RE: Cracking Hashs



My $0.02,

Before you try to decipher unknown values, why not authenticate you own
account.
It will be easier to work from known values that to decipher the
unknown.

Christian

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Juan B
Sent: Thursday, February 17, 2011 6:12 PM
To: security basics
Subject: Cracking Hashs

Hi,

I put a sniffer in our windows AD domain as part of a security audit ,I
was able
to sniff a user that is authenticating to the proxy server.

I wanted to try to find the password but It seems I cant figure out if
its lm
Ntlm or kerberus or ? id doesent look like lm or ntlm am I wrong?

I capture it using etthercap, here is what I capture:


HTTP : 172.25.32.101:8080 -> USER: mranol PASS: (NTLM)
mranol:"":"":5c6802e93ccfdab100000000000000000000000000000000:f82969f336
3ca76f7bd7ba2b81c6ca7308d6cb44c25451a3:9545bb3fbc34ceba

INFO: Proxy Authentication
HTTP : 172.25.32.101:8080 -> USER: mranol PASS: (NTLM)
mranol:"":"":d3a3f5b3c9b131d700000000000000000000000000000000:5f051c848e
150d53a17881b55154a76b08beb6614e6d577f:d4fa1dafe981696a


any ideas which algortihm are beaing used?

thanks,

j





------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Securing access to a web server best practices and suggestions
    ... Users shall authenticate via their domain ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: Network Monitoring Software
    ... I am a big fan of open source monitoring solutions, ... Groundwork open source and Zenoss have open source options as well as ... out how to test, purchase, install and use a thawte Digital Certificate on ... your Apache web server. ...
    (Security-Basics)
  • Re: Network Monitoring Software
    ... salesperson recommended me to purchase the PacketTrap from QUEST ... out how to test, purchase, install and use a thawte Digital Certificate on ... your Apache web server. ... highlighted to help you ensure efficient ongoing management of your ...
    (Security-Basics)
  • Re: Centralized firewall management and log analysis tools
    ... Centralized firewall management and log analysis tools ... Q1Lab is much easier to install and use than ArcSight. ... --- Securing Apache Web Server with thawte Digital Certificate In ... test, purchase, install and use a thawte Digital Certificate on your ...
    (Security-Basics)
  • Re: ICMP Redirect Help
    ... Assunto: Re: ICMP Redirect Help ... If a machine's default gateway knows of a route that is on the same ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)