diff --git a/app-crypt/asleap/asleap-2.2_p20160730.ebuild b/app-crypt/asleap/asleap-2.2_p20160730-r1.ebuild similarity index 100% rename from app-crypt/asleap/asleap-2.2_p20160730.ebuild rename to app-crypt/asleap/asleap-2.2_p20160730-r1.ebuild diff --git a/app-crypt/asleap/files/003_fix_and_improve_bruteforce_option.patch b/app-crypt/asleap/files/003_fix_and_improve_bruteforce_option.patch new file mode 100644 index 000000000..7d9b0a2c6 --- /dev/null +++ b/app-crypt/asleap/files/003_fix_and_improve_bruteforce_option.patch @@ -0,0 +1,155 @@ +Binary files ../asleap-2.2.orig/asleap and ./asleap differ +diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c +--- ../asleap-2.2.orig/asleap.c 2020-09-30 15:29:57.712000000 +0300 ++++ ./asleap.c 2020-09-30 15:13:52.758000000 +0300 +@@ -70,9 +70,7 @@ struct pcap_pkthdr h; + char errbuf[PCAP_ERRBUF_SIZE]; + int success = 0; /* For return status of attack */ + unsigned long pcount=0; +-/* for password generation */ +-const char * charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; +- ++const char *alphanum = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + + /* prototypes */ + void usage(char *message); +@@ -138,7 +136,10 @@ void usage(char *message) + "\t-V \tPrint program version and exit\n" + "\t-C \tChallenge value in colon-delimited bytes\n" + "\t-R \tResponse value in colon-delimited bytes\n" +- "\t-W \tASCII dictionary file (special purpose)\n" "\n"); ++ "\t-W \tASCII dictionary file (special purpose)\n" ++ "\t-G \tBruteforce attack\n" ++ "\t-g \tBruteforce charset (default: a-zA-Z0-9)\n" ++ "\n"); + } + + void print_pptpexch(struct asleap_data *asleap_ptr) +@@ -307,7 +308,7 @@ int testchal(struct asleap_data *asleap_ + int j; + + DesEncrypt(asleap_ptr->challenge, zpwhash, cipher); +- ++/* + printf("\tgiven hash 1: "); + for (j = 0; j < 8; j++) + printf("%02x", cipher[j]); +@@ -316,12 +317,12 @@ int testchal(struct asleap_data *asleap_ + for (j = 0; j < 8; j++) + printf("%02x", asleap_ptr->response[j]); + printf("\n"); +- ++*/ + if (memcmp(cipher, asleap_ptr->response, 8) != 0) + return (1); + + DesEncrypt(asleap_ptr->challenge, zpwhash + 7, cipher); +- ++/* + printf("\tgiven hash 2: "); + for (j = 0; j < 8; j++) + printf("%02x", cipher[j]); +@@ -330,7 +331,7 @@ int testchal(struct asleap_data *asleap_ + for (j = 0; j < 8; j++) + printf("%02x", asleap_ptr->response[j+8]); + printf("\n"); +- ++*/ + if (memcmp(cipher, asleap_ptr->response + 8, 8) != 0) + return (1); + +@@ -408,12 +409,13 @@ int trypasswords(struct asleap_data *asl + /* generate all possible charset combinations */ + int permute(struct asleap_data *asleap_ptr, int level, char * password) + { +- const char* charset_ptr = charset; ++ const char* charset_ptr = ++ asleap_ptr->custom_charset ? asleap_ptr->charset : alphanum; + unsigned char pwhash[MD4_SIGNATURE_SIZE]; + + if(level == -1) { /* got generated password */ + /* debug */ +- /* printf("%s\n", password); */ ++ /*printf("%s\n", password);*/ + NtPasswordHash(password, strlen(password), pwhash); + + if (pwhash[14] != asleap_ptr->endofhash[0] || +@@ -1029,14 +1031,16 @@ int attack_leap(struct asleap_data *asle + } + + if (asleap->verbose) +- printf("\tStarting dictionary lookups.\n"); ++ printf(asleap->gen_password ++ ? "\tStarting bruteforce.\n" ++ :"\tStarting dictionary lookups.\n"); + +- if (!IsBlank(asleap->wordfile)) { ++ if (asleap->gen_password) { ++ /* Attack MS-CHAP exchange with brute-force password generation */ ++ getmschappwret = trypasswords(asleap); ++ } else if (!IsBlank(asleap->wordfile)) { + /* Attack MS-CHAP exchange with a straight dictionary list */ + getmschappwret = getmschapbrute(asleap); +- } else if(asleap->gen_password) { +- /* Attack MS-CHAP exchange with brute-force password generation */ +- getmschappwret = trypasswords(asleap); + } else { + getmschappwret = getmschappw(asleap); + } +@@ -1085,7 +1089,10 @@ int attack_pptp(struct asleap_data *asle + if (asleap->verbose) + printf("\tStarting dictionary lookups.