From: Moonen, Ralph (Moonen.Ralph@kpmg.nl)
Date: Thu Feb 26 2004 - 04:35:44 EST
Yup, check out www.thc.org for a set of leapcracking tools.
> -----Original Message-----
> From: Chris.McNab@trustmatta.com [mailto:Chris.McNab@trustmatta.com]
> Sent: dinsdag 24 februari 2004 17:05
> To: pen-test@securityfocus.com
> Subject: LEAP
>
>
> --- Virus checked / op virussen gecontroleerd ---
>
>
>
>
>
>
> Hey,
>
> At Defcon last year, Joshua Wright released a paper
> documenting a number of
> flaws in LEAP, in particular relating to sniffing the
> challenge-response
> traffic, compromising the username, and cracking the user
> password offline.
> His paper is available from
> http://home.jwu.edu/jwright/presentations/asleap-defcon.pdf
>
> I am currently undertaking a wireless test for a client who
> I've found is
> using LEAP. I've sniffed a number of LEAP challenge-response
> frames, and it
> would be great if I could perform some active attacks to
> spoof LEAP-logoff
> and STA deauthenticate frames, sniff more LEAP
> challenge-response traffic,
> and perform the offline cracking operation as described by
> Joshua Wright.
>
> Joshua wrote a tool called asleap / asleap-imp, which he
> demonstrated at
> Defcon, but did not release. I have yet to find asleap
> available online,
> although various media sources state that the tool will be
> available in
> February. I even mailed Joshua, but he hasn't yet responsed.
>
> My question is if anyone knows of any tools or hacks of software like
> kismet that can perform any element of this LEAP attack?
>
> Thanks,
>
> Chris
>
>
> Chris McNab
> Technical Director
>
> Matta Consulting Limited
> 18 Noel Street
> London W1F 8GN
>
> 08700 77 11 00
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
--------------------------------------------------------------------------------------------------------------------------------------------
De informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend bestemd voor de geadresseerde(n) en zij die van de geadresseerde(n) toestemming hebben dit bericht te lezen. Gebruik door anderen dan geadresseerde(n) is verboden. De informatie in dit e-mailbericht (en de bijlagen) kan vertrouwelijk van aard zijn en kan binnen het bereik vallen van een geheimhoudingsplicht.
KPMG is niet aansprakelijk voor schade ten gevolge van het gebruik van elektronische middelen van communicatie, daaronder begrepen -maar niet beperkt tot- schade ten gevolge van niet aflevering of vertraging bij de aflevering van elektronische berichten, onderschepping of manipulatie van elektronische berichten door derden of door programmatuur/apparatuur gebruikt voor elektronische communicatie en overbrenging van virussen en andere kwaadaardige programmatuur.
Any information transmitted by means of this e-mail (and any of its attachments) is intended exclusively for the addressee or addressees and for those authorized by the addressee or addressees to read this message. Any use by a party other than the addressee or addressees is prohibited. The information contained in this e-mail (or any of its attachments) may be confidential in nature and fall under a duty of non-disclosure.
KPMG shall not be liable for damages resulting from the use of electronic means of communication, including -but not limited to- damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses and other malicious code.
--------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT