def execute(self): inputFile = self._getInputFile() handshakes = MultiChapStateManager() capture = open(inputFile) reader = ChapPacketReader(capture) for packet in reader: handshakes.addHandshakePacket(packet) complete = handshakes.getCompletedHandshakes() for server in complete: for client in complete[server]: print "Got completed handshake [%s --> %s]" % (client, server) c1, c2, c3 = complete[server][client].getCiphertext() plaintext = complete[server][client].getPlaintext() username = complete[server][client].getUserName() k3 = self._getK3(plaintext, c3) print " User = %s" % username print " C1 = %s" % c1.encode("hex") print " C2 = %s" % c2.encode("hex") print " C3 = %s" % c3.encode("hex") print " P = %s" % plaintext.encode("hex") if k3 is not None: print " K3 = %s" % k3.encode("hex") print "CloudCracker Submission = $99$%s" % base64.b64encode("%s%s%s%s" % (plaintext, c1, c2, k3[0:2]))
def execute(self): # For LEAP and MSCHAPv2 (from FreeRADIUS-WPE) - you can provide challenge # (which is really the ChallengeHash) via the command line in XX:XX:XX... format. # There is likely a prettier way to do this, but this should work # if self._checkForChalResp(): plaintext = self._getCmdChal() resp = self._getCmdResp() c1, c2, c3 = resp[0:8], resp[8:16], resp[16:24] k3 = self._getK3(plaintext, c3) print " C1 = %s" % c1.encode("hex") print " C2 = %s" % c2.encode("hex") print " C3 = %s" % c3.encode("hex") print " P = %s" % plaintext.encode("hex") if k3 is not None: print " K3 = %s" % k3.encode("hex") print "CloudCracker Submission = $99$%s" % base64.b64encode("%s%s%s%s" % (plaintext, c1, c2, k3[0:2])) else: # Operate Normally... inputFile = self._getInputFile() handshakes = MultiChapStateManager() capture = open(inputFile) reader = ChapPacketReader(capture) for packet in reader: handshakes.addHandshakePacket(packet) complete = handshakes.getCompletedHandshakes() for server in complete: for client in complete[server]: print "Got completed handshake [%s --> %s]" % (client, server) c1, c2, c3 = complete[server][client].getCiphertext() plaintext = complete[server][client].getPlaintext() username = complete[server][client].getUserName() k3 = self._getK3(plaintext, c3) print " User = %s" % username print " C1 = %s" % c1.encode("hex") print " C2 = %s" % c2.encode("hex") print " C3 = %s" % c3.encode("hex") print " P = %s" % plaintext.encode("hex") if k3 is not None: print " K3 = %s" % k3.encode("hex") print "CloudCracker Submission = $99$%s" % base64.b64encode("%s%s%s%s" % (plaintext, c1, c2, k3[0:2]))
def test_parsing(self): capture = open("tests/pptp.cap") reader = ChapPacketReader(capture) handshakes = MultiChapStateManager() for packet in reader: handshakes.addHandshakePacket(packet) complete = handshakes.getCompletedHandshakes() assert len(complete) == 1 for server in complete: for client in complete[server]: c1, c2, c3 = complete[server][client].getCiphertext() plaintext = complete[server][client].getPlaintext() username = complete[server][client].getUserName() assert username == "moxie" hash = nthash.raw_nthash('bPCFyF2uL1p5Lg5yrKmqmY') print "NT Hash: %s" % binascii.hexlify(hash) key1 = hash[0:7] key1 = des.expand_des_key(key1) key2 = hash[7:14] key2 = des.expand_des_key(key2) key3 = hash[14:16] key3 += (chr(0x00) * 5) key3 = des.expand_des_key(key3) result1 = des.des_encrypt_block(key1, plaintext) result2 = des.des_encrypt_block(key2, plaintext) result3 = des.des_encrypt_block(key3, plaintext) print "DES Encryption 1: %s" % binascii.hexlify(result1) print "C1: %s" % binascii.hexlify(c1) print "C2: %s" % binascii.hexlify(c2) print "C3: %s" % binascii.hexlify(c3) assert result1 == c1 assert result2 == c2 assert result3 == c3
def execute(self): inputFile = self._getInputFile() handshakes = MultiChapStateManager() capture = open(inputFile) reader = ChapPacketReader(capture) for packet in reader: handshakes.addHandshakePacket(packet) complete = handshakes.getCompletedHandshakes() for server in complete: for client in complete[server]: print "Got completed handshake [%s --> %s]" % (client, server) c1, c2, c3 = complete[server][client].getCiphertext() plaintext = complete[server][client].getPlaintext() username = complete[server][client].getUserName() k3 = self._getK3(plaintext, c3) self._printParameters(username, plaintext, c1, c2, c3, k3)