[crux-commits] ports/contrib (refs/remotes/origin/3.6): asleap: deleted unmaintained port

crux at crux.nu crux at crux.nu
Sat Apr 10 19:05:52 UTC 2021


commit 49a0da6b137d1e9287d627f8d75d5295fa8226c8
Author: Tim Biermann <tbier at posteo.de>
Date:   Mon Feb 15 09:50:39 2021 +0000

    asleap: deleted unmaintained port

diff --git a/asleap/.footprint b/asleap/.footprint
deleted file mode 100644
index 5366ebe79..000000000
--- a/asleap/.footprint
+++ /dev/null
@@ -1,4 +0,0 @@
-drwxr-xr-x	root/root	usr/
-drwxr-xr-x	root/root	usr/bin/
--rwxr-xr-x	root/root	usr/bin/asleap
--rwxr-xr-x	root/root	usr/bin/genkeys
diff --git a/asleap/.signature b/asleap/.signature
deleted file mode 100644
index 31f8f58c4..000000000
--- a/asleap/.signature
+++ /dev/null
@@ -1,10 +0,0 @@
-untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF38h2kkZiIapG5jZjf/5DOuTAKdFIOfCA0Kx1lIhhZxCqTu5Bk9NAIUkUYpTWVy7O3s5t5oFPE9BLtksdALKT+Qg=
-SHA256 (Pkgfile) = 11e1a5d2ce33fff87bfb49e04d61bc4e8060377a5cbf4f0e6cec26b1bde96b0e
-SHA256 (.footprint) = b31157fba0cda15600581075a0517c0b713a65e09a1aa1adbd0dbfea51c0414f
-SHA256 (asleap-2.2.tgz) = 92beb6495a856884ca343787ab2f7c9d4b9d3aba21526c2e1f6ba38736c67a23
-SHA256 (0001-fix-build-for-CRUX.patch) = 8f3aa419a503a72c2efa941ac0c90d466e045f3c48672a282e60bd1cbc5ee9cc
-SHA256 (001_add_simple_password_bruteforcing_option.patch) = 9842820e414927993ddce29964ac351d5662cb627d3690fb6e2acd937166eb1e
-SHA256 (002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch) = 3470f6cdabe99642368e1d221c8cfd33ca0bfdf902ce9f16149aa39248d1835e
-SHA256 (003_fix_and_improve_bruteforce_option.patch) = 5923f8a90be632d257243aa9c31de7ba9b8865b7fd772748dfd42397b1b8c024
-SHA256 (004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch) = 0f9a96e57a95925716206c6bf06b15ac9c7e82bcaae49e8f3b8b77604e670059
diff --git a/asleap/0001-fix-build-for-CRUX.patch b/asleap/0001-fix-build-for-CRUX.patch
deleted file mode 100644
index b2a51d640..000000000
--- a/asleap/0001-fix-build-for-CRUX.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From ff9f30db21733aa019c6205536b21c246178d40a Mon Sep 17 00:00:00 2001
-From: Stamatin Cristina <dear.volgk at gmail.com>
-Date: Sun, 20 Sep 2020 19:46:58 +0300
-Subject: [PATCH] fix build for CRUX
-
----
- Makefile | 12 ++++++------
- utils.c  |  2 +-
- 2 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 5d34ed6..3492abc 100644
---- a/Makefile
-+++ b/Makefile
-@@ -7,13 +7,13 @@
- # <dragorn> i think thats all anyone does
- # <dragorn> make is a twisted beast
- ##################################
--LDLIBS		= -lpcap -lcrypt
--CFLAGS		= -pipe -Wall -D_LINUX -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I../../..
