Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Metasploit 3.8.0-dev.13016

From: Dan Jenkins <k1dlr01 () yahoo com>
Date: Fri, 1 Jul 2011 10:20:12 -0700 (PDT)


--- On Fri, 7/1/11, Dan Jenkins <k1dlr01 () yahoo com> wrote:

From: Dan Jenkins <k1dlr01 () yahoo com>
Subject: Re: [framework] Metasploit 3.8.0-dev.13016
To: "Jose Selvi" <jselvi () pentester es>
Date: Friday, July 1, 2011, 10:17 AM

Thanks

That explains why I did not get ANY NTLMv1 data - our target machines do NOT allow V1 traffic - only V2.   I will have 
to figure out the difference in the JTR format and the CAIN format and PERL out the files to C&A.  JTR is faster but 
C&A is still a super useful tool.  

--- On Thu, 6/30/11, Jose Selvi <jselvi () pentester es> wrote:

From: Jose Selvi <jselvi () pentester es>
Subject: Re: [framework] Metasploit 3.8.0-dev.13016
To: framework () spool metasploit com
Date: Thursday, June 30, 2011, 10:06 PM

Sorry, convert JTR to Cain&Abel (copy&paste mistake).
Regards.

El 01/07/11 00:16, Jose Selvi escribió:

From module's code:


 

if(datastore['CAINPWFILE'] and smb[:username])
     if ntlm_ver == NTLM_CONST::NTLM_V1_RESPONSE then
         fd = File.open(datastore['CAINPWFILE'], "ab")
         fd.puts(
             [
             smb[:username],
             smb[:domain] ? smb[:domain] : "NULL",
             @challenge.unpack("H*")[0],
             lm_hash ? lm_hash : "0" * 48,
             nt_hash ? nt_hash : "0" * 48
             ].join(":").gsub(/\n/, "\\n")
     

    )

         fd.close
     end
end


It seems that only NTLMv1 challenge-response is stored in Cain&Abel format.

I can't remember, but I think I read a few time ago that NTLMv2
importing or cracking was not supported by Cain & Abel, so this output
format wasn't generated for NTLMv2.

You can recode de module for acceping it, or simply use awk (or similar)
to convert JTR format to CHEMA.



-- 
Jose Selvi.
Security Technical Consultant
CISA, CISSP, CNAP, GCIH, GPEN

http://www.pentester.es

SANS Mentor in Madrid (Spain). September 23 - November 25
SEC560: Network Penetration Testing and Ethical Hacking
http://www.sans.org/mentor/details.php?nid=24133
http://www.pentester.es/2010/12/nuevo-grupo-y-descuento-para-network.html
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: