def execute(self):
inputFile = self._getInputFile()
handshakes = MultiChapStateManager()
capture = open(inputFile)
reader = ChapPacketReader(capture)
for packet in reader:
handshakes.addHandshakePacket(packet)
complete = handshakes.getCompletedHandshakes()
for server in complete:
for client in complete[server]:
print "Got completed handshake [%s --> %s]" % (client, server)
c1, c2, c3 = complete[server][client].getCiphertext()
plaintext = complete[server][client].getPlaintext()
username = complete[server][client].getUserName()
k3 = self._getK3(plaintext, c3)
print " User = %s" % username
print " C1 = %s" % c1.encode("hex")
print " C2 = %s" % c2.encode("hex")
print " C3 = %s" % c3.encode("hex")
print " P = %s" % plaintext.encode("hex")
if k3 is not None:
print " K3 = %s" % k3.encode("hex")
print "CloudCracker Submission = $99$%s" % base64.b64encode("%s%s%s%s" % (plaintext, c1, c2, k3[0:2]))
def execute(self):
# For LEAP and MSCHAPv2 (from FreeRADIUS-WPE) - you can provide challenge
# (which is really the ChallengeHash) via the command line in XX:XX:XX... format.
# There is likely a prettier way to do this, but this should work
#
if self._checkForChalResp():
plaintext = self._getCmdChal()
resp = self._getCmdResp()
c1, c2, c3 = resp[0:8], resp[8:16], resp[16:24]
k3 = self._getK3(plaintext, c3)
print " C1 = %s" % c1.encode("hex")
print " C2 = %s" % c2.encode("hex")
print " C3 = %s" % c3.encode("hex")
print " P = %s" % plaintext.encode("hex")
if k3 is not None:
print " K3 = %s" % k3.encode("hex")
print "CloudCracker Submission = $99$%s" % base64.b64encode("%s%s%s%s" % (plaintext, c1, c2, k3[0:2]))
else: # Operate Normally...
inputFile = self._getInputFile()
handshakes = MultiChapStateManager()
capture = open(inputFile)
reader = ChapPacketReader(capture)
for packet in reader:
handshakes.addHandshakePacket(packet)
complete = handshakes.getCompletedHandshakes()
for server in complete:
for client in complete[server]:
print "Got completed handshake [%s --> %s]" % (client, server)
c1, c2, c3 = complete[server][client].getCiphertext()
plaintext = complete[server][client].getPlaintext()
username = complete[server][client].getUserName()
k3 = self._getK3(plaintext, c3)
print " User = %s" % username
print " C1 = %s" % c1.encode("hex")
print " C2 = %s" % c2.encode("hex")
print " C3 = %s" % c3.encode("hex")
print " P = %s" % plaintext.encode("hex")
if k3 is not None:
print " K3 = %s" % k3.encode("hex")
print "CloudCracker Submission = $99$%s" % base64.b64encode("%s%s%s%s" % (plaintext, c1, c2, k3[0:2]))
def test_parsing(self):
capture = open("tests/pptp.cap")
reader = ChapPacketReader(capture)
handshakes = MultiChapStateManager()
for packet in reader:
handshakes.addHandshakePacket(packet)
complete = handshakes.getCompletedHandshakes()
assert len(complete) == 1
for server in complete:
for client in complete[server]:
c1, c2, c3 = complete[server][client].getCiphertext()
plaintext = complete[server][client].getPlaintext()
username = complete[server][client].getUserName()
assert username == "moxie"
hash = nthash.raw_nthash('bPCFyF2uL1p5Lg5yrKmqmY')
print "NT Hash: %s" % binascii.hexlify(hash)
key1 = hash[0:7]
key1 = des.expand_des_key(key1)
key2 = hash[7:14]
key2 = des.expand_des_key(key2)
key3 = hash[14:16]
key3 += (chr(0x00) * 5)
key3 = des.expand_des_key(key3)
result1 = des.des_encrypt_block(key1, plaintext)
result2 = des.des_encrypt_block(key2, plaintext)
result3 = des.des_encrypt_block(key3, plaintext)
print "DES Encryption 1: %s" % binascii.hexlify(result1)
print "C1: %s" % binascii.hexlify(c1)
print "C2: %s" % binascii.hexlify(c2)
print "C3: %s" % binascii.hexlify(c3)
assert result1 == c1
assert result2 == c2
assert result3 == c3
def execute(self):
inputFile = self._getInputFile()
handshakes = MultiChapStateManager()
capture = open(inputFile)
reader = ChapPacketReader(capture)
for packet in reader:
handshakes.addHandshakePacket(packet)
complete = handshakes.getCompletedHandshakes()
for server in complete:
for client in complete[server]:
print "Got completed handshake [%s --> %s]" % (client, server)
c1, c2, c3 = complete[server][client].getCiphertext()
plaintext = complete[server][client].getPlaintext()
username = complete[server][client].getUserName()
k3 = self._getK3(plaintext, c3)
self._printParameters(username, plaintext, c1, c2, c3, k3)
def execute(self):
inputFile = self._getInputFile()
handshakes = MultiChapStateManager()
capture = open(inputFile)
reader = ChapPacketReader(capture)
for packet in reader:
handshakes.addHandshakePacket(packet)
complete = handshakes.getCompletedHandshakes()
for server in complete:
for client in complete[server]:
print "Got completed handshake [%s --> %s]" % (client, server)
c1, c2, c3 = complete[server][client].getCiphertext()
plaintext = complete[server][client].getPlaintext()
username = complete[server][client].getUserName()
k3 = self._getK3(plaintext, c3)
self._printParameters(username, plaintext, c1, c2, c3, k3)
