Asleap Package Description
Demonstrates a serious deficiency in proprietary Cisco LEAP networks. Since LEAP uses a variant of MS-CHAPv2 for the authentication exchange, it is susceptible to accelerated offline dictionary attacks. Asleap can also attack the Point-to-Point Tunneling Protocol (PPTP), and any MS-CHAPv2 exchange where you can specify the challenge and response values on the command line.
Source: http://www.willhackforsushi.com/?page_id=41
Asleap Homepage | Kali Asleap Repo
- Author: Joshua Wright
- License: GPLv2
Tools included in the asleap package
asleap – Actively recover LEAP/PPTP passwords
root@kali:~# asleap -h
asleap 2.2 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
Usage: asleap [options]
-r Read from a libpcap file
-i Interface to capture on
-f Dictionary file with NT hashes
-n Index file for NT hashes
-s Skip the check to make sure authentication was successful
-h Output this help information and exit
-v Print verbose information (more -v for more verbosity)
-V Print program version and exit
-C Challenge value in colon-delimited bytes
-R Response value in colon-delimited bytes
-W ASCII dictionary file (special purpose)
asleap 2.2 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
Usage: asleap [options]
-r Read from a libpcap file
-i Interface to capture on
-f Dictionary file with NT hashes
-n Index file for NT hashes
-s Skip the check to make sure authentication was successful
-h Output this help information and exit
-v Print verbose information (more -v for more verbosity)
-V Print program version and exit
-C Challenge value in colon-delimited bytes
-R Response value in colon-delimited bytes
-W ASCII dictionary file (special purpose)
genkeys – Generates lookup file for asleap
root@kali:~# genkeys
genkeys 2.2 - generates lookup file for asleap. <jwright@hasborg.com>
genkeys: Must supply -r -f and -n
Usage: genkeys [options]
-r Input dictionary file, one word per line
-f Output pass+hash filename
-n Output index filename
-h Last 2 hash bytes to filter with (optional)
genkeys 2.2 - generates lookup file for asleap. <jwright@hasborg.com>
genkeys: Must supply -r -f and -n
Usage: genkeys [options]
-r Input dictionary file, one word per line
-f Output pass+hash filename
-n Output index filename
-h Last 2 hash bytes to filter with (optional)
genkeys Usage Example
Read in a dictionary file (-r /usr/share/wordlists/nmap.lst), provide an output filename (-f asleap.dat), and an output index filename (-n asleap.idx):
root@kali:~# genkeys -r /usr/share/wordlists/nmap.lst -f asleap.dat -n asleap.idx
genkeys 2.2 - generates lookup file for asleap. <jwright@hasborg.com>
Generating hashes for passwords (this may take some time) ...Done.
5085 hashes written in 0.29 seconds: 17463.18 hashes/second
Starting sort (be patient) ...Done.
Completed sort in 16254 compares.
Creating index file (almost finished) ...Done.
genkeys 2.2 - generates lookup file for asleap. <jwright@hasborg.com>
Generating hashes for passwords (this may take some time) ...Done.
5085 hashes written in 0.29 seconds: 17463.18 hashes/second
Starting sort (be patient) ...Done.
Completed sort in 16254 compares.
Creating index file (almost finished) ...Done.
asleap Usage Example
Read a capture file (-r leap.dump), provide the hashfile filename (-f asleap.dat), the hashfile index (-n asleap.idx), and skip the authentication check (-s):
root@kali:~# asleap -r leap.dump -f asleap.dat -n asleap.idx -s
asleap 2.2 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
Captured LEAP exchange information:
username: qa_leap
challenge: 0786aea0215bc30a
response: 7f6a14f11eeb980fda11bf83a142a8744f00683ad5bc5cb6
hash bytes: 4a39
NT hash: a1fc198bdbf5833a56fb40cdd1a64a39
password: qaleap
asleap 2.2 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
Captured LEAP exchange information:
username: qa_leap
challenge: 0786aea0215bc30a
response: 7f6a14f11eeb980fda11bf83a142a8744f00683ad5bc5cb6
hash bytes: 4a39
NT hash: a1fc198bdbf5833a56fb40cdd1a64a39
password: qaleap