Re: Cracking Ettercap Generated hashes



What you have there are the challenge/response hashes. You can crack
them with Cain & Abel but prepare for it to take a while. You can't use
Rainbowtables as the nonce is unique for every exchange.

There are tables for a constant nonce to crack the first half of a
LANMAN hash. Here are some resources that may help you understand what
can be done with hashes.

http://grutztopia.jingojango.net/2007/04/ntlmv1-metasploit-and-you.html
http://grutz.jingojango.net/exploits/pokehashball.html
http://www.metasploit.com/confs/blackhat2007/tactical_paper.pdf

On Fri, Nov 16, 2007 at 05:30:17PM -0600, Danux wrote:
Hi Experts,

After testing a client network, i got a hash through Ettercap(ARP
Spoofing) , but when trying to cracking the hash with RainbowCrack it
seems not to be a NTLM format, and nothing happens.
Here i show the hash gathered:

SMB : 172.16.16.135:445 ->
USER: mjones
HASH:
mjones:"":"":1EA3083687301F2E00000000000000000000000000000000:2F8EDA1AD20B80974F86656996787855C5CF3417FD44BF03:BD9AE7964A5E989B
DOMAIN: IMS

Do you know how to crack hashes gathered from Ettercap(ARP Spoofing)?


--
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


--
..:[ grutz at jingojango dot net ]:..
GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03 8CB3 ECB4
"There's just no amusing way to say, 'I have a CISSP'."

Attachment: pgpi8xeT49msK.pgp
Description: PGP signature



Relevant Pages

  • Cracking a netscreen (Juniper) password hash
    ... I hope you don't get to bored, but I'm back with yet another password hash ... which I would like to be able to crack. ... John, or any similar application, to crack the hashes created by the Juniper ... such as the letters ntscrn added backwards on ...
    (Pen-Test)
  • Re: People ~Fing with Life
    ... That is what the charge was. ... hash values and the like'. ... this data area had no corresponding entry in the allocation tables. ... Hashes are used for the purposes of error correction ...
    (uk.legal)
  • Re: Passwords: to crypt or to hash?
    ... read recently that hashes are stored rather than crypted versions. ... Very few systems have ever stored crypted passwords. ... the hash function took over a second to compute. ...
    (comp.security.misc)
  • RE: [7.8.2002 44916] Notice of Copyright Infringement]
    ... Appending a single bit onto the end of the file makes a different hash. ... and you no longer match the hashes. ... The only way to prove you're breaking copyright is to download at ... |"real" warezed version of whatever movie. ...
    (Vuln-Dev)
  • Re: ACCEPT and the SCREEN SECTION.
    ... General-purpose hashes, for hash tables and similar data structures, ... In short, cryptographic hashes like MD5 are used to verify data, ... if a client asks for and receives a chunk ...
    (comp.lang.cobol)