Penetration Testing mailing list archives
Re: Cracking Ettercap Generated hashes
From: Kurt Grutzmacher <grutz () jingojango net>
Date: Sat, 17 Nov 2007 09:59:18 -0600
What you have there are the challenge/response hashes. You can crack them with Cain & Abel but prepare for it to take a while. You can't use Rainbowtables as the nonce is unique for every exchange. There are tables for a constant nonce to crack the first half of a LANMAN hash. Here are some resources that may help you understand what can be done with hashes. http://grutztopia.jingojango.net/2007/04/ntlmv1-metasploit-and-you.html http://grutz.jingojango.net/exploits/pokehashball.html http://www.metasploit.com/confs/blackhat2007/tactical_paper.pdf On Fri, Nov 16, 2007 at 05:30:17PM -0600, Danux wrote:
Hi Experts, After testing a client network, i got a hash through Ettercap(ARP Spoofing) , but when trying to cracking the hash with RainbowCrack it seems not to be a NTLM format, and nothing happens. Here i show the hash gathered: SMB : 172.16.16.135:445 -> USER: mjones HASH: mjones:"":"":1EA3083687301F2E00000000000000000000000000000000:2F8EDA1AD20B80974F86656996787855C5CF3417FD44BF03:BD9AE7964A5E989B DOMAIN: IMS Do you know how to crack hashes gathered from Ettercap(ARP Spoofing)? -- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- ..:[ grutz at jingojango dot net ]:.. GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03 8CB3 ECB4 "There's just no amusing way to say, 'I have a CISSP'."
Attachment:
_bin
Description:
Current thread:
- Cracking Ettercap Generated hashes Danux (Nov 17)
- Re: Cracking Ettercap Generated hashes Jan Heisterkamp (Nov 17)
- Re: Cracking Ettercap Generated hashes Danux (Nov 24)
- Re: Cracking Ettercap Generated hashes Kurt Grutzmacher (Nov 17)
- RE: Cracking Ettercap Generated hashes Shenk, Jerry A (Nov 17)
- Re: Cracking Ettercap Generated hashes Jan Heisterkamp (Nov 17)