View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0008152Kali Linux[All Projects] Kali Package Bugpublic2023-01-19 19:022023-01-19 21:58
ReporterTheLionWarrior Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version2022.4 
Target VersionFixed in Version 
Summary0008152: asleap 2.3 in Kali Repository not able to work with MSCHAPv2
DescriptionAfter downloading the latest version of aleap (asleap_2.3~git20201128.254acab-0kali1) from the kali-rolling repository, asleap gives the following error message when trying to crack MSCHAPv2: "Could not recover last 2 bytes of hash from the challenge/response. Sorry it didn't work out." Installing asleap 2.2-1kali7 from https://old.kali.org repository along with the necessary libssl1.0.2 library allows asleap to crack the same MSCHAPv2 with no issues.
Steps To Reproduce#Download latest asleap from kali-rolling repository.
sudo apt install asleap

#Try to crack MSCHAPv2 using asleap and a wordlist such as /usr/share/john/password.lst (Password is password)
asleap -C ce:b6:98:85:c6:56:59:0c -R 72:79:f6:5a:a4:98:70:f4:58:22:c8:9d:cb:dd:73:c1:b8:9d:37:78:44:ca:ea:d4 -W /usr/share/john/password.lst
Additional InformationTo successfully crack the same MSCHAPv2 using asleap, I did the following.

#Download libssl1.0.2
wget http://security.debian.org/debian-security/pool/updates/main/o/openssl1.0/libssl1.0.2_1.0.2u-1~deb9u7_amd64.deb

#Install libssl1.0.2
sudo apt install ./libssl1.0.2_1.0.2u-1\~deb9u7_amd64.deb

#Download asleap 2.2
wget https://old.kali.org/kali/pool/main/a/asleap/asleap_2.2-1kali7_amd64.deb

#Install asleap 2.2
sudo apt install ./asleap_2.2-1kali7_amd64.deb

#Try to crack MSCHAPv2 using asleap and a wordlist such as /usr/share/john/password.lst (Password is password)
asleap -C ce:b6:98:85:c6:56:59:0c -R 72:79:f6:5a:a4:98:70:f4:58:22:c8:9d:cb:dd:73:c1:b8:9d:37:78:44:ca:ea:d4 -W /usr/share/john/password.lst

Activities

TheLionWarrior

2023-01-19 19:02

reporter  

image.png (5,741 bytes)
image.png (5,741 bytes)
image-2.png (2,498 bytes)
image-2.png (2,498 bytes)
image-3.png (4,059 bytes)
image-3.png (4,059 bytes)
image-4.png (2,211 bytes)
image-4.png (2,211 bytes)
asleap_2.2_01.png (825,041 bytes)
asleap_2.3.png (433,703 bytes)
asleap_2.2_02.png (349,285 bytes)

kali-bugreport

2023-01-19 21:40

reporter   ~0017406

Found this one:

> I have seen this error before, I don't think it's something distro-specific.

on https://github.com/joswr1ght/asleap/issues/8

Could be something you would need to discuss with the developer of that tool.

TheLionWarrior

2023-01-19 21:58

reporter   ~0017407

I saw that when initially researching this issue, but Rogdham's response below joswr1ght's response indicates that it is specifically with the asleap in the Kali repository. He ran asleap 2.3 on his machine and it was able to crack password, but when he tried the asleap 2.3 on a Kali VM, he lists that he received the same error message.

Issue History

Date Modified Username Field Change
2023-01-19 19:02 TheLionWarrior New Issue
2023-01-19 19:02 TheLionWarrior File Added: image.png
2023-01-19 19:02 TheLionWarrior File Added: image-2.png
2023-01-19 19:02 TheLionWarrior File Added: image-3.png
2023-01-19 19:02 TheLionWarrior File Added: image-4.png
2023-01-19 19:02 TheLionWarrior File Added: asleap_2.2_01.png
2023-01-19 19:02 TheLionWarrior File Added: asleap_2.3.png
2023-01-19 19:02 TheLionWarrior File Added: asleap_2.2_02.png
2023-01-19 21:40 kali-bugreport Note Added: 0017406
2023-01-19 21:58 TheLionWarrior Note Added: 0017407