Anger v1.33 implements a PPTP challenge/response sniffer. These c/r can be input into L0phtcrack to obtain the password, and b) An active attack on PPTP logons via the MS-CHAP vulnerability to obtain the users password hashes. Notice that this also generates the password hashes of the new password the user wanted to use, which can be put into L0phtcrack to get passwords, into a modified smbclient to logon onto a SMB sever, or into a modified PPP client for use with the Linux PPTP client.
4c21a34d713b5921f0589ac3020b351e9fdcf9c71e20fa4f38ebe79c453e1dbb