From 49a0da6b137d1e9287d627f8d75d5295fa8226c8 Mon Sep 17 00:00:00 2001 From: Tim Biermann Date: Mon, 15 Feb 2021 09:50:39 +0000 Subject: [PATCH] asleap: deleted unmaintained port --- asleap/.footprint | 4 - asleap/.signature | 10 - asleap/0001-fix-build-for-CRUX.patch | 50 --- ..._simple_password_bruteforcing_option.patch | 131 -------- ...y_to_verify_MSCHAP-V2_authentication.patch | 314 ------------------ ...03_fix_and_improve_bruteforce_option.patch | 155 --------- ...t_and_pptp_chal_resp_cmdline_parsing.patch | 209 ------------ asleap/Pkgfile | 32 -- 8 files changed, 905 deletions(-) delete mode 100644 asleap/.footprint delete mode 100644 asleap/.signature delete mode 100644 asleap/0001-fix-build-for-CRUX.patch delete mode 100644 asleap/001_add_simple_password_bruteforcing_option.patch delete mode 100644 asleap/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch delete mode 100644 asleap/003_fix_and_improve_bruteforce_option.patch delete mode 100644 asleap/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch delete mode 100644 asleap/Pkgfile diff --git a/asleap/.footprint b/asleap/.footprint deleted file mode 100644 index 5366ebe79..000000000 --- a/asleap/.footprint +++ /dev/null @@ -1,4 +0,0 @@ -drwxr-xr-x root/root usr/ -drwxr-xr-x root/root usr/bin/ --rwxr-xr-x root/root usr/bin/asleap --rwxr-xr-x root/root usr/bin/genkeys diff --git a/asleap/.signature b/asleap/.signature deleted file mode 100644 index 31f8f58c4..000000000 --- a/asleap/.signature +++ /dev/null @@ -1,10 +0,0 @@ -untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF38h2kkZiIapG5jZjf/5DOuTAKdFIOfCA0Kx1lIhhZxCqTu5Bk9NAIUkUYpTWVy7O3s5t5oFPE9BLtksdALKT+Qg= -SHA256 (Pkgfile) = 11e1a5d2ce33fff87bfb49e04d61bc4e8060377a5cbf4f0e6cec26b1bde96b0e -SHA256 (.footprint) = b31157fba0cda15600581075a0517c0b713a65e09a1aa1adbd0dbfea51c0414f -SHA256 (asleap-2.2.tgz) = 92beb6495a856884ca343787ab2f7c9d4b9d3aba21526c2e1f6ba38736c67a23 -SHA256 (0001-fix-build-for-CRUX.patch) = 8f3aa419a503a72c2efa941ac0c90d466e045f3c48672a282e60bd1cbc5ee9cc -SHA256 (001_add_simple_password_bruteforcing_option.patch) = 9842820e414927993ddce29964ac351d5662cb627d3690fb6e2acd937166eb1e -SHA256 (002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch) = 3470f6cdabe99642368e1d221c8cfd33ca0bfdf902ce9f16149aa39248d1835e -SHA256 (003_fix_and_improve_bruteforce_option.patch) = 5923f8a90be632d257243aa9c31de7ba9b8865b7fd772748dfd42397b1b8c024 -SHA256 (004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch) = 0f9a96e57a95925716206c6bf06b15ac9c7e82bcaae49e8f3b8b77604e670059 diff --git a/asleap/0001-fix-build-for-CRUX.patch b/asleap/0001-fix-build-for-CRUX.patch deleted file mode 100644 index b2a51d640..000000000 --- a/asleap/0001-fix-build-for-CRUX.patch +++ /dev/null @@ -1,50 +0,0 @@ -From ff9f30db21733aa019c6205536b21c246178d40a Mon Sep 17 00:00:00 2001 -From: Stamatin Cristina -Date: Sun, 20 Sep 2020 19:46:58 +0300 -Subject: [PATCH] fix build for CRUX - ---- - Makefile | 12 ++++++------ - utils.c | 2 +- - 2 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/Makefile b/Makefile -index 5d34ed6..3492abc 100644 ---- a/Makefile -+++ b/Makefile -@@ -7,13 +7,13 @@ - # i think thats all anyone does - # make is a twisted beast - ################################## --LDLIBS = -lpcap -lcrypt --CFLAGS = -pipe -Wall -D_LINUX -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I../../.. --CFLAGS += -D_OPENSSL_MD4 -+LDLIBS = -lpcap -lxcrypt -lssl -+CFLAGS += -D_LINUX -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -+CFLAGS += -D_OPENSSL_MD4 -I/usr/lib/libxcrypt2.4/include -L/usr/lib/libxcrypt2.4 -+CFLAGS += -Wl,-rpath=/usr/lib/libxcrypt2.4 - LDLIBS += -lcrypto --CFLAGS += -g3 -ggdb -g --PROGOBJ = asleap.o genkeys.o utils.o common.o sha1.o --PROG = asleap genkeys -+PROGOBJ = asleap.o genkeys.o utils.o common.o sha1.o -+PROG = asleap genkeys - - all: $(PROG) $(PROGOBJ) - -diff --git a/utils.c b/utils.c -index 4941514..799a2a7 100644 ---- a/utils.c -+++ b/utils.c -@@ -27,7 +27,7 @@ - #include - #include - #include --#include -+#include - #include - #include - #include /* for ntohs() */ --- -2.28.0 - diff --git a/asleap/001_add_simple_password_bruteforcing_option.patch b/asleap/001_add_simple_password_bruteforcing_option.patch deleted file mode 100644 index 09ad82386..000000000 --- a/asleap/001_add_simple_password_bruteforcing_option.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 286cdcb625493b0bf2ab700715785207d51afad4 Mon Sep 17 00:00:00 2001 -From: lager -Date: Wed, 17 Apr 2019 09:30:07 +0200 -Subject: [PATCH] add simple password bruteforcing option - ---- - asleap.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- - asleap.h | 2 ++ - 2 files changed, 63 insertions(+), 1 deletion(-) - -diff --git a/asleap.c b/asleap.c -index f0c8b07..4804346 100644 ---- a/asleap.c -+++ b/asleap.c -@@ -69,6 +69,9 @@ struct pcap_pkthdr h; - char errbuf[PCAP_ERRBUF_SIZE]; - int success = 0; /* For return status of attack */ - unsigned long pcount=0; -+/* for password generation */ -+const char * charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; -+ - - /* prototypes */ - void usage(char *message); -@@ -92,6 +95,8 @@ int testpptpchal(struct asleap_data *asleap_ptr, int plen, int offset); - int testpptpresp(struct asleap_data *asleap_ptr, int plen, int offset); - int testpptpsuccess(struct asleap_data *asleap_ptr, int plen, int offset); - void genchalhash(struct asleap_data *asleap); -+int trypasswords(struct asleap_data *asleap_ptr); -+int permute(struct asleap_data *asleap_ptr, int level, char * password); - - - int stripname(char *name, char *stripname, int snamelen, char delim) -@@ -360,6 +365,54 @@ int getmschapbrute(struct asleap_data *asleap_ptr) - return 0; - } - -+/* try generating passwords and hashes based on command line params */ -+int trypasswords(struct asleap_data *asleap_ptr) -+{ -+ char password[MAX_NT_PASSWORD + 1] = {0}; /* should be dynamically allocated based on input param */ -+ int ret; -+ -+ for(int i = 0; i < asleap_ptr->pass_len; i++) { /* iterate password length from 1 to desired length */ -+ ret = permute(asleap_ptr, i, password); -+ -+ if(ret == 0) -+ printf("no matching password found for length %d\n", i + 1); -+ else -+ return ret; -+ } -+ -+ return ret; -+} -+ -+/* generate all possible charset combinations */ -+int permute(struct asleap_data *asleap_ptr, int level, char * password) -+{ -+ const char* charset_ptr = charset; -+ unsigned char pwhash[MD4_SIGNATURE_SIZE]; -+ -+ if(level == -1) { /* got generated password */ -+ /* debug */ -+ /* printf("%s\n", password); */ -+ NtPasswordHash(password, strlen(password), pwhash); -+ -+ if (pwhash[14] != asleap_ptr->endofhash[0] || -+ pwhash[15] != asleap_ptr->endofhash[1]) -+ return 0; -+ -+ if (testchal(asleap_ptr, pwhash) == 0) { -+ /* Found a matching password! w00t! */ -+ memcpy(asleap_ptr->nthash, pwhash, 16); -+ strncpy(asleap_ptr->password, password, -+ strlen(password)); -+ return (1); -+ } -+ } else -+ while(password[level] = *(charset_ptr++)) /* keep going */ -+ if(permute(asleap_ptr, level - 1, password) == 1) -+ return 1; /* found */ -+ -+ return 0; /* nothing found */ -+} -+ - /* Brute-force all the matching NT hashes to discover the clear-text password */ - int getmschappw(struct asleap_data *asleap_ptr) - { -@@ -942,6 +995,9 @@ int attack_leap(struct asleap_data *asleap) - if (!IsBlank(asleap->wordfile)) { - /* Attack MS-CHAP exchange with a straight dictionary list */ - getmschappwret = getmschapbrute(asleap); -+ } else if(asleap->gen_password) { -+ /* Attack MS-CHAP exchange with brute-force password generation */ -+ getmschappwret = trypasswords(asleap); - } else { - getmschappwret = getmschappw(asleap); - } -@@ -1413,7 +1469,7 @@ int main(int argc, char *argv[]) - printf("asleap %s - actively recover LEAP/PPTP passwords. " - "\n", VER); - -- while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:")) != EOF) { -+ while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:")) != EOF) { - switch (c) { - case 's': - asleap.skipeapsuccess = 1; -@@ -1492,6 +1548,10 @@ int main(int argc, char *argv[]) - strncpy(asleap.wordfile, optarg, - sizeof(asleap.wordfile) - 1); - break; -+ case 'G': -+ asleap.gen_password = 1; -+ sscanf(optarg, "%d", &asleap.pass_len); /* save desired password lentgh */ -+ break; - default: - usage(""); - exit(1); -diff --git a/asleap.h b/asleap.h -index 1225fec..0c3666e 100644 ---- a/asleap.h -+++ b/asleap.h -@@ -61,6 +61,8 @@ struct asleap_data { - int eapsuccess; - int skipeapsuccess; /* Don't bother checking for success after auth */ - int verbose; -+ int gen_password; -+ int pass_len; - char dictfile[255]; - char dictidx[255]; - char wordfile[255]; diff --git a/asleap/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch b/asleap/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch deleted file mode 100644 index b1b46f4af..000000000 --- a/asleap/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch +++ /dev/null @@ -1,314 +0,0 @@ -diff -ur a/asleap.c b/asleap.c ---- a/asleap.c 2019-09-22 16:40:10.211884000 +0300 -+++ b/asleap.c 2019-09-22 16:42:39.063433095 +0300 -@@ -45,6 +45,7 @@ - #include - #include - #include -+#include - - #include "asleap.h" - #include "utils.h" -@@ -303,12 +304,33 @@ - { - - unsigned char cipher[8]; -+ int j; - - DesEncrypt(asleap_ptr->challenge, zpwhash, cipher); -+ -+ printf("\tgiven hash 1: "); -+ for (j = 0; j < 8; j++) -+ printf("%02x", cipher[j]); -+ printf("\n"); -+ printf("\tresponse hash 1: "); -+ for (j = 0; j < 8; j++) -+ printf("%02x", asleap_ptr->response[j]); -+ printf("\n"); -+ - if (memcmp(cipher, asleap_ptr->response, 8) != 0) - return (1); - - DesEncrypt(asleap_ptr->challenge, zpwhash + 7, cipher); -+ -+ printf("\tgiven hash 2: "); -+ for (j = 0; j < 8; j++) -+ printf("%02x", cipher[j]); -+ printf("\n"); -+ printf("\tresponse hash 2: "); -+ for (j = 0; j < 8; j++) -+ printf("%02x", asleap_ptr->response[j+8]); -+ printf("\n"); -+ - if (memcmp(cipher, asleap_ptr->response + 8, 8) != 0) - return (1); - -@@ -948,23 +970,40 @@ - void genchalhash(struct asleap_data *asleap) - { - -- SHA1_CTX context; - unsigned char digest[SHA1_MAC_LEN]; - char strippedname[256]; - int j; - -+ memset(digest, 0, SHA1_MAC_LEN); -+ memset(strippedname, 0, 256); -+ - /* RFC2759 indicates a username "BIGCO\johndoe" must be stripped to - contain only the username for the purposes of generating the 8-byte - challenge. Section 4, */ - stripname(asleap->username, strippedname, sizeof(strippedname), '\\'); - -+/* SHA1_CTX context; - SHA1Init(&context); - SHA1Update(&context, asleap->pptppeerchal, 16); - SHA1Update(&context, asleap->pptpauthchal, 16); - SHA1Update(&context, (uint8_t *)strippedname, strlen(strippedname)); - SHA1Final(digest, &context); - -- memcpy(&asleap->challenge, digest, 8); -+ printf("\tchallenge: "); -+ for (j = 0; j < 8; j++) -+ printf("%02x", digest[j]); -+ printf("\n"); -+ -+ memcpy(asleap->challenge, digest, 8);*/ -+ -+ uint8_t str[300]; -+ memcpy(str, asleap->pptppeerchal, 16); -+ memcpy(str+16, asleap->pptpauthchal, 16); -+ memcpy(str+32, strippedname, strlen(strippedname)); -+ -+ SHA1(str, 32 + strlen(strippedname), digest); -+ -+ memcpy(asleap->challenge, digest, 8); - - printf("\tchallenge: "); - for (j = 0; j < 8; j++) -@@ -1455,6 +1494,7 @@ - unsigned int findlpexchret = 0; - int ret=0; - extern int success; -+ uint8_t verifypassword = 0; - - memset(dictfile, 0, sizeof(dictfile)); - memset(dictidx, 0, sizeof(dictidx)); -@@ -1469,41 +1509,108 @@ - printf("asleap %s - actively recover LEAP/PPTP passwords. " - "\n", VER); - -- while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:")) != EOF) { -+ while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:A:B:U:P:")) != EOF) { - switch (c) { - case 's': - asleap.skipeapsuccess = 1; - break; - case 'C': -- if (strlen(optarg) != 23) { -- usage("Incorrect challenge input length " -- "specified.