mschapv2acc

MS-CHAP-V2 SHOULD NOT be used...

What?

mschapv2acc is a proof of concept of MS-CHAP-V2 auditing/cracking tool.

It uses old know vulnerability and fast implementation of cryptographic algorithm. The main goal is to show the need to change for other stronger protocol.

So?

Just see...

Standard mode

Improved mode

Install

You need a processor with SSE2 support.
This tool can be compiled with gcc for Linux / Mac OS X.

Just extract the archive:

~$ tar xfvz mschapv2acc-x.y.z.tar.gz
~$ cd mschapv2acc-x.y.z

Or clone with git:

~$ git clone https://github.com/polkaned/mschapv2acc
~$ cd mschapv2acc

Or checkout with subversion:

~$ svn checkout --depth empty https://github.com/polkaned/mschapv2acc
~$ cd mschapv2acc

And execute 'make':

~$ make

Features (or not)

2 main modes : Brute Force mode and Dictionary mode.
To change the charset for the Brute Force mode, modify nbc and caract values in 'mschapv2acc.c' file in source code.

Exemples of uses

Brute force mode

~$ ./mschapv2acc file_auth

Brute force mode with challenge's cryptanalysis enabled

~$ ./mschapv2acc -x file_auth

Brute force mode with SSE2 enabled

~$ ./mschapv2acc -s file_auth

Brute force mode with challenge's cryptanalysis and SSE2 enabled

~$ ./mschapv2acc -x -s file_auth

Dictionary mode

~$ ./mschapv2acc -w dico.txt file_auth

Dictionary mode with challenge's cryptanalysis enabled

~$ ./mschapv2acc -x -w dico.txt file_auth

All the options are listed on the help message printed when you run mschapv2acc with no parameter.

About file_auth

file_auth is a binary dump file containing required MS-CHAP-V2 data.

This file is build as follow:

1 *int = user name length
user_name_lenght *char = user name
16 *unsigned char = auth challenge
16 *unsigned char = peer challenge
8 *unsigned char = challenge
24 *unsigned char = response

To get the file_auth:

use my patch mschapCap4FR1.1.2.patch with this old freeradius version. It puts the mschapv2acc file_auth in /tmp directory.
use wpe2acc (included with mschapv2acc) for converting the FreeRADIUS Wireless Pwnage Edition hex representation of MS-CHAP-V2 information to mschapv2acc file_auth.
use accgen.rb for converting John the Ripper input password file to mschapv2acc file_auth. Seems to be write for this tool: Peap-Karma (relative post)

Related stuff

Paper

MS-CHAP-v2 et 802.11i, le mariage risqué ? MISC 39

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
.github/workflows		.github/workflows
ChangeLog		ChangeLog
Makefile		Makefile
README.md		README.md
des.c		des.c
des.h		des.h
file_auth_test1		file_auth_test1
file_auth_test2		file_auth_test2
md4.c		md4.c
md4.h		md4.h
md4_sse2.S		md4_sse2.S
md4sse2.c		md4sse2.c
md4sse2.h		md4sse2.h
mschapCap4FR1.1.2.patch		mschapCap4FR1.1.2.patch
mschapv2acc.c		mschapv2acc.c
mschapv2lib.c		mschapv2lib.c
mschapv2lib.h		mschapv2lib.h
wpe2acc.c		wpe2acc.c

polkaned/mschapv2acc

Folders and files

Latest commit

History

Repository files navigation

mschapv2acc

What?

So?

Standard mode

Improved mode

Install

Features (or not)

Exemples of uses

About file_auth

Related stuff

Paper

About

Resources

Stars

Watchers

Forks

Languages