--CFLAGS		+= -D_OPENSSL_MD4
-+LDLIBS		 = -lpcap -lxcrypt -lssl
-+CFLAGS		+= -D_LINUX -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-+CFLAGS		+= -D_OPENSSL_MD4 -I/usr/lib/libxcrypt2.4/include -L/usr/lib/libxcrypt2.4
-+CFLAGS      += -Wl,-rpath=/usr/lib/libxcrypt2.4
- LDLIBS		+= -lcrypto
--CFLAGS		+= -g3 -ggdb -g
--PROGOBJ		= asleap.o genkeys.o utils.o common.o sha1.o
--PROG		= asleap genkeys
-+PROGOBJ		 = asleap.o genkeys.o utils.o common.o sha1.o
-+PROG		 = asleap genkeys
- 
- all: $(PROG) $(PROGOBJ)
- 
-diff --git a/utils.c b/utils.c
-index 4941514..799a2a7 100644
---- a/utils.c
-+++ b/utils.c
-@@ -27,7 +27,7 @@
- #include <stdarg.h>
- #include <string.h>
- #include <stdint.h>
--#include <crypt.h>
-+#include <xcrypt.h>
- #include <unistd.h>
- #include <ctype.h>
- #include <netinet/in.h>		/* for ntohs() */
--- 
-2.28.0
-
diff --git a/asleap/001_add_simple_password_bruteforcing_option.patch b/asleap/001_add_simple_password_bruteforcing_option.patch
deleted file mode 100644
index 09ad82386..000000000
--- a/asleap/001_add_simple_password_bruteforcing_option.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From 286cdcb625493b0bf2ab700715785207d51afad4 Mon Sep 17 00:00:00 2001
-From: lager <machv at cesnet.cz>
-Date: Wed, 17 Apr 2019 09:30:07 +0200
-Subject: [PATCH] add simple password bruteforcing option
-
----
- asleap.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
- asleap.h |  2 ++
- 2 files changed, 63 insertions(+), 1 deletion(-)
-
-diff --git a/asleap.c b/asleap.c
-index f0c8b07..4804346 100644
---- a/asleap.c
-+++ b/asleap.c
-@@ -69,6 +69,9 @@ struct pcap_pkthdr h;
- char errbuf[PCAP_ERRBUF_SIZE];
- int success = 0; /* For return status of attack */
- unsigned long pcount=0;
-+/* for password generation */
-+const char * charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-+
- 
- /* prototypes */
- void usage(char *message);
-@@ -92,6 +95,8 @@ int testpptpchal(struct asleap_data *asleap_ptr, int plen, int offset);
- int testpptpresp(struct asleap_data *asleap_ptr, int plen,  int offset);
- int testpptpsuccess(struct asleap_data *asleap_ptr, int plen, int offset);
- void genchalhash(struct asleap_data *asleap);
-+int trypasswords(struct asleap_data *asleap_ptr);
-+int permute(struct asleap_data *asleap_ptr, int level, char * password);
- 
- 
- int stripname(char *name, char *stripname, int snamelen, char delim)
-@@ -360,6 +365,54 @@ int getmschapbrute(struct asleap_data *asleap_ptr)
- 	return 0;
- }
- 
-+/* try generating passwords and hashes based on command line params */
-+int trypasswords(struct asleap_data *asleap_ptr)
-+{
-+	char password[MAX_NT_PASSWORD + 1] = {0};		/* should be dynamically allocated based on input param */
-+	int ret;
-+
-+	for(int i = 0; i < asleap_ptr->pass_len; i++) {		/* iterate password length from 1 to desired length */
-+		ret = permute(asleap_ptr, i, password);
-+
-+		if(ret == 0)
-+			printf("no matching password found for length %d\n", i + 1);
-+		else
-+			return ret;
-+	}
-+
-+	return ret;
-+}
-+
-+/* generate all possible charset combinations */
-+int permute(struct asleap_data *asleap_ptr, int level, char * password)
-+{
-+	const char* charset_ptr = charset;
-+	unsigned char pwhash[MD4_SIGNATURE_SIZE];
-+
-+	if(level == -1) {	/* got generated password */
-+		/* debug */
-+		/* printf("%s\n", password); */
-+		NtPasswordHash(password, strlen(password), pwhash);
-+
-+		if (pwhash[14] != asleap_ptr->endofhash[0] ||
-+		    pwhash[15] != asleap_ptr->endofhash[1])
-+			return 0;
-+
-+		if (testchal(asleap_ptr, pwhash) == 0) {
-+			/* Found a matching password! w00t! */
-+			memcpy(asleap_ptr->nthash, pwhash, 16);
-+			strncpy(asleap_ptr->password, password,
-+				strlen(password));
-+			return (1);
-+		}
-+	} else
-+		while(password[level] = *(charset_ptr++))	/* keep going */
-+			if(permute(asleap_ptr, level - 1, password) == 1)
-+				return 1;		/* found */
-+
-+	return 0;	/* nothing found */
-+}
-+
- /* Brute-force all the matching NT hashes to discover the clear-text password */
- int getmschappw(struct asleap_data *asleap_ptr)
- {
-@@ -942,6 +995,9 @@ int attack_leap(struct asleap_data *asleap)
- 	if (!IsBlank(asleap->wordfile)) {
- 		/* Attack MS-CHAP exchange with a straight dictionary list */
- 		getmschappwret = getmschapbrute(asleap);
-+	} else if(asleap->gen_password) {
