.\n");
|
||
|
exit(1);
|
||
|
}
|
||
|
-
|
||
|
- asleap.leaprespfound=1;
|
||
|
asleap.manualchalresp=1;
|
||
|
break;
|
||
|
case 'A':
|
||
|
@@ -1613,6 +1654,7 @@ int main(int argc, char *argv[])
|
||
|
break;
|
||
|
case 'U':
|
||
|
memcpy(asleap.username, optarg, strlen(optarg));
|
||
|
+ username_specified=1;
|
||
|
break;
|
||
|
case 'P':
|
||
|
verifypassword = 1;
|
||
|
@@ -1704,7 +1746,7 @@ int main(int argc, char *argv[])
|
||
|
}
|
||
|
}
|
||
|
|
||
|
- if (asleap.leapchalfound && asleap.leaprespfound &&
|
||
|
+ if (asleap.leapchalfound && asleap.leaprespfound &&
|
||
|
asleap.manualchalresp) {
|
||
|
/* User specified manual challenge/response on the command
|
||
|
* line (aka, the "Jay Beale" feature).
|
||
|
@@ -1712,6 +1754,23 @@ int main(int argc, char *argv[])
|
||
|
return(attack_leap(&asleap));
|
||
|
}
|
||
|
|
||
|
+ if (asleap.pptpchalfound && asleap.pptprespfound &&
|
||
|
+ asleap.manualchalresp) {
|
||
|
+ if (!username_specified) {
|
||
|
+ usage("PPTP Challenge/Reponse requires "
|
||
|
+ "Username (-U option) to be specified.\n");
|
||
|
+ exit(1);
|
||
|
+ }
|
||
|
+
|
||
|
+ uint8_t peerresp[24];
|
||
|
+ memcpy(peerresp, asleap.pptpresponse + 24, 24);
|
||
|
+ memcpy(asleap.pptpauthchal, asleap.pptpchallenge, 16);
|
||
|
+ memcpy(asleap.pptppeerchal, asleap.pptpresponse, 16);
|
||
|
+ //memset(asleap.pptpresponse, 0, sizeof(asleap.pptpresponse));
|
||
|
+ memcpy(asleap.pptpresponse, peerresp, 24);
|
||
|
+ return(attack_pptp(&asleap));
|
||
|
+ }
|
||
|
+
|
||
|
if (verifypassword) {
|
||
|
|
||
|
int j;
|
||
|
Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ
|
||
|
diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h
|
||
|
--- ../asleap-2.2.orig/asleap.h 2020-10-02 14:57:07.514000000 +0300
|
||
|
+++ ./asleap.h 2020-10-02 14:05:28.630000000 +0300
|
||
|
@@ -47,8 +47,12 @@
|
||
|
struct asleap_data {
|
||
|
char username[256 + 1];
|
||
|
uint8_t eapid;
|
||
|
- uint8_t challenge[8];
|
||
|
- uint8_t response[24];
|
||
|
+ uint8_t pptpchallenge[16];
|
||
|
+ uint8_t pptpresponse[49];
|
||
|
+ uint8_t leapchallenge[8];
|
||
|
+ uint8_t leapresponse[24];
|
||
|
+ uint8_t *challenge;
|
||
|
+ uint8_t *response;
|
||
|
uint8_t endofhash[2];
|
||
|
char password[32];
|
||
|
uint8_t nthash[16];
|
||
|
Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ
|
||
|
Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ
|
||
|
Binary files ../asleap-2.2.orig/common.o and ./common.o differ
|
||
|
Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ
|
||
|
Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ
|
||
|
Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ
|
||
|
Binary files ../asleap-2.2.orig/.utils.c.un~ and ./.utils.c.un~ differ
|
||
|
Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ
|