Security Basics mailing list archives
Re: Cracking Hashs
From: Edd Burgess <edd.burgess () cantab net>
Date: Sun, 20 Feb 2011 06:25:41 +0000
On 17/02/2011 23:12, Juan B wrote:
Hi, I put a sniffer in our windows AD domain as part of a security audit ,I was able to sniff a user that is authenticating to the proxy server. I wanted to try to find the password but It seems I cant figure out if its lm Ntlm or kerberus or ? id doesent look like lm or ntlm am I wrong? I capture it using etthercap, here is what I capture: HTTP : 172.25.32.101:8080 -> USER: mranol PASS: (NTLM) mranol:"":"":5c6802e93ccfdab100000000000000000000000000000000:f82969f3363ca76f7bd7ba2b81c6ca7308d6cb44c25451a3:9545bb3fbc34ceba INFO: Proxy Authentication HTTP : 172.25.32.101:8080 -> USER: mranol PASS: (NTLM) mranol:"":"":d3a3f5b3c9b131d700000000000000000000000000000000:5f051c848e150d53a17881b55154a76b08beb6614e6d577f:d4fa1dafe981696a any ideas which algortihm are beaing used? thanks, j
Both hashes appear to resolve from the password "123456789". They are NTLM Session Security Hashes. So think NTLM + Challenge-Response. Edd. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Cracking Hashs Juan B (Feb 18)
- RE: Cracking Hashs Valin, Christian (Feb 22)
- Re: Cracking Hashs Adrian J Milanoski (Feb 22)
- Re: Cracking Hashs Edd Burgess (Feb 22)
- <Possible follow-ups>
- Re: Cracking Hashs user1 (Feb 22)
- Re: Cracking Hashs userftw (Feb 22)