asleap: bump to 2.2_p20160730; fix errors while building; add community patches

2026-04-17 20:30:58 +02:00 · 2019-09-21 17:50:34 +03:00 · 2019-09-21 17:50:34 +03:00 · 4affce229b
commit 4affce229b
parent 66e7b10685
6 changed files with 527 additions and 21 deletions
--- a/app-crypt/asleap/Manifest
+++ b/app-crypt/asleap/Manifest
@ -1 +1 @@
-DIST asleap-2.2.tgz 110622 SHA256 92beb6495a856884ca343787ab2f7c9d4b9d3aba21526c2e1f6ba38736c67a23
+DIST asleap-2.2_p20160730.tar.gz 111453 BLAKE2B 1eaff9fa5bf9e47f5df76cac1a97be555570a060ae0184666bb6fa612292b102cbb9675e2b6486f2f871fe1e866339dda942494c6da6bb5ddbb60a0994aa868c SHA512 22dee22753f229adb882788a8e2b0b1e737c52ec908b40f4a683ea527066f2cd829e98e73a7446aa63a82db49608fdb56b2593d3b46f6977e8e390f8f0a1c896
--- a/app-crypt/asleap/asleap-2.2.ebuild
+++ b/app-crypt/asleap/asleap-2.2.ebuild
@ -1,20 +0,0 @@
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: $
-
-DESCRIPTION="exploiting cisco leap; As in asleap behind the wheel."
-HOMEPAGE="http://www.willhackforsushi.com/Asleap.html"
-SRC_URI="http://www.willhackforsushi.com/code/asleap/2.2/${P}.tgz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="x86 amd64 arm"
-IUSE=""
-RDEPEND="net-libs/libpcap"
-DEPEND="${RDEPEND}"
-
-src_install() {
-	dosbin asleap
-	dobin genkeys
-	dodoc THANKS README || die
-}
--- a/app-crypt/asleap/asleap-2.2_p20160730.ebuild
+++ b/app-crypt/asleap/asleap-2.2_p20160730.ebuild
@ -0,0 +1,45 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic toolchain-funcs
+
+DESCRIPTION="Cisco LEAP and Generic MS-CHAPv2 Dictionary Attack"
+HOMEPAGE="https://github.com/joswr1ght/asleap"
+
+HASH_COMMIT="f8229d2fd800b36b34699a19f50a35981b1dcb49" # 20160730
+SRC_URI="https://github.com/joswr1ght/asleap/archive/${HASH_COMMIT}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+RDEPEND="
+	dev-libs/openssl
+	net-libs/libpcap
+	sys-libs/libxcrypt"
+
+DEPEND="${RDEPEND}"
+
+S="${WORKDIR}/${PN}-${HASH_COMMIT}"
+
+src_prepare() {
+	eapply "${FILESDIR}"
+
+	sed -e "s/-pipe//;s/-Wall//;s/-g3 -ggdb -g/${CFLAGS}/" \
+		-i Makefile || die
+
+	default
+}
+
+src_compile() {
+	emake CC=$(tc-getCC)
+}
+
+src_install() {
+	dosbin asleap
+	newbin genkeys asleap-genkeys
+	dodoc THANKS README
+}
--- a/app-crypt/asleap/files/001_add_simple_password_bruteforcing_option.patch
+++ b/app-crypt/asleap/files/001_add_simple_password_bruteforcing_option.patch
@ -0,0 +1,131 @@
+From 286cdcb625493b0bf2ab700715785207d51afad4 Mon Sep 17 00:00:00 2001
+From: lager <machv@cesnet.cz>
+Date: Wed, 17 Apr 2019 09:30:07 +0200
+Subject: [PATCH] add simple password bruteforcing option
+
+---
+ asleap.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ asleap.h |  2 ++
+ 2 files changed, 63 insertions(+), 1 deletion(-)
+
+diff --git a/asleap.c b/asleap.c
+index f0c8b07..4804346 100644
+--- a/asleap.c
+++ b/asleap.c
+@@ -69,6 +69,9 @@ struct pcap_pkthdr h;
+ char errbuf[PCAP_ERRBUF_SIZE];
+ int success = 0; /* For return status of attack */
+ unsigned long pcount=0;
+/* for password generation */
+const char * charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+
+ 
+ /* prototypes */
+ void usage(char *message);
+@@ -92,6 +95,8 @@ int testpptpchal(struct asleap_data *asleap_ptr, int plen, int offset);
+ int testpptpresp(struct asleap_data *asleap_ptr, int plen,  int offset);
+ int testpptpsuccess(struct asleap_data *asleap_ptr, int plen, int offset);
+ void genchalhash(struct asleap_data *asleap);
+int trypasswords(struct asleap_data *asleap_ptr);
+int permute(struct asleap_data *asleap_ptr, int level, char * password);
+ 
+ 
+ int stripname(char *name, char *stripname, int snamelen, char delim)
