Cracking a CHAP from Freeradius
#11
Go to https://hashcat.net/wiki/doku.php?id=example_hashes and search for "chap". Should clear up your questions. I also recommend taking a look at the output of hashcat --help
#12
(02-11-2018, 02:05 AM)ZerBea Wrote: I do not want capture this thread, but I have a question:
Do you have some informations about (free)RADIUS, specifically about the packet structure of the Attribute Value Pairs in the Access-Request Packet [User-Password encrypted(2) or CHAP-Password(3)].
I know this Password is encrypted using a MD5 chiffre (MD5 xor Password). The MD5 is calculated from secret share+random Authenticator - but i don't have any ideas about this secret share. Also I know the rfc2865 document.
We have this both fields (Authenticator and encrypted User Password) in an Access-Request Packet (and additionally a HMAC_MD5 over the complete  Access-Request Packet).

I do not need an answer anymore as I found it:
A note on security:  The security of the RADIUS protocol
depends COMPLETELY on this secret!  We recommend using a
shared secret that is composed of:
- upper case letters
- lower case letters
- numbers
And is at LEAST 8 characters long, preferably 16 characters in
length.  The secret MUST be random, and should not be words,
phrase, or anything else that is recognisable.
The default secret below is only for testing, and should
not be used in any real environment.

secret = testing123

I do not understand completely. 
1. How would an easy shared secret be used to compromise the radius?
2. If I set a 16 character shared secret, will the hashes be harder to crack?

PS: i'm [very] new to cryptography, but I AM enjoying myself with great guys like you!
#13
If I understand correctly, the password hash cannot be cracked without the correct Challenge [salt]  - Am I correct?

For example, if the RADIUS
#14
yes, the challenge is required in order to crack the hash.
#15
If I understand correctly, the password hash cannot be cracked without the correct Challenge [salt]  - Am I correct?

For example, if the RADIUS database has a user stored as follows:

Username: alishiazav
Password: honeyfairy

And If a user logs in with the following:

Username: alishiazav
Password: zavreski

Then, could the hash still be cracked using the method that we used, or not [due to the salt being incorrect]

Lastly, what is the ID at the end?
#16
I don't know how the CHAP handshake works but I would expect you can still crack a hash with a wrong password. The challenge should still be transmitted.

Unless it was coincidence the ID at the end is what is prepended to the "password" hash in your first post.
#17
We are talking about different things.
You can crack a RADIUS password with hashmode -m 4800 (CHAP). But that's only one single variant.
For example: sometimes the password is stored as BASE64(SHA1(password)) in the database of the server.

My question relates to the transport layer (packet layer of IP communication) between the client and the server.
Right now we are able to crack 2 variants (LEAP-CHAP[PPP], MD-5 challenge[EAP]). During my packet analysis I found 3 other variants (PAP, CHAP, MD5), we are not able to crack.
For your example above:
Username: alishiazav
Password: zavreski
secret share=29495ade5d6f88f1

The client build an access-request packet and sends this to the server. This packets contains
- an authenticator (random generated),
- the encrypted user password: MD5 chiffre = key xor zavreski, the key is calculated MD5(29495ade5d6f88f1+authenticator)
- and a HMAC_MD5 calculated over the packet

The server responds to the request with an access-accept packet.

Goal is to retrieve the password, if we captured this access-request packet.
#18
(02-12-2018, 01:13 AM)undeath Wrote: I don't know how the CHAP handshake works but I would expect you can still crack a hash with a wrong password. The challenge should still be transmitted.

Unless it was coincidence the ID at the end is what is prepended to the "password" hash in your first post.

Thank you for the info. I checked the link you gave me. I understand now. Just one more question, how did you know that the ID is the first two digits after 0x? I could not find this info.
#19
trial and error + educated guessing
#20
(02-12-2018, 02:49 PM)undeath Wrote: trial and error + educated guessing

Now I need a Guru mentor like this. Could you give me some links so that I could also learn abit and educate myself on this. Otherwise I'll have to come to undeath to guess for me