156 lines
5.5 KiB
Diff
156 lines
5.5 KiB
Diff
Binary files ../asleap-2.2.orig/asleap and ./asleap differ
|
|
diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c
|
|
--- ../asleap-2.2.orig/asleap.c 2020-09-30 15:29:57.712000000 +0300
|
|
+++ ./asleap.c 2020-09-30 15:13:52.758000000 +0300
|
|
@@ -70,9 +70,7 @@ struct pcap_pkthdr h;
|
|
char errbuf[PCAP_ERRBUF_SIZE];
|
|
int success = 0; /* For return status of attack */
|
|
unsigned long pcount=0;
|
|
-/* for password generation */
|
|
-const char * charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
|
-
|
|
+const char *alphanum = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
|
|
|
/* prototypes */
|
|
void usage(char *message);
|
|
@@ -138,7 +136,10 @@ void usage(char *message)
|
|
"\t-V \tPrint program version and exit\n"
|
|
"\t-C \tChallenge value in colon-delimited bytes\n"
|
|
"\t-R \tResponse value in colon-delimited bytes\n"
|
|
- "\t-W \tASCII dictionary file (special purpose)\n" "\n");
|
|
+ "\t-W \tASCII dictionary file (special purpose)\n"
|
|
+ "\t-G \tBruteforce attack\n"
|
|
+ "\t-g \tBruteforce charset (default: a-zA-Z0-9)\n"
|
|
+ "\n");
|
|
}
|
|
|
|
void print_pptpexch(struct asleap_data *asleap_ptr)
|
|
@@ -307,7 +308,7 @@ int testchal(struct asleap_data *asleap_
|
|
int j;
|
|
|
|
DesEncrypt(asleap_ptr->challenge, zpwhash, cipher);
|
|
-
|
|
+/*
|
|
printf("\tgiven hash 1: ");
|
|
for (j = 0; j < 8; j++)
|
|
printf("%02x", cipher[j]);
|
|
@@ -316,12 +317,12 @@ int testchal(struct asleap_data *asleap_
|
|
for (j = 0; j < 8; j++)
|
|
printf("%02x", asleap_ptr->response[j]);
|
|
printf("\n");
|
|
-
|
|
+*/
|
|
if (memcmp(cipher, asleap_ptr->response, 8) != 0)
|
|
return (1);
|
|
|
|
DesEncrypt(asleap_ptr->challenge, zpwhash + 7, cipher);
|
|
-
|
|
+/*
|
|
printf("\tgiven hash 2: ");
|
|
for (j = 0; j < 8; j++)
|
|
printf("%02x", cipher[j]);
|
|
@@ -330,7 +331,7 @@ int testchal(struct asleap_data *asleap_
|
|
for (j = 0; j < 8; j++)
|
|
printf("%02x", asleap_ptr->response[j+8]);
|
|
printf("\n");
|
|
-
|
|
+*/
|
|
if (memcmp(cipher, asleap_ptr->response + 8, 8) != 0)
|
|
return (1);
|
|
|
|
@@ -408,12 +409,13 @@ int trypasswords(struct asleap_data *asl
|
|
/* generate all possible charset combinations */
|
|
int permute(struct asleap_data *asleap_ptr, int level, char * password)
|
|
{
|
|
- const char* charset_ptr = charset;
|
|
+ const char* charset_ptr =
|
|
+ asleap_ptr->custom_charset ? asleap_ptr->charset : alphanum;
|
|
unsigned char pwhash[MD4_SIGNATURE_SIZE];
|
|
|
|
if(level == -1) { /* got generated password */
|
|
/* debug */
|
|
- /* printf("%s\n", password); */
|
|
+ /*printf("%s\n", password);*/
|
|
NtPasswordHash(password, strlen(password), pwhash);
|
|
|
|
if (pwhash[14] != asleap_ptr->endofhash[0] ||
|
|
@@ -1029,14 +1031,16 @@ int attack_leap(struct asleap_data *asle
|
|
}
|
|
|
|
if (asleap->verbose)
|
|
- printf("\tStarting dictionary lookups.\n");
|
|
+ printf(asleap->gen_password
|
|
+ ? "\tStarting bruteforce.\n"
|
|
+ :"\tStarting dictionary lookups.\n");
|
|
|
|
- if (!IsBlank(asleap->wordfile)) {
|
|
+ if (asleap->gen_password) {
|
|
+ /* Attack MS-CHAP exchange with brute-force password generation */
|
|
+ getmschappwret = trypasswords(asleap);
|
|
+ } else if (!IsBlank(asleap->wordfile)) {
|
|
/* Attack MS-CHAP exchange with a straight dictionary list */
|
|
getmschappwret = getmschapbrute(asleap);
|
|
- } else if(asleap->gen_password) {
|
|
- /* Attack MS-CHAP exchange with brute-force password generation */
|
|
- getmschappwret = trypasswords(asleap);
|
|
} else {
|
|
getmschappwret = getmschappw(asleap);
|
|
}
|
|
@@ -1085,7 +1089,10 @@ int attack_pptp(struct asleap_data *asle
|
|
if (asleap->verbose)
|
|
printf("\tStarting dictionary lookups.\n");
|
|
|
|
- if (!IsBlank(asleap->wordfile)) {
|
|
+ if (asleap->gen_password) {
|
|
+ /* Attack MS-CHAP exchange with brute-force password generation */
|
|
+ getmschappwret = trypasswords(asleap);
|
|
+ } else if (!IsBlank(asleap->wordfile)) {
|
|
/* Attack MS-CHAP exchange with a straight dictionary list */
|
|
getmschappwret = getmschapbrute(asleap);
|
|
} else {
|
|
@@ -1509,7 +1516,7 @@ int main(int argc, char *argv[])
|
|
printf("asleap %s - actively recover LEAP/PPTP passwords. "
|
|
"<jwright@hasborg.com>\n", VER);
|
|
|
|
- while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:A:B:U:P:")) != EOF) {
|
|
+ while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) {
|
|
switch (c) {
|
|
case 's':
|
|
asleap.skipeapsuccess = 1;
|
|
@@ -1657,7 +1664,11 @@ int main(int argc, char *argv[])
|
|
break;
|
|
case 'G':
|
|
asleap.gen_password = 1;
|
|
- sscanf(optarg, "%d", &asleap.pass_len); /* save desired password lentgh */
|
|
+ sscanf(optarg, "%d", &asleap.pass_len); /* save desired password length */
|
|
+ break;
|
|
+ case 'g':
|
|
+ asleap.custom_charset = 1;
|
|
+ strncpy(asleap.charset, optarg, sizeof(asleap.charset) - 1);
|
|
break;
|
|
default:
|
|
usage("");
|
|
Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ
|
|
diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h
|
|
--- ../asleap-2.2.orig/asleap.h 2020-09-30 15:29:57.706000000 +0300
|
|
+++ ./asleap.h 2020-09-30 15:09:52.307000000 +0300
|
|
@@ -63,9 +63,11 @@ struct asleap_data {
|
|
int verbose;
|
|
int gen_password;
|
|
int pass_len;
|
|
+ int custom_charset;
|
|
char dictfile[255];
|
|
char dictidx[255];
|
|
char wordfile[255];
|
|
+ char charset[255];
|
|
|
|
/* Tracking values */
|
|
uint8_t leapchalfound;
|
|
Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ
|
|
Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ
|
|
Binary files ../asleap-2.2.orig/common.o and ./common.o differ
|
|
Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ
|
|
Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ
|
|
Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ
|
|
Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ
|