/dechap

A tool for recovering credentials from sniffed PPPoE, RADIUS and L2TPv2 CHAP authentications

OtherNOASSERTION

dechap v0.4 Alpha
Written by Foeh Mannay, October 2013

PURPOSE
=======

dechap is a tool which attempts to recover login credentials from captured
PPPoE, RADIUS and L2TP CHAP authentications plus MD5 authenticated OSPF or BGP
traffic. It strips away any 802.1Q tags and / or MPLS labels which are present
to get to the good stuff and then runs a dictionary attack against any 
authentications it finds.

Please see http://networkingbodges.blogspot.com/ for more information on the
theory behind this if you are interested.

INSTALLATION
============

Provided the OpenSSL dev libraries are installed it should be possible to simply
extract the source code, cd into the directory then run "make".

USAGE
=====

There are only two parameters and both are mandatory. You must specify your
capture file (original pcap format) with the -c flag and your word list with
the -w flag. Here's an example:

lab@lab:~/dechap$ ./dechap -w mywords.txt -c someauths.cap
Found password "tangerine" for user user1@testisp.com.
Unable to find a password for user user2@testisp.com.
Found password "password1" for user user3@testisp.com.
Found password "Africa" for user user4@testisp.com.
Found password "Frankenstein" for user user5@testisp.com.
Found password "s3cr3tk3y" for OSPF host 10.1.1.1 key 1.
Found password "t1nt3rn3t" for TCP from 10.0.0.2 to 10.0.0.1.
lab@lab:~/dechap$

CHANGE LOG
==========

v0.1a	First working release, only works with PPPoE traffic.

v0.2a	Added support for RADIUS and L2TP captures.
	Fixed a bug in MPLS decap.

v0.3a	Added support for MD5 authenticated OSPF.

v0.4a	Added support for MD5 authenticated BGP.