\n"); -- exit(1); -- } -- if (str2hex(optarg, asleap.challenge, -+ if (strlen(optarg) == 23) { -+ if (str2hex(optarg, asleap.challenge, - sizeof(asleap.challenge)) < 0) { -- usage("Malformed value specified as " -+ usage("Malformed value specified as " - "challenge.\n"); -+ exit(1); -+ } -+ } else if (strlen(optarg) == 16) { -+ if (decodeHexString(optarg, asleap.challenge, -+ sizeof(asleap.challenge)) < 0) { -+ usage("Malformed value specified as " -+ "challenge.\n"); -+ exit(1); -+ } -+ } else { -+ usage("Incorrect challenge input length " -+ "specified.\n"); - exit(1); - } -+ - asleap.leapchalfound=1; - asleap.manualchalresp=1; - break; - case 'R': -- if (strlen(optarg) != 71) { -- usage("Incorrect response input length " -- "specified.\n"); -- exit(1); -- } -- if (str2hex(optarg, asleap.response, -+ if (strlen(optarg) == 71) { -+ if (str2hex(optarg, asleap.response, -+ sizeof(asleap.response)) < 0) { -+ usage("Malformed value specified as " -+ "response.\n"); -+ exit(1); -+ } -+ } else if (strlen(optarg) == 48) { -+ if (decodeHexString(optarg, asleap.response, - sizeof(asleap.response)) < 0) { -- usage("Malformed value specified as " -+ usage("Malformed value specified as " - "response.\n"); -+ exit(1); -+ } -+ } else { -+ usage("Incorrect response input length " -+ "specified.\n"); - exit(1); - } -+ - asleap.leaprespfound=1; - asleap.manualchalresp=1; - break; -+ case 'A': -+ if (strlen(optarg) == 47) { -+ if (str2hex(optarg, asleap.pptppeerchal, -+ sizeof(asleap.pptppeerchal)) < 0) { -+ usage("Malformed value specified as " -+ "challenge.\n"); -+ exit(1); -+ } -+ } else if (strlen(optarg) == 32) { -+ if (decodeHexString(optarg, asleap.pptppeerchal, -+ sizeof(asleap.pptppeerchal)) < 0) { -+ usage("Malformed value specified as " -+ "challenge.\n"); -+ exit(1); -+ } -+ } else { -+ usage("Incorrect challenge input length " -+ "specified.\n"); -+ exit(1); -+ } -+ break; -+ case 'B': -+ if (strlen(optarg) == 47) { -+ if (str2hex(optarg, asleap.pptpauthchal, -+ sizeof(asleap.pptpauthchal)) < 0) { -+ usage("Malformed value specified as " -+ "challenge.\n"); -+ exit(1); -+ } -+ } else if (strlen(optarg) == 32) { -+ if (decodeHexString(optarg, asleap.pptpauthchal, -+ sizeof(asleap.pptpauthchal)) < 0) { -+ usage("Malformed value specified as " -+ "challenge.\n"); -+ exit(1); -+ } -+ } else { -+ usage("Incorrect challenge input length " -+ "specified.\n"); -+ exit(1); -+ } -+ break; -+ case 'U': -+ memcpy(asleap.username, optarg, strlen(optarg)); -+ break; -+ case 'P': -+ verifypassword = 1; -+ memcpy(asleap.password, optarg, strlen(optarg)); -+ break; - case 'i': - if (atoi(optarg) == 0) { - device = optarg; -@@ -1563,7 +1670,7 @@ - strncpy(asleap.dictfile, dictfile, sizeof(asleap.dictfile) - 1); - strncpy(asleap.dictidx, dictidx, sizeof(asleap.dictidx) - 1); - -- if (IsBlank(device) && IsBlank(pcapfile) && !asleap.manualchalresp) { -+ if (IsBlank(device) && IsBlank(pcapfile) && !asleap.manualchalresp && !verifypassword) { - usage ("Must supply an interface with -i, or a stored file " - "with -r"); - exit(1); -@@ -1594,6 +1701,37 @@ - return(attack_leap(&asleap)); - } - -+ if (verifypassword) { -+ -+ int j; -+ -+ genchalhash(&asleap); -+ -+ /*uint8_t challenge[8] = {0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26}; -+ memcpy(asleap.challenge, challenge, 8); -+ -+ printf("\tchallenge: "); -+ for (j = 0; j < 8; j++) -+ printf("%02x", challenge[j]); -+ printf("\n");*/ -+ -+ unsigned char pwhash[MD4_SIGNATURE_SIZE]; -+ NtPasswordHash(asleap.password, strlen(asleap.password), pwhash); -+ -+ int result = testchal(&asleap, pwhash); -+ -+ print_pptpexch(&asleap); -+ -+ printf("\tpassword hash: "); -+ for (j = 0; j < MD4_SIGNATURE_SIZE; j++) -+ printf("%02x", pwhash[j]); -+ printf("\n"); -+ -+ printf("Result is %i\n", result); -+ -+ return 0; -+ } -+ - /* If the user passed the -r flag, open the filename as a captured pcap - file. Otherwise open live from the supplied device name */ - if (!IsBlank(pcapfile)) { -diff -ur a/utils.c b/utils.c ---- a/utils.c 2016-08-30 16:01:23.000000000 +0300 -+++ b/utils.c 2019-09-22 16:41:08.725279000 +0300 -@@ -243,3 +243,35 @@ - - return(1); - } -+ -+int decodeHexString (char *hexstr, uint8_t *result, int len) -+{ -+ char *ptr, *next; -+ unsigned long val; -+ int i; -+ -+ char tmp[3]; -+ tmp[2] = '\0'; -+ -+ if (strlen(hexstr) != 2*len) { -+ errno = EINVAL; -+ return(-1); -+ } -+ -+ ptr = next = hexstr; -+ for(i=0;i < len;i++) { -+ memcpy(tmp, ptr, 2); -+ if((val = strtoul(tmp, NULL, 16)) > 255) { -+ errno = EINVAL; -+ return(-1); -+ } -+ result[i] = (unsigned int)val; -+ ptr += 2; -+ if((ptr[0] == '\0' || ptr[1] == '\0') && (i != len - 1)) { -+ errno = EINVAL; -+ return(-1); -+ } -+ } -+ -+ return(1); -+} -diff -ur a/utils.h b/utils.h ---- a/utils.h 2016-08-30 16:01:23.000000000 +0300 -+++ b/utils.h 2019-09-22 16:41:08.725279000 +0300 -@@ -33,3 +33,4 @@ - int IsBlank(char *s); - char *printmac(unsigned char *mac); - int str2hex (char *string, uint8_t *hexstr, int len); -+int decodeHexString (char *hexstr, uint8_t *result, int len); diff --git a/asleap/003_fix_and_improve_bruteforce_option.patch b/asleap/003_fix_and_improve_bruteforce_option.patch deleted file mode 100644 index 7d9b0a2c6..000000000 --- a/asleap/003_fix_and_improve_bruteforce_option.patch +++ /dev/null @@ -1,155 +0,0 @@ -Binary files ../asleap-2.2.orig/asleap and ./asleap differ -diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c ---- ../asleap-2.2.orig/asleap.c 2020-09-30 15:29:57.712000000 +0300 -+++ ./asleap.c 2020-09-30 15:13:52.758000000 +0300 -@@ -70,9 +70,7 @@ struct pcap_pkthdr h; - char errbuf[PCAP_ERRBUF_SIZE]; - int success = 0; /* For return status of attack */ - unsigned long pcount=0; --/* for password generation */ --const char * charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; -- -+const char *alphanum = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - - /* prototypes */ - void usage(char *message); -@@ -138,7 +136,10 @@ void usage(char *message) - "\t-V \tPrint program version and exit\n" - "\t-C \tChallenge value in colon-delimited bytes\n" - "\t-R \tResponse value in colon-delimited bytes\n" -- "\t-W \tASCII dictionary file (special purpose)\n" "\n"); -+ "\t-W \tASCII dictionary file (special purpose)\n" -+ "\t-G \tBruteforce attack\n" -+ "\t-g \tBruteforce charset (default: a-zA-Z0-9)\n" -+ "\n"); - } - - void print_pptpexch(struct asleap_data *asleap_ptr) -@@ -307,7 +308,7 @@ int testchal(struct asleap_data *asleap_ - int j; - - DesEncrypt(asleap_ptr->challenge, zpwhash, cipher); -- -+/* - printf("\tgiven hash 1: "); - for (j = 0; j < 8; j++) - printf("%02x", cipher[j]); -@@ -316,12 +317,12 @@ int testchal(struct asleap_data *asleap_ - for (j = 0; j < 8; j++) - printf("%02x", asleap_ptr->response[j]); - printf("\n"); -- -+*/ - if (memcmp(cipher, asleap_ptr->response, 8) != 0) - return (1); - - DesEncrypt(asleap_ptr->challenge, zpwhash + 7, cipher); -- -+/* - printf("\tgiven hash 2: "); - for (j = 0; j < 8; j++) - printf("%02x", cipher[j]); -@@ -330,7 +331,7 @@ int testchal(struct asleap_data *asleap_ - for (j = 0; j < 8; j++) - printf("%02x", asleap_ptr->response[j+8]); - printf("\n"); -- -+*/ - if (memcmp(cipher, asleap_ptr->response + 8, 8) != 0) - return (1); - -@@ -408,12 +409,13 @@ int trypasswords(struct asleap_data *asl - /* generate all possible charset combinations */ - int permute(struct asleap_data *asleap_ptr, int level, char * password) - { -- const char* charset_ptr = charset; -+ const char* charset_ptr = -+ asleap_ptr->custom_charset ? asleap_ptr->charset : alphanum; - unsigned char pwhash[MD4_SIGNATURE_SIZE]; - - if(level == -1) { /* got generated password */ - /* debug */ -- /* printf("%s\n", password); */ -+ /*printf("%s\n", password);*/ - NtPasswordHash(password, strlen(password), pwhash); - - if (pwhash[14] != asleap_ptr->endofhash[0] || -@@ -1029,14 +1031,16 @@ int attack_leap(struct asleap_data *asle - } - - if (asleap->verbose) -- printf("\tStarting dictionary lookups.\n"); -+ printf(asleap->gen_password -+ ? "\tStarting bruteforce.\n" -+ :"\tStarting dictionary lookups.\n"); - -- if (!IsBlank(asleap->wordfile)) { -+ if (asleap->gen_password) { -+ /* Attack MS-CHAP exchange with brute-force password generation */ -+ getmschappwret = trypasswords(asleap); -+ } else if (!IsBlank(asleap->wordfile)) { - /* Attack MS-CHAP exchange with a straight dictionary list */ - getmschappwret = getmschapbrute(asleap); -- } else if(asleap->gen_password) { -- /* Attack MS-CHAP exchange with brute-force password generation */ -- getmschappwret = trypasswords(asleap); - } else { - getmschappwret = getmschappw(asleap); - } -@@ -1085,7 +1089,10 @@ int attack_pptp(struct asleap_data *asle - if (asleap->verbose) - printf("\tStarting dictionary lookups.\n"); - -- if (!IsBlank(asleap->wordfile)) { -+ if (asleap->gen_password) { -+ /* Attack MS-CHAP exchange with brute-force password generation */ -+ getmschappwret = trypasswords(asleap); -+ } else if (!IsBlank(asleap->wordfile)) { - /* Attack MS-CHAP exchange with a straight dictionary list */ - getmschappwret = getmschapbrute(asleap); - } else { -@@ -1509,7 +1516,7 @@ int main(int argc, char *argv[]) - printf("asleap %s - actively recover LEAP/PPTP passwords. " - "\n", VER); - -- while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:A:B:U:P:")) != EOF) { -+ while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) { - switch (c) { - case 's': - asleap.skipeapsuccess = 1; -@@ -1657,7 +1664,11 @@ int main(int argc, char *argv[]) - break; - case 'G': - asleap.gen_password = 1; -- sscanf(optarg, "%d", &asleap.pass_len); /* save desired password lentgh */ -+ sscanf(optarg, "%d", &asleap.pass_len); /* save desired password length */ -+ break; -+ case 'g': -+ asleap.custom_charset = 1; -+ strncpy(asleap.charset, optarg, sizeof(asleap.charset) - 1); - break; - default: - usage(""); -Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ -diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h ---- ../asleap-2.2.orig/asleap.h 2020-09-30 15:29:57.706000000 +0300 -+++ ./asleap.h 2020-09-30 15:09:52.307000000 +0300 -@@ -63,9 +63,11 @@ struct asleap_data { - int verbose; - int gen_password; - int pass_len; -+ int custom_charset; - char dictfile[255]; - char dictidx[255]; - char wordfile[255]; -+ char charset[255]; - - /* Tracking values */ - uint8_t leapchalfound; -Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ -Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ -Binary files ../asleap-2.2.orig/common.o and ./common.o differ -Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ -Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ -Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ -Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ diff --git a/asleap/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch b/asleap/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch deleted file mode 100644 index 884b217cc..000000000 --- a/asleap/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch +++ /dev/null @@ -1,209 +0,0 @@ -Binary files ../asleap-2.2.orig/asleap and ./asleap differ -diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c ---- ../asleap-2.2.orig/asleap.c 