-+		/* Attack MS-CHAP exchange with brute-force password generation */
-+	    getmschappwret = trypasswords(asleap);
- 	} else {
- 		getmschappwret = getmschappw(asleap);
- 	}
-@@ -1413,7 +1469,7 @@ int main(int argc, char *argv[])
- 	printf("asleap %s - actively recover LEAP/PPTP passwords. "
- 	       "<jwright at hasborg.com>\n", VER);
- 
--	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:")) != EOF) {
-+	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:")) != EOF) {
- 		switch (c) {
- 		case 's':
- 			asleap.skipeapsuccess = 1;
-@@ -1492,6 +1548,10 @@ int main(int argc, char *argv[])
- 			strncpy(asleap.wordfile, optarg, 
- 					sizeof(asleap.wordfile) - 1);
- 			break;
-+		case 'G':
-+			asleap.gen_password = 1;
-+			sscanf(optarg, "%d", &asleap.pass_len); /* save desired password lentgh */
-+			break;
- 		default:
- 			usage("");
- 			exit(1);
-diff --git a/asleap.h b/asleap.h
-index 1225fec..0c3666e 100644
---- a/asleap.h
-+++ b/asleap.h
-@@ -61,6 +61,8 @@ struct asleap_data {
- 	int eapsuccess;
- 	int skipeapsuccess;	/* Don't bother checking for success after auth */
- 	int verbose;
-+	int gen_password;
-+	int pass_len;
- 	char dictfile[255];
- 	char dictidx[255];
- 	char wordfile[255];
diff --git a/asleap/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch b/asleap/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch
deleted file mode 100644
index b1b46f4af..000000000
--- a/asleap/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch
+++ /dev/null
@@ -1,314 +0,0 @@
-diff -ur a/asleap.c b/asleap.c
---- a/asleap.c	2019-09-22 16:40:10.211884000 +0300
-+++ b/asleap.c	2019-09-22 16:42:39.063433095 +0300
-@@ -45,6 +45,7 @@
- #include <netpacket/packet.h>
- #include <linux/if.h>
- #include <linux/wireless.h>
-+#include <openssl/sha.h>
- 
- #include "asleap.h"
- #include "utils.h"
-@@ -303,12 +304,33 @@
- {
- 
- 	unsigned char cipher[8];
-+	int j;
- 
- 	DesEncrypt(asleap_ptr->challenge, zpwhash, cipher);
-+
-+	printf("\tgiven hash 1:      ");
-+	for (j = 0; j < 8; j++)
-+		printf("%02x", cipher[j]);
-+	printf("\n");
-+	printf("\tresponse hash 1:   ");
-+	for (j = 0; j < 8; j++)
-+		printf("%02x", asleap_ptr->response[j]);
-+	printf("\n");
-+
- 	if (memcmp(cipher, asleap_ptr->response, 8) != 0)
- 		return (1);
- 
- 	DesEncrypt(asleap_ptr->challenge, zpwhash + 7, cipher);
-+
-+	printf("\tgiven hash 2:      ");
-+	for (j = 0; j < 8; j++)
-+		printf("%02x", cipher[j]);
-+	printf("\n");
-+	printf("\tresponse hash 2:   ");
-+	for (j = 0; j < 8; j++)
-+		printf("%02x", asleap_ptr->response[j+8]);
-+	printf("\n");
-+
- 	if (memcmp(cipher, asleap_ptr->response + 8, 8) != 0)
- 		return (1);
- 
-@@ -948,23 +970,40 @@
- void genchalhash(struct asleap_data *asleap)
- {
- 
--	SHA1_CTX context;
- 	unsigned char digest[SHA1_MAC_LEN];
- 	char strippedname[256];
- 	int j;
- 
-+	memset(digest, 0, SHA1_MAC_LEN);
-+	memset(strippedname, 0, 256);
-+
- 	/* RFC2759 indicates a username "BIGCO\johndoe" must be stripped to 
- 	   contain only the username for the purposes of generating the 8-byte
- 	   challenge. Section 4, */
- 	stripname(asleap->username, strippedname, sizeof(strippedname), '\\');
- 
-+/*    SHA1_CTX context;
- 	SHA1Init(&context);
- 	SHA1Update(&context, asleap->pptppeerchal, 16);
- 	SHA1Update(&context, asleap->pptpauthchal, 16);
- 	SHA1Update(&context, (uint8_t *)strippedname, strlen(strippedname));
- 	SHA1Final(digest, &context);
- 
--	memcpy(&asleap->challenge, digest, 8);
-+	printf("\tchallenge:         ");
-+	for (j = 0; j < 8; j++)
-+		printf("%02x", digest[j]);
-+	printf("\n");
-+
-+	memcpy(asleap->challenge, digest, 8);*/
-+
-+	uint8_t str[300];
-+	memcpy(str, asleap->pptppeerchal, 16);
-+	memcpy(str+16, asleap->pptpauthchal, 16);
-+	memcpy(str+32, strippedname, strlen(strippedname));
-+
-+	SHA1(str, 32 + strlen(strippedname), digest);
-+
-+	memcpy(asleap->challenge, digest, 8);
- 
- 	printf("\tchallenge:         ");
- 	for (j = 0; j < 8; j++)
-@@ -1455,6 +1494,7 @@
- 	unsigned int findlpexchret = 0;
- 	int ret=0;
- 	extern int success;
-+	uint8_t verifypassword = 0;
- 
- 	memset(dictfile, 0, sizeof(dictfile));
- 	memset(dictidx, 0, sizeof(dictidx));
-@@ -1469,41 +1509,108 @@
- 	printf("asleap %s - actively recover LEAP/PPTP passwords. "
- 	       "<jwright at hasborg.com>\n", VER);
- 
--	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:")) != EOF) {
-+	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:A:B:U:P:")) != EOF) {
- 		switch (c) {
- 		case 's':
- 			asleap.skipeapsuccess = 1;
- 			break;
- 		case 'C':
--			if (strlen(optarg) != 23) {
--				usage("Incorrect challenge input length "
--						"specified.\n");
--				exit(1);
--			}
--			if (str2hex(optarg, asleap.challenge, 
-+			if (strlen(optarg) == 23) {
-+				if (str2hex(optarg, asleap.challenge, 
- 					sizeof(asleap.challenge)) < 0) {
--				usage("Malformed value specified as "
-+					usage("Malformed value specified as "
- 						"challenge.\n");
-+					exit(1);
-+				}
-+			} else if (strlen(optarg) == 16) {
-+				if (decodeHexString(optarg, asleap.challenge, 
-+					sizeof(asleap.challenge)) < 0) {
-+					usage("Malformed value specified as "
-+						"challenge.\n");
-+					exit(1);
-+				}
-+			} else {
-+				usage("Incorrect challenge input length "
-+					"specified.\n");
- 				exit(1);
- 			}
-+
- 			asleap.leapchalfound=1;
- 			asleap.manualchalresp=1;
- 			break;
- 		case 'R':
--			if (strlen(optarg) != 71) {
--				usage("Incorrect response input length "
--						"specified.\n");
--				exit(1);
--			}
--			if (str2hex(optarg, asleap.response, 
-+			if (strlen(optarg) == 71) {
-+				if (str2hex(optarg, asleap.response, 
-+					sizeof(asleap.response)) < 0) {
-+					usage("Malformed value specified as "
-+						"response.\n");
-+					exit(1);
-+				}
-+			} else if (strlen(optarg) == 48) {
-+				if (decodeHexString(optarg, asleap.response,
- 					sizeof(asleap.response)) < 0) {
--				usage("Malformed value specified as "
-+					usage("Malformed value specified as "
- 						"response.\n");
-+					exit(1);
-+				}
-+			} else {
-+				usage("Incorrect response input length "
-+					"specified.\n");
- 				exit(1);
- 			}
-+
- 			asleap.leaprespfound=1;
- 			asleap.manualchalresp=1;
- 			break;
-+		case 'A':
-+			if (strlen(optarg) == 47) {
-+				if (str2hex(optarg, asleap.pptppeerchal, 
-+						sizeof(asleap.pptppeerchal)) < 0) {
-+					usage("Malformed value specified as "
-+						"challenge.\n");
-+					exit(1);
-+				}
-+			} else if (strlen(optarg) == 32) {
-+				if (decodeHexString(optarg, asleap.pptppeerchal, 
-+						sizeof(asleap.pptppeerchal)) < 0) {
-+					usage("Malformed value specified as "
-+						"challenge.\n");
-+					exit(1);
-+				}
-+			} else {
-+				usage("Incorrect challenge input length "
-+					"specified.\n");
-+				exit(1);
-+			}
-+			break;
-+		case 'B':
-+			if (strlen(optarg) == 47) {
-+				if (str2hex(optarg, asleap.pptpauthchal,
-+						sizeof(asleap.pptpauthchal)) < 0) {
-+					usage("Malformed value specified as "
-+						"challenge.\n");
-+					exit(1);
-+				}
-+			} else if (strlen(optarg) == 32) {
-+				if (decodeHexString(optarg, asleap.pptpauthchal,
-+						sizeof(asleap.pptpauthchal)) < 0) {
-+					usage("Malformed value specified as "
-+						"challenge.\n");
-+					exit(1);
-+				}
-+			} else {
-+				usage("Incorrect challenge input length "
-+					"specified.\n");
-+				exit(1);
-+			}
-+			break;
-+		case 'U':
-+			memcpy(asleap.username, optarg, strlen(optarg));
-+			break;
-+		case 'P':
-+			verifypassword = 1;
-+			memcpy(asleap.password, optarg, strlen(optarg));
-+			break;
- 		case 'i':
- 			if (atoi(optarg) == 0) {
- 				device = optarg;
-@@ -1563,7 +1670,7 @@
- 	strncpy(asleap.dictfile, dictfile, sizeof(asleap.dictfile) - 1);
- 	strncpy(asleap.dictidx, dictidx, sizeof(asleap.dictidx) - 1);
- 
--	if (IsBlank(device) && IsBlank(pcapfile) && !asleap.manualchalresp) {
-+	if (IsBlank(device) && IsBlank(pcapfile) && !asleap.manualchalresp && !verifypassword) {
- 		usage ("Must supply an interface with -i, or a stored file "
- 				"with -r");
- 		exit(1);
-@@ -1594,6 +1701,37 @@
- 		return(attack_leap(&asleap));
- 	}
- 
-+	if (verifypassword) {
-+
-+		int j;
-+
-+		genchalhash(&asleap);
-+
-+		/*uint8_t challenge[8] = {0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26};
-+		memcpy(asleap.challenge, challenge, 8);
-+
-+		printf("\tchallenge:         ");
-+		for (j = 0; j < 8; j++)
-+			printf("%02x", challenge[j]);
-+		printf("\n");*/
-+
-+		unsigned char pwhash[MD4_SIGNATURE_SIZE];
-+		NtPasswordHash(asleap.password, strlen(asleap.password), pwhash);
-+
-+		int result = testchal(&asleap, pwhash);
-+
-+		print_pptpexch(&asleap);
-+
-+		printf("\tpassword hash:     ");
-+		for (j = 0; j < MD4_SIGNATURE_SIZE; j++)
-+			printf("%02x", pwhash[j]);
-+		printf("\n");
-+
-+		printf("Result is %i\n", result);
-+
-+		return 0;
-+	}
-+
- 	/* If the user passed the -r flag, open the filename as a captured pcap
- 	   file.  Otherwise open live from the supplied device name */
- 	if (!IsBlank(pcapfile)) {
-diff -ur a/utils.c b/utils.c
---- a/utils.c	2016-08-30 16:01:23.000000000 +0300
-+++ b/utils.c	2019-09-22 16:41:08.725279000 +0300
-@@ -243,3 +243,35 @@
- 
- 	return(1);
- }
-+
-+int decodeHexString (char *hexstr, uint8_t *result, int len)
-+{
-+	char *ptr, *next;
-+	unsigned long val;
-+	int i;
-+
-+	char tmp[3];
-+	tmp[2] = '\0';
-+
-+	if (strlen(hexstr) != 2*len) {
-+		errno = EINVAL;
-+		return(-1);
-+	}
-+
-+	ptr = next = hexstr;
-+	for(i=0;i < len;i++) {
-+		memcpy(tmp, ptr, 2);
-+		if((val = strtoul(tmp, NULL, 16)) > 255) {
-+			errno = EINVAL;
-+			return(-1);
-+		}
-+		result[i] = (unsigned int)val;
-+		ptr += 2;
-+		if((ptr[0] == '\0' || ptr[1] == '\0') && (i != len - 1)) {
-+			errno = EINVAL;
-+			return(-1);
-+		}
-+	}
-+
-+	return(1);
-+}
-diff -ur a/utils.h b/utils.h
---- a/utils.h	2016-08-30 16:01:23.000000000 +0300
-+++ b/utils.h	2019-09-22 16:41:08.725279000 +0300
-@@ -33,3 +33,4 @@
- int IsBlank(char *s);
- char *printmac(unsigned char *mac);
- int str2hex (char *string, uint8_t *hexstr, int len);
-+int decodeHexString (char *hexstr, uint8_t *result, int len);
diff --git a/asleap/003_fix_and_improve_bruteforce_option.patch b/asleap/003_fix_and_improve_bruteforce_option.patch
deleted file mode 100644
index 7d9b0a2c6..000000000
--- a/asleap/003_fix_and_improve_bruteforce_option.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-Binary files ../asleap-2.2.orig/asleap and ./asleap differ
-diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c
---- ../asleap-2.2.orig/asleap.c	2020-09-30 15:29:57.712000000 +0300
-+++ ./asleap.c	2020-09-30 15:13:52.758000000 +0300
-@@ -70,9 +70,7 @@ struct pcap_pkthdr h;
- char errbuf[PCAP_ERRBUF_SIZE];
- int success = 0; /* For return status of attack */
- unsigned long pcount=0;
--/* for password generation */
--const char * charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
--
-+const char *alphanum = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- 
- /* prototypes */
- void usage(char *message);
-@@ -138,7 +136,10 @@ void usage(char *message)
- 	       "\t-V \tPrint program version and exit\n"
- 	       "\t-C \tChallenge value in colon-delimited bytes\n"
- 	       "\t-R \tResponse value in colon-delimited bytes\n"
--	       "\t-W \tASCII dictionary file (special purpose)\n" "\n");
-+	       "\t-W \tASCII dictionary file (special purpose)\n"
-+	       "\t-G \tBruteforce attack\n"
-+	       "\t-g \tBruteforce charset (default: a-zA-Z0-9)\n"
-+	       "\n");
- }
- 
- void print_pptpexch(struct asleap_data *asleap_ptr)
-@@ -307,7 +308,7 @@ int testchal(struct asleap_data *asleap_
- 	int j;
- 
- 	DesEncrypt(asleap_ptr->challenge, zpwhash, cipher);
--
-+/*
- 	printf("\tgiven hash 1:      ");
- 	for (j = 0; j < 8; j++)
- 		printf("%02x", cipher[j]);
-@@ -316,12 +317,12 @@ int testchal(struct asleap_data *asleap_
- 	for (j = 0; j < 8; j++)
- 		printf("%02x", asleap_ptr->response[j]);
- 	printf("\n");
--
-+*/
- 	if (memcmp(cipher, asleap_ptr->response, 8) != 0)
- 		return (1);
- 
- 	DesEncrypt(asleap_ptr->challenge, zpwhash + 7, cipher);
--
-+/*
- 	printf("\tgiven hash 2:      ");
- 	for (j = 0; j < 8; j++)
- 		printf("%02x", cipher[j]);
-@@ -330,7 +331,7 @@ int testchal(struct asleap_data *asleap_
- 	for (j = 0; j < 8; j++)
- 		printf("%02x", asleap_ptr->response[j+8]);
- 	printf("\n");
--
-+*/
- 	if (memcmp(cipher, asleap_ptr->response + 8, 8) != 0)
- 		return (1);
- 
-@@ -408,12 +409,13 @@ int trypasswords(struct asleap_data *asl
- /* generate all possible charset combinations */
- int permute(struct asleap_data *asleap_ptr, int level, char * password)
- {
--	const char* charset_ptr = charset;
-+	const char* charset_ptr =
-+		asleap_ptr->custom_charset ? asleap_ptr->charset : alphanum;
- 	unsigned char pwhash[MD4_SIGNATURE_SIZE];
- 
- 	if(level == -1) {	/* got generated password */
- 		/* debug */
--		/* printf("%s\n", password); */
-+		/*printf("%s\n", password);*/
- 		NtPasswordHash(password, strlen(password), pwhash);
