Penetration Testing mailing list archives
RE: LEAP
From: "Jerry Shenk" <jshenk () decommunications com>
Date: Wed, 25 Feb 2004 22:13:39 -0500
Joshua stated that this would not be available before April due to wanting to give Cisco a chance to fix things first. In your testing, you should at least be able to collect a number of usernames, domains and MACs. Give the <sarcasm> high quality of user-selected passwords </sarcasm> you may be able to just guess your way into the network without even cracking it. -----Original Message----- From: Chris.McNab () trustmatta com [mailto:Chris.McNab () trustmatta com] Sent: Tuesday, February 24, 2004 11:05 AM To: pen-test () securityfocus com Subject: LEAP Hey, At Defcon last year, Joshua Wright released a paper documenting a number of flaws in LEAP, in particular relating to sniffing the challenge-response traffic, compromising the username, and cracking the user password offline. His paper is available from http://home.jwu.edu/jwright/presentations/asleap-defcon.pdf I am currently undertaking a wireless test for a client who I've found is using LEAP. I've sniffed a number of LEAP challenge-response frames, and it would be great if I could perform some active attacks to spoof LEAP-logoff and STA deauthenticate frames, sniff more LEAP challenge-response traffic, and perform the offline cracking operation as described by Joshua Wright. Joshua wrote a tool called asleap / asleap-imp, which he demonstrated at Defcon, but did not release. I have yet to find asleap available online, although various media sources state that the tool will be available in February. I even mailed Joshua, but he hasn't yet responsed. My question is if anyone knows of any tools or hacks of software like kismet that can perform any element of this LEAP attack? Thanks, Chris Chris McNab Technical Director Matta Consulting Limited 18 Noel Street London W1F 8GN 08700 77 11 00 ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------