[framework] smb_sniffer module question

[Luke J]

Cain is able to do what? Crack LM/NTLM challenge/response hashes? If so,
I am aware of that or do you mean Cain is able to import the smb_sniffer
output somehow?

In addition, I have been testing sniffing with Cain to intercept the
LM/NTLM challenge/response hashes as they are sent to smb_sniffer.
However, it seems to have real difficult picking them up. Often it
doesn't detect them at all. However, it is very reliable when sniffing
LM/NTLM connections to an actual windows box. Anybody know if this is a
problem with smb_sniffer?

Cheers,

Luke

Daniel Rebsdorf wrote:
> Luke J skrev:
>> Heya,
>>
>> I've been writing a tool for utilising windows access tokens once a box
>> has been compromised. One of the first things I have made it do is to
>> connect to a remote IP whilst impersonating each access token in turn,
>> in order to obtain password hashes for accounts that might be domain
>> accounts.
>>
>> It is working fine but I was wondering if the smb_sniffer output format
>> was intended for any particular cracking software. As far as I am aware,
>> John doesn't have the ability to crack challenge/response hashes and I
>> don't think you import them directly into Cain either (though there is
>> the possibility I could be wrong on both counts!!!).
>>
>> I could run a packet sniffer and feed the pcap file into Cain but I
>> figured that the output format of smb_sniffer might have been intended
>> for some cracking software in particular but couldn't find any
>> information on it. Can anyone help?
>>
>> Cheers,
>>
>> Luke
>>
>>   
> Cain is able to do it.
>