smb_sniffer module question

[taz00 at tdcadsl.dk (Daniel Rebsdorf)]

It is able to crack them, im sure. But you need to import them yourself 
by opening the smb.txt (something like that) and then enter your own 
lines manually.

Luke J skrev:
> Cain is able to do what? Crack LM/NTLM challenge/response hashes? If so,
> I am aware of that or do you mean Cain is able to import the smb_sniffer
> output somehow?
>
> In addition, I have been testing sniffing with Cain to intercept the
> LM/NTLM challenge/response hashes as they are sent to smb_sniffer.
> However, it seems to have real difficult picking them up. Often it
> doesn't detect them at all. However, it is very reliable when sniffing
> LM/NTLM connections to an actual windows box. Anybody know if this is a
> problem with smb_sniffer?
>
> Cheers,
>
> Luke
>
> Daniel Rebsdorf wrote:
>   
> > Luke J skrev:
> >     
> > > Heya,
> > >
> > > I've been writing a tool for utilising windows access tokens once a box
> > > has been compromised. One of the first things I have made it do is to
> > > connect to a remote IP whilst impersonating each access token in turn,
> > > in order to obtain password hashes for accounts that might be domain
> > > accounts.
> > >
> > > It is working fine but I was wondering if the smb_sniffer output format
> > > was intended for any particular cracking software. As far as I am aware,
> > > John doesn't have the ability to crack challenge/response hashes and I
> > > don't think you import them directly into Cain either (though there is
> > > the possibility I could be wrong on both counts!!!).
> > >
> > > I could run a packet sniffer and feed the pcap file into Cain but I
> > > figured that the output format of smb_sniffer might have been intended
> > > for some cracking software in particular but couldn't find any
> > > information on it. Can anyone help?
> > >
> > > Cheers,
> > >
> > > Luke
> > >
> > >   
> > >       
> > Cain is able to do it.
> >
> >     
>
>