Re: Cracking Hashs

On 17/02/2011 23:12, Juan B wrote:

I put a sniffer in our windows AD domain as part of a security audit ,I was able
to sniff a user that is authenticating to the proxy server.

I wanted to try to find the password but It seems I cant figure out if its lm
Ntlm or kerberus or ? id doesent look like lm or ntlm am I wrong?

I capture it using etthercap, here is what I capture:

HTTP : -> USER: mranol PASS: (NTLM)

INFO: Proxy Authentication
HTTP : -> USER: mranol PASS: (NTLM)

any ideas which algortihm are beaing used?



Both hashes appear to resolve from the password "123456789".
They are NTLM Session Security Hashes. So think NTLM + Challenge-Response.


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442f727d1