0

My apartment complex uses PPPoE CHAP authentication for internet (Mikrotik router), I want to switch their provided router with my own, however they aren't willing to give me my password.

I have fooled the router by connecting it's WAN port to my computer and running a PPPoE server on it, however, the router does not answer PPPoE PAP requests, so I am unable to recover the password that way.

That said, I can provide any PPPoE CHAP id and challenge value, and the way I understand it, CHAP uses MD5(id . password . challenge), are there any id and challenge values I could provide that would speed up cracking it via hashcat?

tW4r
  • 3
  • 1

2 Answers2

1

I haven't found a way to crack PPP CHAP challenge with Hashcat, but I have successfully implemented this with the John-The-Ripper thanks to its dynamic password forms functionality (you can see more details about this functionality in this article).
For Identifier == 1 (from the Challenge message):

john -form=dynamic='md5($c1.$p.$s),c1=\x01' --wordlist=words.txt hash.txt

hash.txt contents:

3f5ba38341417566895aafec05b91f99$HEX$3939d8a5ebb14db2805f9088a8629452

where 3f5ba38341417566895aafec05b91f99 is the hash and 3939d8a5ebb14db2805f9088a8629452 is the salt (challenge value).

Victor Golovanenko
  • 11
  • 1
0

Probably Not Feasible

Background

In CHAP, the authenticator sends a challenge, and then the client responds by hashing the secret plus some other data from that challenge.

This is comparable to sending a new salt every time, and it does not represent the scenario hashcat was designed for.

That said, the response contains an MD5 hash of challenge ID + secret + challenge value. Two of those values are transmitted over the wire. The resulting MD5 hash is also transmitted, so you have everything you need to recover the secret in theory.

The problem is getting the existing tools to work in this scenario.

Methods

You could take three approaches.

  1. You could generate a wordlist consisting of randomly-generated secret candidates and concatenate them with the ID + challenge using rules. (Extremely slow)
  2. You could create custom character sets for each character in the ID + challenge and run a bruteforce mask attack. (Fairly slow)
  3. You could attack similar to option 1, but with a regular wordlist; however, this will only succeed if the secret is in your dictionary. (Fairly fast)

Expectations

Typical CHAP secret lengths are 12-16 bytes/characters. You could probably run #2 for 8- or 9-character secrets in a reasonable time frame, but longer secrets would be problematic even with high end hardware. You are looking at years, even with dedicated multi-GPU rigs.

This leaves #3 as the only feasible option, which means your efforts are tied directly to the quality of your wordlist and the CHAP secret.

DoubleD
  • 3,862
  • 1
  • 6
  • 14