Anger v1.33 implements a PPTP challenge/response sniffer. These c/r can be input into L0phtcrack to obtain the password, and b) An active attack on PPTP logons via the MS-CHAP vulnerability to obtain the users password hashes. Notice that this also generates the password hashes of the new password the user wanted to use, which can be put into L0phtcrack to get passwords, into a modified smbclient to logon onto a SMB sever, or into a modified PPP client for use with the Linux PPTP client.
4c21a34d713b5921f0589ac3020b351e9fdcf9c71e20fa4f38ebe79c453e1dbbPPTP Challenge/Response Sniffer & Active Attack Addon for L0phtCrack. Basically, it actively attacks PPTP logon via the MS-CHAP password change protocol version 1 to obtain the LANMAN and NT password hashes. Note that once you get the password hashes, you dont even need to crack the passwords to logon onto an SMB server or PPTP server. There is currently no patch from Microsoft to protect against this.
57a68e6ada04d06c4b81a181bf4a0d98e3d76b6fddf9ee4fe0fc52984d7f4e00The original Phrack article called Smashing the Stack for Fun and Profit.
07f340561594d32efbd82143ba755296bf319eea010253a0eb2378832622a292
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed