Penetration Testing mailing list archives
RE: Decrypting PPTP network traffic
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 18 Mar 2010 12:39:41 -0400
Most tools (and there isn't an awful lot of them anyway!) focus on
breaking MS-
CHAP(v1|v2). This seems to be an area where some significant papers were
published
back in the days, but very few tools were actually implemented and
published openly! If you have packet captures of a tunnel initiation, the username is in clear text and you can use asleap (http://www.willhackforsushi.com/?page_id=41) to crack the CHAP challenge/response. PaulM ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Decrypting PPTP network traffic Alexander Perchov (Mar 17)
- RE: Decrypting PPTP network traffic Paul Melson (Mar 18)
- Re: Decrypting PPTP network traffic Alexander Perchov (Mar 23)
- Re: Decrypting PPTP network traffic Paul Melson (Mar 23)
- Message not available
- Re: Decrypting PPTP network traffic Alexander Perchov (Mar 23)
- Re: Decrypting PPTP network traffic Alexander Perchov (Mar 23)
- RE: Decrypting PPTP network traffic Paul Melson (Mar 18)
- <Possible follow-ups>
- Re: Decrypting PPTP network traffic Vivek P Nair (Mar 23)