Security Basics mailing list archives

RE: Cracking Hashs

From: "Valin, Christian" <Christian.Valin () ncogroup com>
Date: Fri, 18 Feb 2011 14:33:14 -0500

My $0.02,

Before you try to decipher unknown values, why not authenticate you own
account.
It will be easier to work from known values that to decipher the
unknown.

Christian

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Juan B
Sent: Thursday, February 17, 2011 6:12 PM
To: security basics
Subject: Cracking Hashs

Hi,

I put a sniffer in our windows AD domain as part of a security audit ,I
was able 
to sniff a user that is authenticating to the proxy server.

I wanted to try to find the password but It seems I cant figure out if
its lm 
Ntlm or kerberus or ? id doesent look like lm or ntlm am I wrong?

I capture it using etthercap, here is what I capture:


HTTP : 172.25.32.101:8080 -> USER: mranol  PASS: (NTLM) 
mranol:"":"":5c6802e93ccfdab100000000000000000000000000000000:f82969f336
3ca76f7bd7ba2b81c6ca7308d6cb44c25451a3:9545bb3fbc34ceba

 INFO: Proxy Authentication
HTTP : 172.25.32.101:8080 -> USER: mranol PASS: (NTLM) 
mranol:"":"":d3a3f5b3c9b131d700000000000000000000000000000000:5f051c848e
150d53a17881b55154a76b08beb6614e6d577f:d4fa1dafe981696a


any ideas which algortihm are beaing used?

thanks,

j



      

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Cracking Hashs Juan B (Feb 18)
- RE: Cracking Hashs Valin, Christian (Feb 22)
- Re: Cracking Hashs Adrian J Milanoski (Feb 22)
- Re: Cracking Hashs Edd Burgess (Feb 22)
- <Possible follow-ups>
- Re: Cracking Hashs user1 (Feb 22)
- Re: Cracking Hashs userftw (Feb 22)