Presentation is loading. Please wait.

Presentation is loading. Please wait.

Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 1 Weaknesses in LEAP Challenge/Response Joshua Wright

Published byGeorgina Potter Modified over 8 years ago

Similar presentations

Presentation on theme: "Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 1 Weaknesses in LEAP Challenge/Response Joshua Wright"— Presentation transcript:

1 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 1 Weaknesses in LEAP Challenge/Response Joshua Wright Joshua.Wright@jwu.edu

2 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 2 LEAP == Cisco Marketshare LEAP is Cisco’s plan to have controlling marketshare in the 802.11 AP product space Lightweight Extensible Authentication Protocol –Also known as Cisco EAP –Easy to install and configure –Easy to support (unified supplicant) –It must be secure, right?

3 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 3 LEAP is a closed EAP type LEAP specification only opened to business partners under NDA Client is licensed to other NIC manufacturers (D-Link, SMC, 3Com, Apple) AP code to do LEAP is IP of Cisco Information gathered here is collected from: –Packet captures of LEAP transactions –http://lists.cistron.nl/pipermail/cistron-radius/2001- September/002042.html

4 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 4 LEAP makes the world safer Provides authentication and data privatization –Uses modified MS-CHAPv2 challenge/response in the clear –Uses mutual authentication to mitigate MITM attacks –Uses short-lived WEP keys to encrypt data –Prevents usage of weak IV’s from the AP

5 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 5 MS-CHAPv2 Weaknesses MS-CHAPv2 weaknesses apply to the LEAP exchange –No salt in stored NT hashes Permits pre-computed dictionary attacks –Weak DES key selection for challenge/response Permits recovery of 2 bytes of the NT hash –Username sent in clear-text –We can deduce authentication passwords

6 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 6 LEAP STA Challenge/Resp 1.AP issues random 8-byte challenge to STA 2.STA uses 16 byte NT hash (MD4) of password to generate 3 DES keys 1.NT 1 – NT 7 2.NT 8 – NT 14 3.NT 15 – NT 16 + “\0 \0 \0 \0 \0” 3.Each DES key is used to encrypt the challenge (each generating 8 bytes of output) 4.STA sends 24-byte response to challenge 5.AP issues success or failure message

7 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 7 Response leaks 2 bytes of NT hash The third DES key is weak –Five NULL’s are consistent in every challenge/response –Leaves only 2^16 possibilities Can calculate 2^16 DES with a known challenge in < 1 sec Significantly reduces search space –Known hash bytes significantly reduces hash possibilities –‘$ grep “B1B2$” nthash-dict > possible-passwords’ –From 2.5 million passwords, usually leaves ~30

8 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 8 Our Attack Take a large password list, calculate MD4 hashes to generate a password+NT hash list Capture LEAP challenge/response –Extract username, challenge, response –Calculate the last 2 bytes of the NT hash from the response Search through pass+hash list for hashes with matching bytes Use matching entries to encrypt the challenge –Matching captured and calculated response will indicate the user’s password

9 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 9 Implementation – asleap-imp genkeys –Accepts a dictionary list of passwords and generates a “password \t hash” output file asleap –Reads from a pcap file, or from a network interface in RFMON mode –Watches for LEAP challenge/response –Calculates last two bytes of NT hash –Searches through genkeys output file for matches –Reports the user password

10 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 10 asleap-imp Features Search mode –Hops on all channels with user-specified hopping duration Active mode –Identifies active STA’s –Injects spoofed frame sending LEAP Logoff, followed by a deauthenticate frame to the STA Forces the victim to participate in a new challenge/response Saves LEAP exchange in a pcap file for later analysis –Hack from another machine with more disk space/larger genkeys password list

11 Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 11 asleap-imp Demo

Download ppt "Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 1 Weaknesses in LEAP Challenge/Response Joshua Wright"

Similar presentations

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Some Common Campus PKI Applications January 2004 CSG Meeting Jim Jokl.

Some Common Campus PKI Applications January 2004 CSG Meeting Jim Jokl.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar. 2007 Amit Golander.

Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar Amit Golander.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Ariel Eizenberg arielez@cs.huji.ac.il PPP Security Features Ariel Eizenberg arielez@cs.huji.ac.il.

Ariel Eizenberg PPP Security Features Ariel Eizenberg
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Similar presentations

Ads by Google