Microsoft pptp vpn vulnerabilities Exploits in Action


© SANS Institute 2000 - 200



Download 2 Mb.
Pdf ko'rish
bet16/144
Sana16.01.2022
Hajmi2 Mb.
#372744
1   ...   12   13   14   15   16   17   18   19   ...   144
Bog'liq
microsoft-pptp-vpn-vulnerabilities-exploits-action 337

© SANS Institute 2000 - 200
                                                5
, Author retains full rights.
 
 
 
 
 
 
 
 
 
 
 
 
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 
 
© SANS Institute 2000 - 200
5                                                                                                                 
Author retains full rights.
11
TCP 1723 (Control Connection)

GRE (Tunnel)

PPP

MSCHAP (Authentication)

MPPC (Compression)

MPPE (Encryption)

LANMAN Hash (Authentication)

Microsoft offers several authentication options:
Clear text password

LANMAN hashed password

NT Encryption hashed password

Challenge/Response MSCHAP version 1

Challenge/Response MSCHAP version 2

The LAN Manager hash is created using the following:
Convert the user’s password to 14 byte string

Truncate longer passwords or pad shorter passwords with nulls

Convert all characters to uppercase

Divide this 14 character string in half to create two 7 character strings

Use each 7 character string as a DES key

Encrypt a fixed constant with each key (no random salt provided, 

entropy is based on the password)
This creates two 8 byte encrypted strings

These two 8 byte strings are merged (concatenated) together to form 

a single 16 byte hashed string.
Compare this to when using the Windows NT hash:
The password is by default a maximum of 14 characters, though it is 

easy enough to change this default to allow up to 128 characters for 
the password, unfortunately most administrators do not do so.
Password is case sensitive and converted to Unicode

Password hashed using MD4

Produces a 16 byte hash

There are many well-known and well-documented weaknesses in version 
1 of Microsoft's implementation of PPTP.
MPPE (Microsoft Point to Point Encryption protocol) has the following 
flaws:
Vulnerable to bit flipping attacks  

The MS-CHAP version 1 when using the 40 bit LANMAN hash uses 

the same key for both client and server for the connection, able to 
trivially crack this key using a cryptanalytic XORing attack.
0



Download 2 Mb.

Do'stlaringiz bilan baham:
1   ...   12   13   14   15   16   17   18   19   ...   144




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish