Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco LEAP exploit tool...

From: mmo () remote-exploit org
Date: Sun, 11 Apr 2004 15:01:21 +0200
Hi all
---Asleap and developed

by Beyond-Security, actively de-authenticates users, sniffs the network
when the user re-auntheticates, and performs an offline dictionary
attack upon the password."



First of all it is not developed by Beyond-Security.



---

Are theyt talking about the Radius / AAA password? WEP?



LEAP is a Lightweight Extensible Authentication Protocol from CISCO.
It uses challange response, like mschap. Got the same bugs, nothing to
do with Radius or WEP. Get the details on sourceforge.
How long is that effective in LEap. I understand it does the frequency hop 
like the milatary radios and uses an X-Auth backend...
Forget the 802.11b/g does not use frequency hopping. The amount of time to crack is only a few seconds, the major time factor is having the right wordlist to prehash from. If you dont have the password in your list, only bruteforce can help you, so then it depends on the complexity and the length.
How long will it take to crack the password? I know that I locked myself out 
of a windows box once- booted with knoppix and burnt the Sam --

Ok know just run l0phtcrack and i had the password right?
Nothing to do with SAM etc, because it sniffs challange and response and then offline crack it. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: