Metasploit mailing list archives

Re: Metasploit 3.8.0-dev.13016

From: Jose Selvi <jselvi () pentester es>
Date: Fri, 01 Jul 2011 07:06:58 +0200

Sorry, convert JTR to Cain&Abel (copy&paste mistake).
Regards.

El 01/07/11 00:16, Jose Selvi escribió:

From module's code:

if(datastore['CAINPWFILE'] and smb[:username])
    if ntlm_ver == NTLM_CONST::NTLM_V1_RESPONSE then
        fd = File.open(datastore['CAINPWFILE'], "ab")
        fd.puts(
            [
            smb[:username],
            smb[:domain] ? smb[:domain] : "NULL",
            @challenge.unpack("H*")[0],
            lm_hash ? lm_hash : "0" * 48,
            nt_hash ? nt_hash : "0" * 48
            ].join(":").gsub(/\n/, "\\n")
        )
        fd.close
    end
end


It seems that only NTLMv1 challenge-response is stored in Cain&Abel format.

I can't remember, but I think I read a few time ago that NTLMv2
importing or cracking was not supported by Cain & Abel, so this output
format wasn't generated for NTLMv2.

You can recode de module for acceping it, or simply use awk (or similar)
to convert JTR format to CHEMA.



-- 
Jose Selvi.
Security Technical Consultant
CISA, CISSP, CNAP, GCIH, GPEN

http://www.pentester.es

SANS Mentor in Madrid (Spain). September 23 - November 25
SEC560: Network Penetration Testing and Ethical Hacking
http://www.sans.org/mentor/details.php?nid=24133
http://www.pentester.es/2010/12/nuevo-grupo-y-descuento-para-network.html
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Metasploit 3.8.0-dev.13016 Dan Jenkins (Jun 30)
- Re: Metasploit 3.8.0-dev.13016 Jose Selvi (Jun 30)
  - Re: Metasploit 3.8.0-dev.13016 Jose Selvi (Jun 30)