To crack a PPTP VPN first go grab a copy of Moxie Marlinspike’s chapcrack and follow the directions.
The first thing you’ll need to do is obtain the network traffic for the PPTP VPN MS-CHAPv2 handshake you’d like to crack. To do that, simply use a tool such as tcpdump or wireshark in order to obtain a network capture of a client connecting to a PPTP VPN service.
Next you’ll use
chapcrack in order to parse and extract the PPTP VPN MS-CHAPv2 handshake.
# chapcrack.py parse -i /path/to/capture.cap
Then submit the token chapcrack gives you into the Get Cracking page.
Using the Results
When you get the resulting NTHASH, you can decrypt a PPTP packet capture:
chapcrack.py decrypt -i </path/to/capture.cap> -o output.cap -n NTHASH
In theory, the NTHASH can also be used as a password equivalent to authenticate to the network.