+@@ -360,6 +365,54 @@ int getmschapbrute(struct asleap_data *asleap_ptr)
+ 	return 0;
+ }
+ 
+/* try generating passwords and hashes based on command line params */
+int trypasswords(struct asleap_data *asleap_ptr)
+{
+	char password[MAX_NT_PASSWORD + 1] = {0};		/* should be dynamically allocated based on input param */
+	int ret;
+
+	for(int i = 0; i < asleap_ptr->pass_len; i++) {		/* iterate password length from 1 to desired length */
+		ret = permute(asleap_ptr, i, password);
+
+		if(ret == 0)
+			printf("no matching password found for length %d\n", i + 1);
+		else
+			return ret;
+	}
+
+	return ret;
+}
+
+/* generate all possible charset combinations */
+int permute(struct asleap_data *asleap_ptr, int level, char * password)
+{
+	const char* charset_ptr = charset;
+	unsigned char pwhash[MD4_SIGNATURE_SIZE];
+
+	if(level == -1) {	/* got generated password */
+		/* debug */
+		/* printf("%s\n", password); */
+		NtPasswordHash(password, strlen(password), pwhash);
+
+		if (pwhash[14] != asleap_ptr->endofhash[0] ||
+		    pwhash[15] != asleap_ptr->endofhash[1])
+			return 0;
+
+		if (testchal(asleap_ptr, pwhash) == 0) {
+			/* Found a matching password! w00t! */
+			memcpy(asleap_ptr->nthash, pwhash, 16);
+			strncpy(asleap_ptr->password, password,
+				strlen(password));
+			return (1);
+		}
+	} else
+		while(password[level] = *(charset_ptr++))	/* keep going */
+			if(permute(asleap_ptr, level - 1, password) == 1)
+				return 1;		/* found */
+
+	return 0;	/* nothing found */
+}
+
+ /* Brute-force all the matching NT hashes to discover the clear-text password */
+ int getmschappw(struct asleap_data *asleap_ptr)
+ {
+@@ -942,6 +995,9 @@ int attack_leap(struct asleap_data *asleap)
+ 	if (!IsBlank(asleap->wordfile)) {
+ 		/* Attack MS-CHAP exchange with a straight dictionary list */
+ 		getmschappwret = getmschapbrute(asleap);
+	} else if(asleap->gen_password) {
+		/* Attack MS-CHAP exchange with brute-force password generation */
+	    getmschappwret = trypasswords(asleap);
+ 	} else {
+ 		getmschappwret = getmschappw(asleap);
+ 	}
+@@ -1413,7 +1469,7 @@ int main(int argc, char *argv[])
+ 	printf("asleap %s - actively recover LEAP/PPTP passwords. "
+ 	       "<jwright@hasborg.com>\n", VER);
+ 
+-	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:")) != EOF) {
+	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:")) != EOF) {
+ 		switch (c) {
+ 		case 's':
+ 			asleap.skipeapsuccess = 1;
+@@ -1492,6 +1548,10 @@ int main(int argc, char *argv[])
+ 			strncpy(asleap.wordfile, optarg, 
+ 					sizeof(asleap.wordfile) - 1);
+ 			break;
+		case 'G':
+			asleap.gen_password = 1;
+			sscanf(optarg, "%d", &asleap.pass_len); /* save desired password lentgh */
+			break;
+ 		default:
+ 			usage("");
+ 			exit(1);
+diff --git a/asleap.h b/asleap.h
+index 1225fec..0c3666e 100644
+--- a/asleap.h
+++ b/asleap.h
+@@ -61,6 +61,8 @@ struct asleap_data {
+ 	int eapsuccess;
+ 	int skipeapsuccess;	/* Don't bother checking for success after auth */
+ 	int verbose;
+	int gen_password;
+	int pass_len;
+ 	char dictfile[255];
+ 	char dictidx[255];
+ 	char wordfile[255];
--- a/app-crypt/asleap/files/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch
+++ b/app-crypt/asleap/files/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch
@ -0,0 +1,326 @@
+diff -ur a/asleap.c b/asleap.c
+--- a/asleap.c	2019-09-21 17:06:53.618088000 +0300
+++ b/asleap.c	2019-09-21 17:39:01.259048608 +0300
+@@ -45,6 +45,7 @@
+ #include <netpacket/packet.h>
+ #include <linux/if.h>
+ #include <linux/wireless.h>
+#include <openssl/sha.h>
+ 
+ #include "asleap.h"
+ #include "utils.h"
+@@ -303,12 +304,33 @@
+ {
+ 