\n"); + +- if (!IsBlank(asleap->wordfile)) { ++ if (asleap->gen_password) { ++ /* Attack MS-CHAP exchange with brute-force password generation */ ++ getmschappwret = trypasswords(asleap); ++ } else if (!IsBlank(asleap->wordfile)) { + /* Attack MS-CHAP exchange with a straight dictionary list */ + getmschappwret = getmschapbrute(asleap); + } else { +@@ -1509,7 +1516,7 @@ int main(int argc, char *argv[]) + printf("asleap %s - actively recover LEAP/PPTP passwords. " + "\n", VER); + +- while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:A:B:U:P:")) != EOF) { ++ while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) { + switch (c) { + case 's': + asleap.skipeapsuccess = 1; +@@ -1657,7 +1664,11 @@ int main(int argc, char *argv[]) + break; + case 'G': + asleap.gen_password = 1; +- sscanf(optarg, "%d", &asleap.pass_len); /* save desired password lentgh */ ++ sscanf(optarg, "%d", &asleap.pass_len); /* save desired password length */ ++ break; ++ case 'g': ++ asleap.custom_charset = 1; ++ strncpy(asleap.charset, optarg, sizeof(asleap.charset) - 1); + break; + default: + usage(""); +Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ +diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h +--- ../asleap-2.2.orig/asleap.h 2020-09-30 15:29:57.706000000 +0300 ++++ ./asleap.h 2020-09-30 15:09:52.307000000 +0300 +@@ -63,9 +63,11 @@ struct asleap_data { + int verbose; + int gen_password; + int pass_len; ++ int custom_charset; + char dictfile[255]; + char dictidx[255]; + char wordfile[255]; ++ char charset[255]; + + /* Tracking values */ + uint8_t leapchalfound; +Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ +Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ +Binary files ../asleap-2.2.orig/common.o and ./common.o differ +Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ +Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ +Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ +Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ diff --git a/app-crypt/asleap/files/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch b/app-crypt/asleap/files/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch new file mode 100644 index 000000000..884b217cc --- /dev/null +++ b/app-crypt/asleap/files/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch @@ -0,0 +1,209 @@ +Binary files ../asleap-2.2.orig/asleap and ./asleap differ +diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c +--- ../asleap-2.2.orig/asleap.c 2020-10-02 14:57:07.512000000 +0300 ++++ ./asleap.c 2020-10-02 15:01:55.719000000 +0300 +@@ -136,6 +136,7 @@ void usage(char *message) + "\t-V \tPrint program version and exit\n" + "\t-C \tChallenge value in colon-delimited bytes\n" + "\t-R \tResponse value in colon-delimited bytes\n" ++ "\t-U \tUsername (required if PPTP Challenge/Response specified)\n" + "\t-W \tASCII dictionary file (special purpose)\n" + "\t-G \tBruteforce attack\n" + "\t-g \tBruteforce charset (default: a-zA-Z0-9)\n" +@@ -1502,11 +1503,14 @@ int main(int argc, char *argv[]) + int ret=0; + extern int success; + uint8_t verifypassword = 0; ++ int username_specified = 0; + + memset(dictfile, 0, sizeof(dictfile)); + memset(dictidx, 0, sizeof(dictidx)); + memset(pcapfile, 0, sizeof(pcapfile)); + memset(&asleap, 0, sizeof(asleap)); ++ asleap.challenge = asleap.leapchallenge; ++ asleap.response = asleap.leapresponse; + device = NULL; + + signal(SIGINT, cleanup); +@@ -1516,57 +1520,94 @@ int main(int argc, char *argv[]) + printf("asleap %s - actively recover LEAP/PPTP passwords. " + "\n", VER); + +- while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) { ++ while ((c = getopt(argc, argv, ++ "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) { + switch (c) { + case 's': + asleap.skipeapsuccess = 1; + break; + case 'C': +- if (strlen(optarg) == 23) { +- if (str2hex(optarg, asleap.challenge, +- sizeof(asleap.challenge)) < 0) { ++ if (strlen(optarg) == 47) { ++ if (str2hex(optarg, asleap.pptpchallenge, ++ sizeof(asleap.pptpchallenge)) < 0) { + usage("Malformed value specified as " +- "challenge.\n"); ++ "pptp challenge.\n"); ++ exit(1); ++ } ++ asleap.challenge = asleap.pptpchallenge; ++ asleap.pptpchalfound=1; ++ } else if (strlen(optarg) == 32) { ++ if (decodeHexString(optarg, asleap.pptpchallenge, ++ sizeof(asleap.pptpchallenge)) < 0) { ++ usage("Malformed value specified as " ++ "pptp challenge.\n"); + exit(1); + } ++ asleap.challenge = asleap.pptpchallenge; ++ asleap.pptpchalfound=1; ++ } else if (strlen(optarg) == 23) { ++ if (str2hex(optarg, asleap.leapchallenge, ++ sizeof(asleap.leapchallenge)) < 0) { ++ usage("Malformed value specified as " ++ "leap challenge.