Password hashs issue

---

• From: Juan B <juanbabi@xxxxxxxxx>
• Date: Wed, 13 Feb 2008 07:14:31 -0800 (PST)

---

Hi,

I installed a sniffer (cain) in the lan and captured
those hashes:

osem\admin:"":"":C0486DB4163A37A100000000000000000000000000000000:4A38D0EBABB88EED889E65B54991DD13012394965AC9D022:77D205A26EFBE92D
osem\support:"":"":BBCCBAD529AE258800000000000000000000000000000000:9FBFAB6785A7EAF41AD0DE20F285AC9DBA945EC20C3AE1Bosem\user_analyst:"":"":2E158D68FD3B262200000000000000000000000000000000:842F9192A7190AF20158FCB4B3E3A5E5D0BE2E7DE5C392B0:7D1D7EF0DD3920A0
osem\LDAP_anonymous:"":"":DE3D8AFCD5D2FE8A00000000000000000000000000000000:8DA07C7F7F3BC38CECFCBDDA3186BE66EA9685FE7B061172:5A128695BF6DD28F
osem\administrator:"":"":76BE5E6E99AA009F97F702A69C5B9BFCDC09EBBA9F40F700:B4EBBC575171CB781859CB23279A6941981FABCD17399457:71E69612101A3557
osem\Manager:"":"":E3D22494A6388F62287F810F06B81555495AEF4F7773738A:80A123BA224D5514AA12BA6AF9697A8B110AB358A03F0D80:9361278F0206A59F

Now cain tells me that the first part is LM hash and
the second part is NT hash it also shows nt challenge
for all of the passwords,for the first 3 users it says
that the type is NTLM session security and for the
rest they are LN & NTLM + challenge.
I want to find out what are the passwords so I tried
to paste those hashes in plain-text.info but it tells
me that its the wrong format, what an I doning wrong ?
please help!

Juan


____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs

---

• Follow-Ups:
  • Re: Password hashs issue
    • From: Dave Dearinger
  • Re: Password hashs issue
    • From: Patrick Hendrick

• Prev by Date: Re: securing web applications (Wiki CMS installation)
• Next by Date: RE: Database Encryption and PCI issue.
• Previous by thread: Thanks to all, ExploitSearch in Top5 security must-have
• Next by thread: Re: Password hashs issue
• Index(es):
  • Date
  • Thread

---

Relevant Pages cracking sniffed hashs issue ... I installed a sniffer (cain) in the lan and captured ... the second part is NT hash it also shows nt challenge ... that the type is NTLM session security and for the ... to paste those hashes in plain-text.info but it tells ... (Pen-Test) RE: Pass the hash ... Subject: Pass the hash ... I have an email hack that sends the Windows ... Using CAIN I can get the suite of NTLMSSP ... Since these hashes are not the same as ... (Pen-Test) RE: Password hashs issue ... The thing is that cracking the hashes with Cain will ... the second part is NT hash it also shows nt ... that the type is NTLM session security and for the ... (Security-Basics) Pass the hash ... I have an email hack that sends the Windows ... Using CAIN I can get the suite of NTLMSSP ... Since these hashes are not the same as ... and I know that Metasploit will pass the hash when it ... (Pen-Test) Re: Password hashs issue ... First of all I would recommend not posting full hashes to the list. ... Next I would recommend changing passwords for all of those accounts. ... I'm not sure how this works with Cain, but with LC5 you can import text files and plug away at them all day. ... that the type is NTLM session security and for the ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2008-02