Open Rogdham opened 2 years ago
joswr1ght
commented
2 years ago I have seen this error before, I don't think it's something distro-specific. I think the MS-CHAPv2 challenge/response is calculated differently in some situations, though I've never been able to put my finger on exactly how or why.
Can you speak a little more about how you got the challenge and response values in this example? Can you test the sample pcap files to ensure they work as expected?
Thanks!
Rogdham
commented
2 years ago Hello @joswr1ght, there was a famous issue with hostapd-wpe about taking the domain into account when displaying the challenge/response (that I patched a while ago), but I don't think that's it.
On my local machine, asleep is able to find the 2 bytes of the NT just well (exact same command):
$ /asleap -C 53:7a:33:3a:a2:08:38:07 -R 95:e1:4a:5b:6c:0a:18:26:8e:18:7b:da:0b:30:c4:d8:af:d3:38:ad:c5:f3:86:ae
asleap 2.3 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
hash bytes: 4fef
[getmschappw] fopen: No such file or directory
Experienced an error in getmschappw, returned -1.Although with some error, but the hash bytes part is right
In the example, the password is abcd1234 which has b3ec3e03e2a202cbd54fd104b8504fef as NT value, so the last 2 bytes are 4fef as found by my local asleap.
Can you speak a little more about how you got the challenge and response values in this example?
A user of hostapd-wpe captured them in https://github.com/OpenSecurityResearch/hostapd-wpe/issues/32 ; I have been able to check that the challenge-response are valid with my local asleap as well as other tools.
Can you test the sample pcap files to ensure they work as expected?
Output with the sample pcap files on the Kali VM:
┌──(kali㉿kali)-[~/asleap/samples]
└─$ asleap -r joshlea.dump
asleap 2.3 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
Captured LEAP exchange information:
username: jwright
challenge: ceb69885c656590c
response: 7279f65aa49870f45822c89dcbdd73c1b89d377844caead4
Could not recover last 2 bytes of hash from the
challenge/response. Sorry it didn't work out.
┌──(kali㉿kali)-[~/asleap/samples]
└─$ asleap -r leap.dump -s
asleap 2.3 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
Captured LEAP exchange information:
username: qa_leap
challenge: 0786aea0215bc30a
response: 7f6a14f11eeb980fda11bf83a142a8744f00683ad5bc5cb6
Could not recover last 2 bytes of hash from the
challenge/response. Sorry it didn't work out.
┌──(kali㉿kali)-[~/asleap/samples]
└─$ asleap -r leap2.dump -s
asleap 2.3 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
Captured LEAP exchange information:
username: RSAINI
challenge: afe811f2ae948bdb
response: 5b79dab8bf72ed434ebca8a784466bffb28f6e94280c918d
Could not recover last 2 bytes of hash from the
challenge/response. Sorry it didn't work out.
┌──(kali㉿kali)-[~/asleap/samples]
└─$ asleap -r pptp.dump
asleap 2.3 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>
Captured PPTP exchange information:
username: scott
auth challenge: e3a5d0775370bda51e16219a06b0278f
peer challenge: 84c4b33e00d9231645598acf91c38480
peer response: 565fe2492fd5fb88edaec934c00d282c046227406c31609b
challenge: 62f73d590f8b9199
Could not recover last 2 bytes of hash from the
challenge/response. Sorry it didn't work out.
OscarAkaElvis
commented
3 months ago This is still happening in 2024. Current asleap packages in Kali and Parrot security repositories are broken.
asleap 2.3 is failing and old asleap 2.2 is working
Hello, I'm not sure if it's the good place to report, but
asleapcannot find the last 2 bytes of hash when installed from latest Kali. At least this could help future users.This issue was initially reported in https://github.com/OpenSecurityResearch/hostapd-wpe/issues/32 by @AdonisPro.
To reproduce:
sudo apt-get update && sudo apt-get install asleapMore details (for password
abcd1234):I see it's version 2.3 (254acab) but I'm surprised
libxcryptis not reported bylddnordpkg:thinking:@joswr1ght can I let you report this to Kali if you think it's not an issue with
asleapitself?