Metasploit mailing list archives
smb_sniffer module question
From: 0xlukej at gmail.com (Luke J)
Date: Mon, 11 Dec 2006 09:13:25 +0000
Hi Andres, Thanks for the info. I looked at your presentation and it looks interesting and I will give your tools a try. I never knew there were any publicly available tools to play with tokens. Hopefully they don't do everything I intended mine to do though, otherwise I have wasted my time haha :). Even if it does though, I think it would excellent to integrate this sort of stuff into the meterpreter. Cheers, Luke Andres Tarasco wrote:
Hi luke, I have already coded some tools that performs something like that. Take a look to The Token Thieffer and namedpipes tools available at http://www.514.es/2006/10/exploiting_win32_design_flaws.html namedpipes is also able to inject payloads like lnk or desktop.ini files into remote smb shares. Those payloads allows you to force remote network connections and steal smb hashes or to use smbrelay to connect to third part servers. By the way, tokens stolen in that way will only allow you to connect to network servers if the user has been authenticated locally (like services running with a domain account) or if the server is delegated for authentication (for example smb servers where files are stored with EFS) Anyway, is really usefully for pentests to acquire domain credentials. regards, Andres Tarasco 2006/12/10, Luke J <0xlukej at gmail.com>:Heya, I've been writing a tool for utilising windows access tokens once a box has been compromised. One of the first things I have made it do is to connect to a remote IP whilst impersonating each access token in turn, in order to obtain password hashes for accounts that might be domain accounts. It is working fine but I was wondering if the smb_sniffer output format was intended for any particular cracking software. As far as I am aware, John doesn't have the ability to crack challenge/response hashes and I don't think you import them directly into Cain either (though there is the possibility I could be wrong on both counts!!!). I could run a packet sniffer and feed the pcap file into Cain but I figured that the output format of smb_sniffer might have been intended for some cracking software in particular but couldn't find any information on it. Can anyone help? Cheers, Luke
Current thread:
- smb_sniffer module question Luke J (Dec 10)
- smb_sniffer module question Daniel Rebsdorf (Dec 10)
- smb_sniffer module question Luke J (Dec 10)
- smb_sniffer module question Daniel Rebsdorf (Dec 10)
- smb_sniffer module question H D Moore (Dec 10)
- smb_sniffer module question Luke J (Dec 10)
- smb_sniffer module question Nicolas RUFF (Dec 18)
- smb_sniffer module question Luke J (Dec 10)
- smb_sniffer module question Daniel Rebsdorf (Dec 10)
- smb_sniffer module question Nicolas RUFF (Dec 13)
- smb_sniffer module question Luke J (Dec 11)