[framework] smb_sniffer module question

[Luke J]

Heya,

I've been writing a tool for utilising windows access tokens once a box
has been compromised. One of the first things I have made it do is to
connect to a remote IP whilst impersonating each access token in turn,
in order to obtain password hashes for accounts that might be domain
accounts.

It is working fine but I was wondering if the smb_sniffer output format
was intended for any particular cracking software. As far as I am aware,
John doesn't have the ability to crack challenge/response hashes and I
don't think you import them directly into Cain either (though there is
the possibility I could be wrong on both counts!!!).

I could run a packet sniffer and feed the pcap file into Cain but I
figured that the output format of smb_sniffer might have been intended
for some cracking software in particular but couldn't find any
information on it. Can anyone help?

Cheers,

Luke