smb_sniff format (in case you're interested)

[nicolas.ruff at gmail.com (Nicolas RUFF)]

Hello list,

Last July someone asked for smb_sniff-ed passwords cracking.

I successfully cracked a challenge/response authentication with the LCP
free tool (http://www.lcpsoft.com/english/index.htm).

The file format is "user:3:challenge:lm_reponse:ntlm_response".

Since smb_sniff always uses "4141..." as a challenge, I guess it would
be feasible to build rainbow tables for challenge/response cracking. CPU
anybody ?

Regards,
- Nicolas RUFF