chapcrack – A tool for parsing and decrypting MS-CHAPv2 network handshakes.

Outsmart Malicious Hackers


chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes, it was announced recently at Defcon as we read over here – Marlinspike demos MS-CHAPv2 crack.

The process is as follows:

  1. Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance).
  2. Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap).
  3. Submit the CloudCracker token to www.cloudcracker.com
  4. Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n )

If you are interested in a much more in-depth, technical explanation – you can read more here:

Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate

Using this attack they have a 100% success rate of cracking DES hashes within 23~ hours.

You can download chapcrack here:

moxie0-chapcrack.zip

Or read more here.

Posted in: Cryptography, Exploits/Vulnerabilities, Hacking Tools


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Comments are closed.