Re: Cracking Hashs

[Edd Burgess <edd.burgess () cantab net>]

On 17/02/2011 23:12, Juan B wrote:
> Hi,
>
> I put a sniffer in our windows AD domain as part of a security audit ,I was able
> to sniff a user that is authenticating to the proxy server.
>
> I wanted to try to find the password but It seems I cant figure out if its lm
> Ntlm or kerberus or ? id doesent look like lm or ntlm am I wrong?
>
> I capture it using etthercap, here is what I capture:
>
>
> HTTP : 172.25.32.101:8080 ->  USER: mranol  PASS: (NTLM)
> mranol:"":"":5c6802e93ccfdab100000000000000000000000000000000:f82969f3363ca76f7bd7ba2b81c6ca7308d6cb44c25451a3:9545bb3fbc34ceba
>
>   INFO: Proxy Authentication
> HTTP : 172.25.32.101:8080 ->  USER: mranol PASS: (NTLM)
> mranol:"":"":d3a3f5b3c9b131d700000000000000000000000000000000:5f051c848e150d53a17881b55154a76b08beb6614e6d577f:d4fa1dafe981696a
>
>
> any ideas which algortihm are beaing used?
>
> thanks,
>
> j

Both hashes appear to resolve from the password "123456789".
They are NTLM Session Security Hashes. So think NTLM + Challenge-Response.

Edd.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------