Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: MS RAS (pptp + MSCHAPv1)
From: Marc Heuse (Marc.Heusenruns.com)
Date: Fri Jan 28 2005 - 03:24:15 CST
> 1) Fingerprint with ppp, trying to use&verify the many
> authentication protocol available such as CHAP,
> MSCHAPv1, MSCHAPv2; very probably the protocol is
wasnt there a release by team-teso to fingerprint ppp?
their web site is down, but you should be able to find it
in the packetstorm archive.
> 3) Trying to bruteforcing the passwords with
> pptp-bruter. There are other good tools for doing
this came out a few weeks ago:
: THC-pptp-bruter: Brute force program against PPTP VPN Gateways (tcp port 1723).
: Supports latest MSChapV2 authentication. Tested against Windows and Cisco Systems.
: weakness in Microsoft's anti brute-force implementation that makes it possible to
: passwords per second.
I havent tried it, but its the only one I know. it's from www.thc.org
Mobile Phone: +49-160-98925941
Key fingerprint = AE3F CDC0 8C7B 8797 BEAC 4BF8 EC8F E64B 0A84 EA10
From: Maria Da Re [mailto:pentestmlyahoo.it]
Sent: Thursday, 27. January 2005 22:41
Subject: MS RAS (pptp + MSCHAPv1)
I will execute a penetration test on Windows 2000
systems responding in dial-up on different telephone
numbers with pptp protocol handled by Microsoft RAS
(Routing and Remote Access) server.
I think to proceed with an analysis composed by these
1) Fingerprint with ppp, trying to use&verify the many
authentication protocol available such as CHAP,
MSCHAPv1, MSCHAPv2; very probably the protocol is
2) Trying to take advantage of this vulnerability:
www.securityfocus.com/bid/5807. Any suggestion? There
are other vulnerability?
3) Trying to bruteforcing the passwords with
pptp-bruter. There are other good tools for doing
Because i can't access to the shared telephone line, i
can't try man in the middle attacks (decrypting
credentials or implement a fake server to steal
Have you some suggestions? There are other types of
attacks to try or tools to use?
Thanks for sharing your experience
M. Da Re
Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam, Giochi,
Rubrica… Scaricalo ora!