kali工具箱

Asleap包装说明

演示专有思科LEAP网络的一个严重缺陷。由于LEAP使用MS-CHAPv2的一个变体的身份验证交换，很容易加速离线字典攻击。 Asleap也可以攻击点点对点隧道协议（PPTP），以及任何MS-CHAPv2的交流，你可以在命令行上指定的挑战和响应值。

资料来源：http://www.willhackforsushi.com/?page_id=41
Asleap首页 | 卡利Asleap回购

作者：约书亚·赖特
许可：GPL第二版

包含在asleap包工具

asleap - 积极恢复LEAP / PPTP密码

[email protected]:~# asleap -h

asleap 2.2 - actively recover LEAP/PPTP passwords. <[email protected]>

Usage: asleap [options]



    -r  Read from a libpcap file

    -i  Interface to capture on

    -f  Dictionary file with NT hashes

    -n  Index file for NT hashes

    -s  Skip the check to make sure authentication was successful

    -h  Output this help information and exit

    -v  Print verbose information (more -v for more verbosity)

    -V  Print program version and exit

    -C  Challenge value in colon-delimited bytes

    -R  Response value in colon-delimited bytes

    -W  ASCII dictionary file (special purpose)

genkeys - 生成asleap查找文件

[email protected]:~# genkeys

genkeys 2.2 - generates lookup file for asleap. <[email protected]>

genkeys: Must supply -r -f and -n

Usage: genkeys [options]



    -r  Input dictionary file, one word per line

    -f  Output pass+hash filename

    -n  Output index filename

    -h  Last 2 hash bytes to filter with (optional)

genkeys用法示例

读在一个词典文件（-r /usr/share/wordlists/nmap.lst），提供输出文件名（-f asleap.dat），和一个输出索引文件名（-n asleap.idx）：

[email protected]:~# genkeys -r /usr/share/wordlists/nmap.lst -f asleap.dat -n asleap.idx

genkeys 2.2 - generates lookup file for asleap. <[email protected]>

Generating hashes for passwords (this may take some time) ...Done.

5085 hashes written in 0.29 seconds:  17463.18 hashes/second

Starting sort (be patient) ...Done.

Completed sort in 16254 compares.

Creating index file (almost finished) ...Done.

asleap用法示例

读捕获文件（-r leap.dump），提供hashfile文件名（-f asleap.dat），该hashfile 指数（-n asleap.idx），并跳过认证检查（-s）：

[email protected]:~# asleap -r leap.dump -f asleap.dat -n asleap.idx -s

asleap 2.2 - actively recover LEAP/PPTP passwords. <[email protected]>



Captured LEAP exchange information:

    username:          qa_leap

    challenge:         0786aea0215bc30a

    response:          7f6a14f11eeb980fda11bf83a142a8744f00683ad5bc5cb6

    hash bytes:        4a39

    NT hash:           a1fc198bdbf5833a56fb40cdd1a64a39

    password:          qaleap