Full Disclosure mailing list archives
Re: Cisco LEAP exploit tool...
From: mmo () remote-exploit org
Date: Sun, 11 Apr 2004 15:01:21 +0200
Hi all ---Asleap and developed
by Beyond-Security, actively de-authenticates users, sniffs the network when the user re-auntheticates, and performs an offline dictionary attack upon the password."
First of all it is not developed by Beyond-Security.
--- Are theyt talking about the Radius / AAA password? WEP?
LEAP is a Lightweight Extensible Authentication Protocol from CISCO. It uses challange response, like mschap. Got the same bugs, nothing to do with Radius or WEP. Get the details on sourceforge.
How long is that effective in LEap. I understand it does the frequency hoplike the milatary radios and uses an X-Auth backend...
Forget the 802.11b/g does not use frequency hopping. The amount of time to crack is only a few seconds, the major time factor is having the right wordlist to prehash from. If you dont have the password in your list, only bruteforce can help you, so then it depends on the complexity and the length.
How long will it take to crack the password? I know that I locked myself outof a windows box once- booted with knoppix and burnt the Sam -- Ok know just run l0phtcrack and i had the password right?
Nothing to do with SAM etc, because it sniffs challange and response and then offline crack it.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [inbox] Re: Cisco LEAP exploit tool..., (continued)
- Re: [inbox] Re: Cisco LEAP exploit tool... Dave Howe (Apr 14)
- Re: Cisco LEAP exploit tool... mmo (Apr 14)
- Re: Cisco LEAP exploit tool... Paul Schmehl (Apr 14)
- Re: Cisco LEAP exploit tool... Valdis . Kletnieks (Apr 14)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- Re: Cisco LEAP exploit tool... Paul Schmehl (Apr 14)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- RE: Cisco LEAP exploit tool... Aditya, ALD [Aditya Lalit Deshmukh] (Apr 14)
- Re: Cisco LEAP exploit tool... Chris Adams (Apr 15)
- Re: Cisco LEAP exploit tool... mmo (Apr 11)
- RE: Cisco LEAP exploit tool... Jeff Schreiner (Apr 14)
- RE: Cisco LEAP exploit tool... Dave Horsfall (Apr 14)
- RE: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- RE: Cisco LEAP exploit tool... Jeff Schreiner (Apr 14)
- RE: Cisco LEAP exploit tool... Frank Knobbe (Apr 14)
- RE: Cisco LEAP exploit tool... Byron Copeland (Apr 14)
- Re: Cisco LEAP exploit tool... Valdis . Kletnieks (Apr 15)
- RE: Cisco LEAP exploit tool... Dave Horsfall (Apr 15)
- RE: Cisco LEAP exploit tool... Jeff Schreiner (Apr 15)