Kali Linux Tools : ASLEAP
Demonstrates a serious deficiency in proprietary Cisco LEAP networks. Since LEAP uses a variant of MS-CHAPv2 for the authentication exchange, it is susceptible to accelerated offline dictionary attacks. Asleap can also attack the Point-to-Point Tunneling Protocol (PPTP), and any MS-CHAPv2 exchange where you can specify the challenge and response values on the command line.
Tools included in the Asleap
asleap – Actively recover LEAP/PPTP passwords
[email protected]:~# asleap -h
-r Read from a libpcap file -i Interface to capture on -f Dictionary file with NT hashes -n Index file for NT hashes -s Skip the check to make sure authentication was successful -h Output this help information and exit -v Print verbose information (more -v for more verbosity) -V Print program version and exit -C Challenge value in colon-delimited bytes -R Response value in colon-delimited bytes -W ASCII dictionary file (special purpose)
genkeys – Generates lookup file for asleap
[email protected]:~# genkeys
-r Input dictionary file, one word per line -f Output pass+hash filename -n Output index filename -h Last 2 hash bytes to filter with (optional)
Asleap and genkeys Usage Example
Read in a dictionary file (-r /usr/share/wordlists/nmap.lst), provide an output filename (-f asleap.dat), and an output index filename (-n asleap.idx):
[email protected]:~# genkeys -r /usr/share/wordlists/nmap.lst -f asleap.dat -n asleap.idx genkeys 2.2 - generates lookup file for asleap. <[email protected]> Generating hashes for passwords (this may take some time
hack) ...Done. 5085 hashes written in 0.29 seconds: 17463.18 hashes/second Starting sort (be patient) ...Done. Completed sort in 16254 compares. Creating index file (almost finished) ...Done.
Read a capture file (-r leap.dump), provide the hashfile filename (-f asleap.dat), the hashfile index (-n asleap.idx), and skip the authentication check (-s):
[email protected]:~# asleap -r leap.dump -f asleap.dat -n asleap.idx -s asleap 2.2 - actively recover LEAP/PPTP passwords. <[email protected]> Captured LEAP exchange information: username: qa_leap challenge: 0786aea0215bc30a response: 7f6a14f11eeb980fda11bf83a142a8744f00683ad5bc5cb6 hash bytes: 4a39 NT hash: a1fc198bdbf5833a56fb40cdd1a64a39 password: qaleap
Click the Next Button to Continue Reading …
How To Use Asleap on Kali Linux
All the steps for this tutorial are explained on a Video on our Youtube Channel you can subscribe to it by this link they are many other tutorials that you can learn about bypassing and hacking and others basics tutorials about kali linux (Kali Sana).
Disclaimer: This tutorial is for educational purposes only and we are NOT responsible in any way for how this information is used, use it at your own risk.
If you have encountered a problem or you have any questions or remarks please feel free to set a comment.
If this article helped you to solve your problem please feel free to Share it with your friends. with Love and Prosperity K4LINUX-TEAM.
Source : Asleap