+ 	unsigned char cipher[8];
+	int j;
+ 
+ 	DesEncrypt(asleap_ptr->challenge, zpwhash, cipher);
+
+	printf("\tgiven hash 1:      ");
+	for (j = 0; j < 8; j++)
+		printf("%02x", cipher[j]);
+	printf("\n");
+	printf("\tresponse hash 1:   ");
+	for (j = 0; j < 8; j++)
+		printf("%02x", asleap_ptr->response[j]);
+	printf("\n");
+
+ 	if (memcmp(cipher, asleap_ptr->response, 8) != 0)
+ 		return (1);
+ 
+ 	DesEncrypt(asleap_ptr->challenge, zpwhash + 7, cipher);
+
+	printf("\tgiven hash 2:      ");
+	for (j = 0; j < 8; j++)
+		printf("%02x", cipher[j]);
+	printf("\n");
+	printf("\tresponse hash 2:   ");
+	for (j = 0; j < 8; j++)
+		printf("%02x", asleap_ptr->response[j+8]);
+	printf("\n");
+
+ 	if (memcmp(cipher, asleap_ptr->response + 8, 8) != 0)
+ 		return (1);
+ 
+@@ -948,23 +970,40 @@
+ void genchalhash(struct asleap_data *asleap)
+ {
+ 
+-	SHA1_CTX context;
+ 	unsigned char digest[SHA1_MAC_LEN];
+ 	char strippedname[256];
+ 	int j;
+ 
+	memset(digest, 0, SHA1_MAC_LEN);
+	memset(strippedname, 0, 256);
+
+ 	/* RFC2759 indicates a username "BIGCO\johndoe" must be stripped to 
+ 	   contain only the username for the purposes of generating the 8-byte
+ 	   challenge. Section 4, */
+ 	stripname(asleap->username, strippedname, sizeof(strippedname), '\\');
+ 
+/*    SHA1_CTX context;
+ 	SHA1Init(&context);
+ 	SHA1Update(&context, asleap->pptppeerchal, 16);
+ 	SHA1Update(&context, asleap->pptpauthchal, 16);
+ 	SHA1Update(&context, (uint8_t *)strippedname, strlen(strippedname));
+ 	SHA1Final(digest, &context);
+ 
+-	memcpy(&asleap->challenge, digest, 8);
+	printf("\tchallenge:         ");
+	for (j = 0; j < 8; j++)
+		printf("%02x", digest[j]);
+	printf("\n");
+
+	memcpy(asleap->challenge, digest, 8);*/
+
+	uint8_t str[300];
+	memcpy(str, asleap->pptppeerchal, 16);
+	memcpy(str+16, asleap->pptpauthchal, 16);
+	memcpy(str+32, strippedname, strlen(strippedname));
+
+	SHA1(str, 32 + strlen(strippedname), digest);
+
+	memcpy(asleap->challenge, digest, 8);
+ 
+ 	printf("\tchallenge:         ");
+ 	for (j = 0; j < 8; j++)
+@@ -1455,6 +1494,7 @@
+ 	unsigned int findlpexchret = 0;
+ 	int ret=0;
+ 	extern int success;
+	uint8_t verifypassword = 0;
+ 
+ 	memset(dictfile, 0, sizeof(dictfile));
+ 	memset(dictidx, 0, sizeof(dictidx));
+@@ -1469,41 +1509,108 @@
+ 	printf("asleap %s - actively recover LEAP/PPTP passwords. "
+ 	       "<jwright@hasborg.com>\n", VER);
+ 
+-	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:")) != EOF) {
+	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:A:B:U:P:")) != EOF) {
+ 		switch (c) {
+ 		case 's':
+ 			asleap.skipeapsuccess = 1;
+ 			break;
+ 		case 'C':
+-			if (strlen(optarg) != 23) {
+-				usage("Incorrect challenge input length "
+-						"specified.\n");
+-				exit(1);
+-			}
+-			if (str2hex(optarg, asleap.challenge, 
+			if (strlen(optarg) == 23) {
+				if (str2hex(optarg, asleap.challenge, 
+ 					sizeof(asleap.challenge)) < 0) {
+-				usage("Malformed value specified as "
+					usage("Malformed value specified as "
+ 						"challenge.\n");
+					exit(1);
+				}
+			} else if (strlen(optarg) == 16) {
+				if (decodeHexString(optarg, asleap.challenge, 
+					sizeof(asleap.challenge)) < 0) {
+					usage("Malformed value specified as "
+						"challenge.\n");
+					exit(1);
+				}
+			} else {
+				usage("Incorrect challenge input length "
+					"specified.\n");
+ 				exit(1);
+ 			}
+
+ 			asleap.leapchalfound=1;
+ 			asleap.manualchalresp=1;
+ 			break;
+ 		case 'R':
+-			if (strlen(optarg) != 71) {
+-				usage("Incorrect response input length "
+-						"specified.\n");
+-				exit(1);
+-			}
+-			if (str2hex(optarg, asleap.response, 