- 
- 		if (pwhash[14] != asleap_ptr->endofhash[0] ||
-@@ -1029,14 +1031,16 @@ int attack_leap(struct asleap_data *asle
- 	}
- 
- 	if (asleap->verbose)
--		printf("\tStarting dictionary lookups.\n");
-+		printf(asleap->gen_password
-+				? "\tStarting bruteforce.\n"
-+				:"\tStarting dictionary lookups.\n");
- 
--	if (!IsBlank(asleap->wordfile)) {
-+	if (asleap->gen_password) {
-+		/* Attack MS-CHAP exchange with brute-force password generation */
-+		getmschappwret = trypasswords(asleap);
-+	} else if (!IsBlank(asleap->wordfile)) {
- 		/* Attack MS-CHAP exchange with a straight dictionary list */
- 		getmschappwret = getmschapbrute(asleap);
--	} else if(asleap->gen_password) {
--		/* Attack MS-CHAP exchange with brute-force password generation */
--	    getmschappwret = trypasswords(asleap);
- 	} else {
- 		getmschappwret = getmschappw(asleap);
- 	}
-@@ -1085,7 +1089,10 @@ int attack_pptp(struct asleap_data *asle
- 	if (asleap->verbose)
- 		printf("\tStarting dictionary lookups.\n");
- 
--	if (!IsBlank(asleap->wordfile)) {
-+	if (asleap->gen_password) {
-+		/* Attack MS-CHAP exchange with brute-force  password generation */
-+		getmschappwret = trypasswords(asleap);
-+	} else if (!IsBlank(asleap->wordfile)) {
- 		/* Attack MS-CHAP exchange with a straight dictionary list */
- 		getmschappwret = getmschapbrute(asleap);
- 	} else {
-@@ -1509,7 +1516,7 @@ int main(int argc, char *argv[])
- 	printf("asleap %s - actively recover LEAP/PPTP passwords. "
- 	       "<jwright at hasborg.com>\n", VER);
- 
--	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:A:B:U:P:")) != EOF) {
-+	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) {
- 		switch (c) {
- 		case 's':
- 			asleap.skipeapsuccess = 1;
-@@ -1657,7 +1664,11 @@ int main(int argc, char *argv[])
- 			break;
- 		case 'G':
- 			asleap.gen_password = 1;
--			sscanf(optarg, "%d", &asleap.pass_len); /* save desired password lentgh */
-+			sscanf(optarg, "%d", &asleap.pass_len); /* save desired password length */
-+			break;
-+		case 'g':
-+			asleap.custom_charset = 1;
-+			strncpy(asleap.charset, optarg, sizeof(asleap.charset) - 1);
- 			break;
- 		default:
- 			usage("");
-Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ
-diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h
---- ../asleap-2.2.orig/asleap.h	2020-09-30 15:29:57.706000000 +0300
-+++ ./asleap.h	2020-09-30 15:09:52.307000000 +0300
-@@ -63,9 +63,11 @@ struct asleap_data {
- 	int verbose;
- 	int gen_password;
- 	int pass_len;
-+	int custom_charset;
- 	char dictfile[255];
- 	char dictidx[255];
- 	char wordfile[255];
-+	char charset[255];
- 
- 	/* Tracking values */
- 	uint8_t leapchalfound;
-Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ
-Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ
-Binary files ../asleap-2.2.orig/common.o and ./common.o differ
-Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ
-Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ
-Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ
-Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ
diff --git a/asleap/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch b/asleap/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch
deleted file mode 100644
index 884b217cc..000000000
--- a/asleap/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch
+++ /dev/null
@@ -1,209 +0,0 @@
-Binary files ../asleap-2.2.orig/asleap and ./asleap differ
-diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c
---- ../asleap-2.2.orig/asleap.c	2020-10-02 14:57:07.512000000 +0300
-+++ ./asleap.c	2020-10-02 15:01:55.719000000 +0300
-@@ -136,6 +136,7 @@ void usage(char *message)
- 	       "\t-V \tPrint program version and exit\n"
- 	       "\t-C \tChallenge value in colon-delimited bytes\n"
- 	       "\t-R \tResponse value in colon-delimited bytes\n"
-+	       "\t-U \tUsername (required if PPTP Challenge/Response specified)\n"
- 	       "\t-W \tASCII dictionary file (special purpose)\n"
- 	       "\t-G \tBruteforce attack\n"
- 	       "\t-g \tBruteforce charset (default: a-zA-Z0-9)\n"
-@@ -1502,11 +1503,14 @@ int main(int argc, char *argv[])
- 	int ret=0;
- 	extern int success;
- 	uint8_t verifypassword = 0;
-+	int username_specified = 0;
- 
- 	memset(dictfile, 0, sizeof(dictfile));
- 	memset(dictidx, 0, sizeof(dictidx));
- 	memset(pcapfile, 0, sizeof(pcapfile));
- 	memset(&asleap, 0, sizeof(asleap));
-+	asleap.challenge = asleap.leapchallenge;
-+	asleap.response  = asleap.leapresponse;
- 	device = NULL;
- 
- 	signal(SIGINT, cleanup);
-@@ -1516,57 +1520,94 @@ int main(int argc, char *argv[])
- 	printf("asleap %s - actively recover LEAP/PPTP passwords. "
- 	       "<jwright at hasborg.com>\n", VER);
- 
--	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) {
-+	while ((c = getopt(argc, argv,
-+		"DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) {
- 		switch (c) {
- 		case 's':
- 			asleap.skipeapsuccess = 1;
- 			break;
- 		case 'C':
--			if (strlen(optarg) == 23) {
--				if (str2hex(optarg, asleap.challenge, 
--					sizeof(asleap.challenge)) < 0) {
-+			if (strlen(optarg) == 47) {
-+				if (str2hex(optarg, asleap.pptpchallenge,
-+					sizeof(asleap.pptpchallenge)) < 0) {
- 					usage("Malformed value specified as "
--						"challenge.\n");
-+						"pptp challenge.\n");
-+					exit(1);
-+				}
-+				asleap.challenge = asleap.pptpchallenge;
-+				asleap.pptpchalfound=1;
-+			} else if (strlen(optarg) == 32) {
-+				if (decodeHexString(optarg, asleap.pptpchallenge,
-+					sizeof(asleap.pptpchallenge)) < 0) {
-+					usage("Malformed value specified as "
-+						"pptp challenge.\n");
- 					exit(1);
- 				}
-+				asleap.challenge = asleap.pptpchallenge;
-+				asleap.pptpchalfound=1;
-+			} else if (strlen(optarg) == 23) {
-+				if (str2hex(optarg, asleap.leapchallenge, 
-+					sizeof(asleap.leapchallenge)) < 0) {
-+					usage("Malformed value specified as "
-+						"leap challenge.\n");
-+					exit(1);
-+				}
-+				asleap.leapchalfound=1;
- 			} else if (strlen(optarg) == 16) {
--				if (decodeHexString(optarg, asleap.challenge, 
--					sizeof(asleap.challenge)) < 0) {
-+				if (decodeHexString(optarg, asleap.leapchallenge, 
-+					sizeof(asleap.leapchallenge)) < 0) {
- 					usage("Malformed value specified as "
--						"challenge.\n");
-+						"leap challenge.\n");
- 					exit(1);
- 				}
-+				asleap.leapchalfound=1;
- 			} else {
- 				usage("Incorrect challenge input length "
- 					"specified.\n");
- 				exit(1);
- 			}
--
--			asleap.leapchalfound=1;
- 			asleap.manualchalresp=1;
- 			break;
- 		case 'R':
--			if (strlen(optarg) == 71) {
--				if (str2hex(optarg, asleap.response, 
--					sizeof(asleap.response)) < 0) {
-+			if (strlen(optarg) == 146) {
-+				if (str2hex(optarg, asleap.pptpresponse,
-+					sizeof(asleap.pptpresponse)) < 0) {
-+					usage("Malformed value specified as "
-+						"pptp response1.\n");
-+					exit(1);
-+				}
-+				asleap.response = asleap.pptpresponse;
-+				asleap.pptprespfound=1;
-+			} else if (strlen(optarg) == 98) {
-+				if (decodeHexString(optarg, asleap.pptpresponse,
-+					sizeof(asleap.pptpresponse)) < 0) {
-+					usage("Malformed value specified as "
-+						"pptp response2.\n");
-+					exit(1);
-+				}
-+				asleap.response = asleap.pptpresponse;
-+				asleap.pptprespfound=1;
-+			} else if (strlen(optarg) == 71) {
-+				if (str2hex(optarg, asleap.leapresponse,
-+					sizeof(asleap.leapresponse)) < 0) {
- 					usage("Malformed value specified as "
--						"response.\n");
-+						"leap response.\n");
- 					exit(1);
- 				}
-+				asleap.leaprespfound=1;
- 			} else if (strlen(optarg) == 48) {
--				if (decodeHexString(optarg, asleap.response,
--					sizeof(asleap.response)) < 0) {
-+				if (decodeHexString(optarg, asleap.leapresponse,
-+					sizeof(asleap.leapresponse)) < 0) {
- 					usage("Malformed value specified as "
--						"response.\n");
-+						"leap response.\n");
- 					exit(1);
- 				}
-+				asleap.leaprespfound=1;
- 			} else {
- 				usage("Incorrect response input length "
- 					"specified.\n");
- 				exit(1);
- 			}
--
--			asleap.leaprespfound=1;
- 			asleap.manualchalresp=1;
- 			break;
- 		case 'A':
-@@ -1613,6 +1654,7 @@ int main(int argc, char *argv[])
- 			break;
- 		case 'U':
- 			memcpy(asleap.username, optarg, strlen(optarg));
-+			username_specified=1;
- 			break;
- 		case 'P':
- 			verifypassword = 1;
-@@ -1704,7 +1746,7 @@ int main(int argc, char *argv[])
- 		}
- 	}
- 
--	if (asleap.leapchalfound && asleap.leaprespfound && 
-+	if (asleap.leapchalfound && asleap.leaprespfound &&
- 			asleap.manualchalresp) {
- 		/* User specified manual challenge/response on the command
- 		 * line (aka, the "Jay Beale" feature).
