smb_sniffer module question

[taz00 at tdcadsl.dk (Daniel Rebsdorf)]

Luke J skrev:
> Heya,
>
> I've been writing a tool for utilising windows access tokens once a box
> has been compromised. One of the first things I have made it do is to
> connect to a remote IP whilst impersonating each access token in turn,
> in order to obtain password hashes for accounts that might be domain
> accounts.
>
> It is working fine but I was wondering if the smb_sniffer output format
> was intended for any particular cracking software. As far as I am aware,
> John doesn't have the ability to crack challenge/response hashes and I
> don't think you import them directly into Cain either (though there is
> the possibility I could be wrong on both counts!!!).
>
> I could run a packet sniffer and feed the pcap file into Cain but I
> figured that the output format of smb_sniffer might have been intended
> for some cracking software in particular but couldn't find any
> information on it. Can anyone help?
>
> Cheers,
>
> Luke
>
>   
Cain is able to do it.