I was wondering if anyone had any experience with LEAP -- I believe this particular system locked itself down VIA MAC address, and number of IP's given to wireless connections -- however, I believe I can spoof my MAC using iwconfig....
Is there anything else I will need to do?
Like with CIsoc's VPN it actually needs the VPN client to authenticate -- is this the same?
How hard will it be to get in?
Thanks,
Poz
LEAP authentication
-
pozican
- Oh lawd is dat sum chikinz
- Posts: 1617
- Joined: Tue May 18, 2004 1:29 pm
- Location: #hackerthreads
LEAP authentication
Get some exercise -- Support bad porn
Life for President, Ramius for vice, GhostHawk for Secretary of Beer
i <3 2 sqrt(u)
Life for President, Ramius for vice, GhostHawk for Secretary of Beer
i <3 2 sqrt(u)
-
pozican
- Oh lawd is dat sum chikinz
- Posts: 1617
- Joined: Tue May 18, 2004 1:29 pm
- Location: #hackerthreads
I've done some serious research on LEAP, and I figured it'd be helpful....
LEAP goes over wireless and trys to connect to the AP -- The original encryption used for authetication from the NIC to the AP is MsCHAPv2 -- From there the AP sends your login credentials to the auth server. The auth server then sends the credentials to the Domain Controller, and if it is valid than the auth server generates a WEP key based on your login name and your password, and sends it to the AP.
From there it sends the key BACK to the client (your computer) and it uses that key...
Remember -- to connect to a LEAP enabled AP -- You need a LEAP enabled card.
The key changes every 15 minutes.
The only real flaw I have found so far is 'asleap'
You can find it here ==> http://asleap.sourceforge.net/
LEAP goes over wireless and trys to connect to the AP -- The original encryption used for authetication from the NIC to the AP is MsCHAPv2 -- From there the AP sends your login credentials to the auth server. The auth server then sends the credentials to the Domain Controller, and if it is valid than the auth server generates a WEP key based on your login name and your password, and sends it to the AP.
From there it sends the key BACK to the client (your computer) and it uses that key...
Remember -- to connect to a LEAP enabled AP -- You need a LEAP enabled card.
The key changes every 15 minutes.
The only real flaw I have found so far is 'asleap'
You can find it here ==> http://asleap.sourceforge.net/
Get some exercise -- Support bad porn
Life for President, Ramius for vice, GhostHawk for Secretary of Beer
i <3 2 sqrt(u)
Life for President, Ramius for vice, GhostHawk for Secretary of Beer
i <3 2 sqrt(u)