smb_sniffer module question

[0xlukej at gmail.com (Luke J)]

Cain is able to do what? Crack LM/NTLM challenge/response hashes? If so,
I am aware of that or do you mean Cain is able to import the smb_sniffer
output somehow?

In addition, I have been testing sniffing with Cain to intercept the
LM/NTLM challenge/response hashes as they are sent to smb_sniffer.
However, it seems to have real difficult picking them up. Often it
doesn't detect them at all. However, it is very reliable when sniffing
LM/NTLM connections to an actual windows box. Anybody know if this is a
problem with smb_sniffer?

Cheers,

Luke

Daniel Rebsdorf wrote:
> Luke J skrev:
> > Heya,
> >
> > I've been writing a tool for utilising windows access tokens once a box
> > has been compromised. One of the first things I have made it do is to
> > connect to a remote IP whilst impersonating each access token in turn,
> > in order to obtain password hashes for accounts that might be domain
> > accounts.
> >
> > It is working fine but I was wondering if the smb_sniffer output format
> > was intended for any particular cracking software. As far as I am aware,
> > John doesn't have the ability to crack challenge/response hashes and I
> > don't think you import them directly into Cain either (though there is
> > the possibility I could be wrong on both counts!!!).
> >
> > I could run a packet sniffer and feed the pcap file into Cain but I
> > figured that the output format of smb_sniffer might have been intended
> > for some cracking software in particular but couldn't find any
> > information on it. Can anyone help?
> >
> > Cheers,
> >
> > Luke
> >
> >   
> Cain is able to do it.