Re: Cracking Hashs



On 17/02/2011 23:12, Juan B wrote:
Hi,

I put a sniffer in our windows AD domain as part of a security audit ,I was able
to sniff a user that is authenticating to the proxy server.

I wanted to try to find the password but It seems I cant figure out if its lm
Ntlm or kerberus or ? id doesent look like lm or ntlm am I wrong?

I capture it using etthercap, here is what I capture:


HTTP : 172.25.32.101:8080 -> USER: mranol PASS: (NTLM)
mranol:"":"":5c6802e93ccfdab100000000000000000000000000000000:f82969f3363ca76f7bd7ba2b81c6ca7308d6cb44c25451a3:9545bb3fbc34ceba

INFO: Proxy Authentication
HTTP : 172.25.32.101:8080 -> USER: mranol PASS: (NTLM)
mranol:"":"":d3a3f5b3c9b131d700000000000000000000000000000000:5f051c848e150d53a17881b55154a76b08beb6614e6d577f:d4fa1dafe981696a


any ideas which algortihm are beaing used?

thanks,

j

Both hashes appear to resolve from the password "123456789".
They are NTLM Session Security Hashes. So think NTLM + Challenge-Response.

Edd.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Password hashes
    ... There are only LM and NTLM hashes. ... There is an NTLMv2 hash but it is not stored. ... authenticating to the network. ... Auditing and reviewing the security logs ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging
    ... >> Further to Greg's comments about this Encode Security Labs ... >> NTLM for authentication, ... > NTLM is a unilateral authentication protocol where the server ...
    (NT-Bugtraq)
  • Re: WINCE 6.0 Shared Folder
    ... doesn't support it NTLMv2, they only support NTLM. ... need to change on the Vista system that is going to access the PVC device. ... Security Settings / Local Policies /Security Options ... Domain controllers accept LM, NTLM, and NTLMv2 ...
    (microsoft.public.windowsce.platbuilder)
  • Re: IIS 5.0 with Integrated Window Authentication
    ... WebInspect supports NTLM. ... IIS 5.0 with Integrated Window Authentication ... > I'm doing a security review and penetration test of a site running on IIS ...
    (Pen-Test)
  • [Full-Disclosure] [ GLSA 200409-04 ] Squid: Denial of service when using NTLM authentication
    ... Squid is vulnerable to a denial of service attack which could crash its ... NTLM helpers. ... Squid is a full-featured Web Proxy Cache designed to run on Unix ... Security is a primary focus of Gentoo Linux and ensuring the ...
    (Full-Disclosure)