\n"); ++ exit(1); ++ } ++ asleap.leapchalfound=1; + } else if (strlen(optarg) == 16) { +- if (decodeHexString(optarg, asleap.challenge, +- sizeof(asleap.challenge)) < 0) { ++ if (decodeHexString(optarg, asleap.leapchallenge, ++ sizeof(asleap.leapchallenge)) < 0) { + usage("Malformed value specified as " +- "challenge.\n"); ++ "leap challenge.\n"); + exit(1); + } ++ asleap.leapchalfound=1; + } else { + usage("Incorrect challenge input length " + "specified.\n"); + exit(1); + } +- +- asleap.leapchalfound=1; + asleap.manualchalresp=1; + break; + case 'R': +- if (strlen(optarg) == 71) { +- if (str2hex(optarg, asleap.response, +- sizeof(asleap.response)) < 0) { ++ if (strlen(optarg) == 146) { ++ if (str2hex(optarg, asleap.pptpresponse, ++ sizeof(asleap.pptpresponse)) < 0) { ++ usage("Malformed value specified as " ++ "pptp response1.\n"); ++ exit(1); ++ } ++ asleap.response = asleap.pptpresponse; ++ asleap.pptprespfound=1; ++ } else if (strlen(optarg) == 98) { ++ if (decodeHexString(optarg, asleap.pptpresponse, ++ sizeof(asleap.pptpresponse)) < 0) { ++ usage("Malformed value specified as " ++ "pptp response2.\n"); ++ exit(1); ++ } ++ asleap.response = asleap.pptpresponse; ++ asleap.pptprespfound=1; ++ } else if (strlen(optarg) == 71) { ++ if (str2hex(optarg, asleap.leapresponse, ++ sizeof(asleap.leapresponse)) < 0) { + usage("Malformed value specified as " +- "response.\n"); ++ "leap response.\n"); + exit(1); + } ++ asleap.leaprespfound=1; + } else if (strlen(optarg) == 48) { +- if (decodeHexString(optarg, asleap.response, +- sizeof(asleap.response)) < 0) { ++ if (decodeHexString(optarg, asleap.leapresponse, ++ sizeof(asleap.leapresponse)) < 0) { + usage("Malformed value specified as " +- "response.\n"); ++ "leap response.\n"); + exit(1); + } ++ asleap.leaprespfound=1; + } else { + usage("Incorrect response input length " + "specified.\n"); + exit(1); + } +- +- asleap.leaprespfound=1; + asleap.manualchalresp=1; + break; + case 'A': +@@ -1613,6 +1654,7 @@ int main(int argc, char *argv[]) + break; + case 'U': + memcpy(asleap.username, optarg, strlen(optarg)); ++ username_specified=1; + break; + case 'P': + verifypassword = 1; +@@ -1704,7 +1746,7 @@ int main(int argc, char *argv[]) + } + } + +- if (asleap.leapchalfound && asleap.leaprespfound && ++ if (asleap.leapchalfound && asleap.leaprespfound && + asleap.manualchalresp) { + /* User specified manual challenge/response on the command + * line (aka, the "Jay Beale" feature). +@@ -1712,6 +1754,23 @@ int main(int argc, char *argv[]) + return(attack_leap(&asleap)); + } + ++ if (asleap.pptpchalfound && asleap.pptprespfound && ++ asleap.manualchalresp) { ++ if (!username_specified) { ++ usage("PPTP Challenge/Reponse requires " ++ "Username (-U option) to be specified.\n"); ++ exit(1); ++ } ++ ++ uint8_t peerresp[24]; ++ memcpy(peerresp, asleap.pptpresponse + 24, 24); ++ memcpy(asleap.pptpauthchal, asleap.pptpchallenge, 16); ++ memcpy(asleap.pptppeerchal, asleap.pptpresponse, 16); ++ //memset(asleap.pptpresponse, 0, sizeof(asleap.pptpresponse)); ++ memcpy(asleap.pptpresponse, peerresp, 24); ++ return(attack_pptp(&asleap)); ++ } ++ + if (verifypassword) { + + int j; +Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ +diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h +--- ../asleap-2.2.orig/asleap.h 2020-10-02 14:57:07.514000000 +0300 ++++ ./asleap.h 2020-10-02 14:05:28.630000000 +0300 +@@ -47,8 +47,12 @@ + struct asleap_data { + char username[256 + 1]; + uint8_t eapid; +- uint8_t challenge[8]; +- uint8_t response[24]; ++ uint8_t pptpchallenge[16]; ++ uint8_t pptpresponse[49]; ++ uint8_t leapchallenge[8]; ++ uint8_t leapresponse[24]; ++ uint8_t *challenge; ++ uint8_t *response; + uint8_t endofhash[2]; + char password[32]; + uint8_t nthash[16]; +Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ +Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ +Binary files ../asleap-2.2.orig/common.o and ./common.o differ +Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ +Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ +Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ +Binary files ../asleap-2.2.orig/.utils.c.un~ and ./.utils.c.un~ differ +Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