Hack 5 – Hacking PPTP VPNs with ASLEAP
Wednesday, November 4th, 2009This is a very informative video about cracking PPTP VPN’s Hack 5 -Episode 612. Showing how unsecured PPTP protocol is. Starting at 4:38 Darren goes into how PPTP works and why it is so insecure. For example they show how the user name is sent in the clear which is half of the log in, which is never a good idea for a secure VPN. This is one of the many reasons why Road Warrior VPN.com does not support PPTP VPN’s and only supports OpenVPN VPN’s.
During Episode 614 they finish the follow up showing how to convert the PPTP hash into the actual password. The explanation starts at 11:30 minutes into the video. They show how the proper way to parse the hex string captured using wire shark. There is a PHP script included in the show notes that makes it very easy to generate a properly formatted hash. Once this hash is formatted asleap will output the plain text password.
Hack 5 – Episode 612 – Hacking PPTP VPNs with ASLEAP
Hack 5 – Episode 614 – Firewall evasion, SSH and virtual appliances!
So in review it is scary to use PPTP as a VPN because of how unsecured the user name and password are protected by PPTP. While Road Warrior VPN.com supports OpenVPN because it is able to protect against all of these attacks, so you don’t just have the illusion of security but you have actual security.