-@@ -1712,6 +1754,23 @@ int main(int argc, char *argv[])
- 		return(attack_leap(&asleap));
- 	}
- 
-+	if (asleap.pptpchalfound && asleap.pptprespfound &&
-+			asleap.manualchalresp) {
-+		if (!username_specified) {
-+			usage("PPTP Challenge/Reponse requires "
-+				"Username (-U option) to be specified.\n");
-+			exit(1);
-+		}
-+
-+		uint8_t peerresp[24];
-+		memcpy(peerresp, asleap.pptpresponse + 24, 24);
-+		memcpy(asleap.pptpauthchal, asleap.pptpchallenge, 16);
-+		memcpy(asleap.pptppeerchal, asleap.pptpresponse, 16);
-+		//memset(asleap.pptpresponse, 0, sizeof(asleap.pptpresponse));
-+		memcpy(asleap.pptpresponse, peerresp, 24);
-+		return(attack_pptp(&asleap));
-+	}
-+
- 	if (verifypassword) {
- 
- 		int j;
-Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ
-diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h
---- ../asleap-2.2.orig/asleap.h	2020-10-02 14:57:07.514000000 +0300
-+++ ./asleap.h	2020-10-02 14:05:28.630000000 +0300
-@@ -47,8 +47,12 @@
- struct asleap_data {
- 	char username[256 + 1];
- 	uint8_t eapid;
--	uint8_t challenge[8];
--	uint8_t response[24];
-+	uint8_t pptpchallenge[16];
-+	uint8_t pptpresponse[49];
-+	uint8_t leapchallenge[8];
-+	uint8_t leapresponse[24];
-+	uint8_t *challenge;
-+	uint8_t *response;
- 	uint8_t endofhash[2];
- 	char password[32];
- 	uint8_t nthash[16];
-Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ
-Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ
-Binary files ../asleap-2.2.orig/common.o and ./common.o differ
-Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ
-Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ
-Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ
-Binary files ../asleap-2.2.orig/.utils.c.un~ and ./.utils.c.un~ differ
-Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ
diff --git a/asleap/Pkgfile b/asleap/Pkgfile
deleted file mode 100644
index 909507045..000000000
--- a/asleap/Pkgfile
+++ /dev/null
@@ -1,32 +0,0 @@
-# Description: Actively recover LEAP/PPTP passwords
-# URL:         https://www.willhackforsushi.com/?page_id=41
-# Maintainer:  UNMAINTAINED
-# Depends on:  openssl libpcap libxcrypt2.4
-
-name=asleap
-version=2.2
-release=1
-source=(http://www.willhackforsushi.com/code/$name/$version/$name-$version.tgz
-	0001-fix-build-for-CRUX.patch
-	001_add_simple_password_bruteforcing_option.patch
-	002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch
-	003_fix_and_improve_bruteforce_option.patch
-	004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch)
-
-build() {
-	cd $name-$version
-
-	patch -p1 -i $SRC/0001-fix-build-for-CRUX.patch
-	patch -p1 -i $SRC/001_add_simple_password_bruteforcing_option.patch
-	patch -p1 -i $SRC/002_added_the_possibility_to_verify_MSCHAP-V2_authentication.patch
-	patch -p1 -i $SRC/003_fix_and_improve_bruteforce_option.patch
-	patch -p1 -i $SRC/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch
-
-	sed -i  -e "s/#define VER \"\(.*\)\"/#define VER \"${version}.${release}\"/" \
-		version.h
-
-	make
-
-	install -D asleap  $PKG/usr/bin/asleap
-	install -D genkeys $PKG/usr/bin/genkeys
-}


More information about the crux-commits mailing list