Penetration Testing mailing list archives

Re: Cracking Ettercap Generated hashes

From: Danux <danuxx () gmail com>
Date: Wed, 21 Nov 2007 16:26:52 -0600

Ok, thanks to all for your excellent help.

On Nov 17, 2007 7:49 AM, Jan Heisterkamp <janheisterkamp () web de> wrote:

Hi danuxx,

if the IMS in "Domain : IMS" doesn't mean IP Multimedia Subsystem I
would suggest to give John a chance, if this doesnt't work take less salt...

Regards,
Jan

Danux schrieb:

Hi Experts,

After testing a client network, i got a hash through Ettercap(ARP
Spoofing) , but when trying to cracking the hash with RainbowCrack it
seems not to be a NTLM format, and nothing happens.
Here i show the hash gathered:

SMB : 172.16.16.135:445 ->
USER: mjones
HASH:
mjones:"":"":1EA3083687301F2E00000000000000000000000000000000:2F8EDA1AD20B80974F86656996787855C5CF3417FD44BF03:BD9AE7964A5E989B
DOMAIN: IMS

Do you know how to crack hashes gathered from Ettercap(ARP Spoofing)?



--
Grupo Ampersand S.A.
IT-Security Consultants & Auditors
Apdo. 924  Escazu 1250
Costa Rica C.A.
Phone: (506)588-0432
ceo_at_ampersanded.com  [corp.]
janheisterkamp_at_web.de [priv.]




-- 
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Cracking Ettercap Generated hashes Danux (Nov 17)
- Re: Cracking Ettercap Generated hashes Jan Heisterkamp (Nov 17)
  - Re: Cracking Ettercap Generated hashes Danux (Nov 24)
- Re: Cracking Ettercap Generated hashes Kurt Grutzmacher (Nov 17)
- RE: Cracking Ettercap Generated hashes Shenk, Jerry A (Nov 17)