+			if (strlen(optarg) == 71) {
+				if (str2hex(optarg, asleap.response, 
+					sizeof(asleap.response)) < 0) {
+					usage("Malformed value specified as "
+						"response.\n");
+					exit(1);
+				}
+			} else if (strlen(optarg) == 48) {
+				if (decodeHexString(optarg, asleap.response,
+ 					sizeof(asleap.response)) < 0) {
+-				usage("Malformed value specified as "
+					usage("Malformed value specified as "
+ 						"response.\n");
+					exit(1);
+				}
+			} else {
+				usage("Incorrect response input length "
+					"specified.\n");
+ 				exit(1);
+ 			}
+
+ 			asleap.leaprespfound=1;
+ 			asleap.manualchalresp=1;
+ 			break;
+		case 'A':
+			if (strlen(optarg) == 47) {
+				if (str2hex(optarg, asleap.pptppeerchal, 
+						sizeof(asleap.pptppeerchal)) < 0) {
+					usage("Malformed value specified as "
+						"challenge.\n");
+					exit(1);
+				}
+			} else if (strlen(optarg) == 32) {
+				if (decodeHexString(optarg, asleap.pptppeerchal, 
+						sizeof(asleap.pptppeerchal)) < 0) {
+					usage("Malformed value specified as "
+						"challenge.\n");
+					exit(1);
+				}
+			} else {
+				usage("Incorrect challenge input length "
+					"specified.\n");
+				exit(1);
+			}
+			break;
+		case 'B':
+			if (strlen(optarg) == 47) {
+				if (str2hex(optarg, asleap.pptpauthchal,
+						sizeof(asleap.pptpauthchal)) < 0) {
+					usage("Malformed value specified as "
+						"challenge.\n");
+					exit(1);
+				}
+			} else if (strlen(optarg) == 32) {
+				if (decodeHexString(optarg, asleap.pptpauthchal,
+						sizeof(asleap.pptpauthchal)) < 0) {
+					usage("Malformed value specified as "
+						"challenge.\n");
+					exit(1);
+				}
+			} else {
+				usage("Incorrect challenge input length "
+					"specified.\n");
+				exit(1);
+			}
+			break;
+		case 'U':
+			memcpy(asleap.username, optarg, strlen(optarg));
+			break;
+		case 'P':
+			verifypassword = 1;
+			memcpy(asleap.password, optarg, strlen(optarg));
+			break;
+ 		case 'i':
+ 			if (atoi(optarg) == 0) {
+ 				device = optarg;
+@@ -1563,7 +1670,7 @@
+ 	strncpy(asleap.dictfile, dictfile, sizeof(asleap.dictfile) - 1);
+ 	strncpy(asleap.dictidx, dictidx, sizeof(asleap.dictidx) - 1);
+ 
+-	if (IsBlank(device) && IsBlank(pcapfile) && !asleap.manualchalresp) {
+	if (IsBlank(device) && IsBlank(pcapfile) && !asleap.manualchalresp && !verifypassword) {
+ 		usage ("Must supply an interface with -i, or a stored file "
+ 				"with -r");
+ 		exit(1);
+@@ -1594,6 +1701,37 @@
+ 		return(attack_leap(&asleap));
+ 	}
+ 
+	if (verifypassword) {
+
+		int j;
+
+		genchalhash(&asleap);
+
+		/*uint8_t challenge[8] = {0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26};
+		memcpy(asleap.challenge, challenge, 8);
+
+		printf("\tchallenge:         ");
+		for (j = 0; j < 8; j++)
+			printf("%02x", challenge[j]);
+		printf("\n");*/
+
+		unsigned char pwhash[MD4_SIGNATURE_SIZE];
+		NtPasswordHash(asleap.password, strlen(asleap.password), pwhash);
+
+		int result = testchal(&asleap, pwhash);
+
+		print_pptpexch(&asleap);
+
+		printf("\tpassword hash:     ");
+		for (j = 0; j < MD4_SIGNATURE_SIZE; j++)
+			printf("%02x", pwhash[j]);
+		printf("\n");
+
+		printf("Result is %i\n", result);
+
+		return 0;
+	}
+
+ 	/* If the user passed the -r flag, open the filename as a captured pcap
+ 	   file.  Otherwise open live from the supplied device name */
+ 	if (!IsBlank(pcapfile)) {
+diff -ur a/Makefile b/Makefile
+--- a/Makefile	2016-08-30 16:01:23.000000000 +0300
+++ b/Makefile	2019-09-21 17:07:47.212366273 +0300
+@@ -10,7 +10,7 @@
+ LDLIBS		= -lpcap -lcrypt
+ CFLAGS		= -pipe -Wall -D_LINUX -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I../../..
+ CFLAGS		+= -D_OPENSSL_MD4
+-LDLIBS		+= -lcrypto
+LDLIBS		+= -lcrypto -lssl
+ CFLAGS		+= -g3 -ggdb -g
+ PROGOBJ		= asleap.o genkeys.o utils.o common.o sha1.o
+ PROG		= asleap genkeys
+diff -ur a/utils.c b/utils.c
+--- a/utils.c	2016-08-30 16:01:23.000000000 +0300
+++ b/utils.c	2019-09-21 17:42:23.226864061 +0300
+@@ -243,3 +243,35 @@
+ 
+ 	return(1);
+ }
+
+int decodeHexString (char *hexstr, uint8_t *result, int len)
+{
+	char *ptr, *next;
+	unsigned long val;
+	int i;
+
+	char tmp[3];
+	tmp[2] = '\0';
+
+	if (strlen(hexstr) != 2*len) {
+		errno = EINVAL;
+		return(-1);
+	}
+
+	ptr = next = hexstr;
+	for(i=0;i < len;i++) {
+		memcpy(tmp, ptr, 2);
+		if((val = strtoul(tmp, NULL, 16)) > 255) {
+			errno = EINVAL;
+			return(-1);
+		}
+		result[i] = (unsigned int)val;
+		ptr += 2;
+		if((ptr[0] == '\0' || ptr[1] == '\0') && (i != len - 1)) {
+			errno = EINVAL;
+			return(-1);
+		}
+	}
+
+	return(1);
+}
+diff -ur a/utils.h b/utils.h
+--- a/utils.h	2016-08-30 16:01:23.000000000 +0300
+++ b/utils.h	2019-09-21 17:42:50.529515030 +0300
+@@ -33,3 +33,4 @@
+ int IsBlank(char *s);
+ char *printmac(unsigned char *mac);
+ int str2hex (char *string, uint8_t *hexstr, int len);
+int decodeHexString (char *hexstr, uint8_t *result, int len);
--- a/app-crypt/asleap/files/010_replace_libcrypt_with_libxcrypt.patch
+++ b/app-crypt/asleap/files/010_replace_libcrypt_with_libxcrypt.patch
@ -0,0 +1,24 @@
+diff -ur a/Makefile b/Makefile
+--- a/Makefile	2016-08-30 16:01:23.000000000 +0300
+++ b/Makefile	2019-09-21 17:02:49.398265589 +0300
+@@ -7,7 +7,7 @@
+ # <dragorn> i think thats all anyone does
+ # <dragorn> make is a twisted beast
+ ##################################
+-LDLIBS		= -lpcap -lcrypt
+LDLIBS		= -lpcap -lxcrypt
+ CFLAGS		= -pipe -Wall -D_LINUX -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I../../..
+ CFLAGS		+= -D_OPENSSL_MD4
+ LDLIBS		+= -lcrypto
+diff -ur a/utils.c b/utils.c
+--- a/utils.c	2016-08-30 16:01:23.000000000 +0300
+++ b/utils.c	2019-09-21 16:49:08.191685747 +0300
+@@ -27,7 +27,7 @@
+ #include <stdarg.h>
+ #include <string.h>
+ #include <stdint.h>
+-#include <crypt.h>
+#include <xcrypt.h>
+ #include <unistd.h>
+ #include <ctype.h>
+ #include <netinet/in.h>		/* for ntohs() */