Continuing with the VPN Series, Darren discusses the inherent weaknesses in Microsoft’s PPTP authentication protocol, MS-CHAPv2, and demos a Linux tool that exploits these weaknesses.

Download HD Download MP4 Download XviD Download WMV

Continuing on with our VPN series I find it important to highlight the weaknesses in the protocols we have talked about thus far. In my last segment I highlighted a tool that allows an attacker to easily hijack an SSL session using a man-in-the-middle attack. Couple this with Adito (aka OpenVPN-ALS), my favorite open-source SSL VPN server, and you can see the problem.

But what about the basic Microsoft VPN we setup a few weeks back? The VPN servers that we setup on Windows XP and Server 2003 used either active directory or local windows accounts to authenticate users.

And looking back at our discussions on pwdump, rainbow tables and the like you’ll remember the inherent weaknesses in Windows account credentials.

There are two ways Windows stores a user’s account credentials, or password. LAN Manager hashes which are comprised of watered-down weaksauce and NTLM which are succeptable to time-memory tradeoff attacks.

The default VPN server implemented in Windows XP and Server 2003’s Routing and Remote Access service uses Point-To-Point-Tunneling-Protocol. This is convenient because the Windows clients have supported Microsoft PPTP VPN connections natively since 2000, and in Windows 95/98 with Dual Up Networking version 1.3.

The modern authentication protocol of Microsoft’s PPTP is MS-CHAPv2. This Challenge Handshake Authentication Protocol suffers from inherent weaknesses.

As far back at 1999 these weaknesses have been widely known. If you’re interested in reading more on the cryptanalysis of MS-CHAPv2 there’s a nifty paper written by Bruce Schneier and L0pht that I’ll link in the show notes.

And while other options exist such as Radius, this is still the default option for PPTP authentication in Windows environments.

Joshua Wright, author of coWPAtty (See our segment here), released in 2004 a proof of concept tool to demonstrate weaknesses in LEAP and PPTP protocols.

This tool, ASLEAP, was updated in 2007 to include an option to just crack MS-CHAP v2. Either by examining a packet capture that includes a MS-CHAP handshake ASLEAP or specifying an MS-CHAP challenge and response ASLEAP is able to deduce the username and last two bytes of the NT hash. Using this information, and a dictionary file, ASLEAP is able to brute-force the hash.

PS: Check out

Leave a Reply

Your email address will not be published. Required fields are marked *



  • Awesome show as always. I’m curious to know if you guys have looked at some of Microsoft’s latest VPN technologies? For example SSTP and Direct Access. I just set up a SSTP VPN server for my company, and it seems like M$ finally did a good job in creating a secure VPN. Direct Access seems pretty sound too.

    In fact I think SSTP would not be susceptible to the SSLStrip attack. Have you guys heard anything different?


  • Derek 5 years ago

    Per usual, excellent job in explaining the theory behind the potential attack and all, but you guys have been promising us this Linux device segment for several episodes now…

    Whats up with that?

  • @Derek – It’s coming. It’s done in fact, just a matter of recording it. Consider the promo a tease. We’ll have it either 614 or 615.

    Also, I Sc00bz on the forums posted some code that would convert the challenge and response into the proper format. I’ve tested it and it works. :)

  • Derek 5 years ago

    @Darren – This is why you guys rock. Thanks for responding and keeping us in the loop. Hopefully the new shirts will come in soon so I can support the show a bit. I might even be able to slide a Pineapple purchase past the wife…

  • Are you going to give us another easter egg hunt any time soon. IMO, letting the audience play a part, rather than just consuming the video, makes a good show. I really liked it when you did that a while ago.

  • Dude to much talking and so little doing. Please we dont need to now history just facts and causes. I am sorry but I feel asleep durnig episode 612.

    Thx Prezza

  • ^ I agree.

  • Great show as usual!

  • Henrik 5 years ago

    Hei guys!
    I can’t find the episode where you introduced cuppy :(
    Could someone help me?

    Whould be really appriciated :)

  • Helpful Coward 5 years ago

    The -C and -R options of asleap force the program into LEAP mode as seen by lines 1433 and 1448 of asleap.c. One would need to create two new options to check the PPTP challenge/response lengths and then force PPTP mode by setting asleap.pptpchalfound=1 and asleap.pptprespfound=1.