2020-10-02 14:57:07.512000000 +0300 -+++ ./asleap.c 2020-10-02 15:01:55.719000000 +0300 -@@ -136,6 +136,7 @@ void usage(char *message) - "\t-V \tPrint program version and exit\n" - "\t-C \tChallenge value in colon-delimited bytes\n" - "\t-R \tResponse value in colon-delimited bytes\n" -+ "\t-U \tUsername (required if PPTP Challenge/Response specified)\n" - "\t-W \tASCII dictionary file (special purpose)\n" - "\t-G \tBruteforce attack\n" - "\t-g \tBruteforce charset (default: a-zA-Z0-9)\n" -@@ -1502,11 +1503,14 @@ int main(int argc, char *argv[]) - int ret=0; - extern int success; - uint8_t verifypassword = 0; -+ int username_specified = 0; - - memset(dictfile, 0, sizeof(dictfile)); - memset(dictidx, 0, sizeof(dictidx)); - memset(pcapfile, 0, sizeof(pcapfile)); - memset(&asleap, 0, sizeof(asleap)); -+ asleap.challenge = asleap.leapchallenge; -+ asleap.response = asleap.leapresponse; - device = NULL; - - signal(SIGINT, cleanup); -@@ -1516,57 +1520,94 @@ int main(int argc, char *argv[]) - printf("asleap %s - actively recover LEAP/PPTP passwords. " - "\n", VER); - -- while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) { -+ while ((c = getopt(argc, argv, -+ "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) { - switch (c) { - case 's': - asleap.skipeapsuccess = 1; - break; - case 'C': -- if (strlen(optarg) == 23) { -- if (str2hex(optarg, asleap.challenge, -- sizeof(asleap.challenge)) < 0) { -+ if (strlen(optarg) == 47) { -+ if (str2hex(optarg, asleap.pptpchallenge, -+ sizeof(asleap.pptpchallenge)) < 0) { - usage("Malformed value specified as " -- "challenge.\n"); -+ "pptp challenge.\n"); -+ exit(1); -+ } -+ asleap.challenge = asleap.pptpchallenge; -+ asleap.pptpchalfound=1; -+ } else if (strlen(optarg) == 32) { -+ if (decodeHexString(optarg, asleap.pptpchallenge, -+ sizeof(asleap.pptpchallenge)) < 0) { -+ usage("Malformed value specified as " -+ "pptp challenge.\n"); - exit(1); - } -+ asleap.challenge = asleap.pptpchallenge; -+ asleap.pptpchalfound=1; -+ } else if (strlen(optarg) == 23) { -+ if (str2hex(optarg, asleap.leapchallenge, -+ sizeof(asleap.leapchallenge)) < 0) { -+ usage("Malformed value specified as " -+ "leap challenge.\n"); -+ exit(1); -+ } -+ asleap.leapchalfound=1; - } else if (strlen(optarg) == 16) { -- if (decodeHexString(optarg, asleap.challenge, -- sizeof(asleap.challenge)) < 0) { -+ if (decodeHexString(optarg, asleap.leapchallenge, -+ sizeof(asleap.leapchallenge)) < 0) { - usage("Malformed value specified as " -- "challenge.\n"); -+ "leap challenge.\n"); - exit(1); - } -+ asleap.leapchalfound=1; - } else { - usage("Incorrect challenge input length " - "specified.\n"); - exit(1); - } -- -- asleap.leapchalfound=1; - asleap.manualchalresp=1; - break; - case 'R': -- if (strlen(optarg) == 71) { -- if (str2hex(optarg, asleap.response, -- sizeof(asleap.response)) < 0) { -+ if (strlen(optarg) == 146) { -+ if (str2hex(optarg, asleap.pptpresponse, -+ sizeof(asleap.pptpresponse)) < 0) { -+ usage("Malformed value specified as " -+ "pptp response1.\n"); -+ exit(1); -+ } -+ asleap.response = asleap.pptpresponse; -+ asleap.pptprespfound=1; -+ } else if (strlen(optarg) == 98) { -+ if (decodeHexString(optarg, asleap.pptpresponse, -+ sizeof(asleap.pptpresponse)) < 0) { -+ usage("Malformed value specified as " -+ "pptp response2.\n"); -+ exit(1); -+ } -+ asleap.response = asleap.pptpresponse; -+ asleap.pptprespfound=1; -+ } else if (strlen(optarg) == 71) { -+ if (str2hex(optarg, asleap.leapresponse, -+ sizeof(asleap.leapresponse)) < 0) { - usage("Malformed value specified as " -- "response.\n"); -+ "leap response.\n"); - exit(1); - } -+ asleap.leaprespfound=1; - } else if (strlen(optarg) == 48) { -- if (decodeHexString(optarg, asleap.response, -- sizeof(asleap.response)) < 0) { -+ if (decodeHexString(optarg, asleap.leapresponse, -+ sizeof(asleap.leapresponse)) < 0) { - usage("Malformed value specified as " -- "response.\n"); -+ "leap response.\n"); - exit(1); - } -+ asleap.leaprespfound=1; - } else { - usage("Incorrect response input length " - "specified.\n"); - exit(1); - } -- -- asleap.leaprespfound=1; - asleap.manualchalresp=1; - break; - case 'A': -@@ -1613,6 +1654,7 @@ int main(int argc, char *argv[]) - break; - case 'U': - memcpy(asleap.username, optarg, strlen(optarg)); -+ username_specified=1; - break; - case 'P': - verifypassword = 1; -@@ -1704,7 +1746,7 @@ int main(int argc, char *argv[]) - } - } - -- if (asleap.leapchalfound && asleap.leaprespfound && -+ if (asleap.leapchalfound && asleap.leaprespfound && - asleap.manualchalresp) { - /* User specified manual challenge/response on the command - * line (aka, the "Jay Beale" feature). -@@ -1712,6 +1754,23 @@ int main(int argc, char *argv[]) - return(attack_leap(&asleap)); - } - -+ if (asleap.pptpchalfound && asleap.pptprespfound && -+ asleap.manualchalresp) { -+ if (!username_specified) { -+ usage("PPTP Challenge/Reponse requires " -+ "Username (-U option) to be specified.\n"); -+ exit(1); -+ } -+ -+ uint8_t peerresp[24]; -+ memcpy(peerresp, asleap.pptpresponse + 24, 24); -+ memcpy(asleap.pptpauthchal, asleap.pptpchallenge, 16); -+ memcpy(asleap.pptppeerchal, asleap.pptpresponse, 16); -+ //memset(asleap.pptpresponse, 0, sizeof(asleap.pptpresponse)); -+ memcpy(asleap.pptpresponse, peerresp, 24); -+ return(attack_pptp(&asleap)); -+ } -+ - if (verifypassword) { - - int j; -Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ -diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h ---- ../asleap-2.2.orig/asleap.h 2020-10-02 14:57:07.514000000 +0300 -+++ ./asleap.h 2020-10-02 14:05:28.630000000 +0300 -@@ -47,8 +47,12 @@ - struct asleap_data { - char username[256 + 1]; - uint8_t eapid; -- uint8_t challenge[8]; -- uint8_t response[24]; -+ uint8_t pptpchallenge[16]; -+ uint8_t pptpresponse[49]; -+ uint8_t leapchallenge[8]; -+ uint8_t leapresponse[24]; -+ uint8_t *challenge; -+ uint8_t *response; - uint8_t endofhash[2]; - char password[32]; - uint8_t nthash[16]; -Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ -Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ -Binary files ../asleap-2.2.orig/common.o and ./common.o differ -Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ -Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ -Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ -Binary files ../asleap-2.2.orig/.utils.c.un~ and ./.utils.c.un~ differ -Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ diff --git a/asleap/Pkgfile b/asleap/Pkgfile deleted file mode 100644 index 909507045..000000000 --- a/asleap/Pkgfile +++ /dev/null @@ -1,32 +0,0 @@ -# Description: Actively recover LEAP/PPTP passwords -# URL: https://www.willhackforsushi.com/?page_id=41 -# Maintainer: UNMAINTAINED -# Depends on: openssl libpcap libxcrypt2.4 - -name=asleap -version=2.2 -release=1 -source=(http://www.willhackforsushi.com/code/$name/$version/$name-$version.tgz - 0001-fix-build-for-CRUX.patch - 001_add_simple_password_bruteforcing_option.patch - 002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch - 003_fix_and_improve_bruteforce_option.patch - 004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch) - -build() { - cd $name-$version - - patch -p1 -i $SRC/0001-fix-build-for-CRUX.patch - patch -p1 -i $SRC/001_add_simple_password_bruteforcing_option.patch - patch -p1 -i $SRC/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch - patch -p1 -i $SRC/003_fix_and_improve_bruteforce_option.patch - patch -p1 -i $SRC/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch - - sed -i -e "s/#define VER \"\(.*\)\"/#define VER \"${version}.${release}\"/" \ - version.h - - make - - install -D asleap $PKG/usr/bin/asleap - install -D genkeys $PKG/usr/bin/genkeys -}