[framework] smb_sniffer module question

[Daniel Rebsdorf]

It is able to crack them, im sure. But you need to import them yourself 
by opening the smb.txt (something like that) and then enter your own 
lines manually.

Luke J skrev:
> Cain is able to do what? Crack LM/NTLM challenge/response hashes? If so,
> I am aware of that or do you mean Cain is able to import the smb_sniffer
> output somehow?
>
> In addition, I have been testing sniffing with Cain to intercept the
> LM/NTLM challenge/response hashes as they are sent to smb_sniffer.
> However, it seems to have real difficult picking them up. Often it
> doesn't detect them at all. However, it is very reliable when sniffing
> LM/NTLM connections to an actual windows box. Anybody know if this is a
> problem with smb_sniffer?
>
> Cheers,
>
> Luke
>
> Daniel Rebsdorf wrote:
>   
>> Luke J skrev:
>>     
>>> Heya,
>>>
>>> I've been writing a tool for utilising windows access tokens once a box
>>> has been compromised. One of the first things I have made it do is to
>>> connect to a remote IP whilst impersonating each access token in turn,
>>> in order to obtain password hashes for accounts that might be domain
>>> accounts.
>>>
>>> It is working fine but I was wondering if the smb_sniffer output format
>>> was intended for any particular cracking software. As far as I am aware,
>>> John doesn't have the ability to crack challenge/response hashes and I
>>> don't think you import them directly into Cain either (though there is
>>> the possibility I could be wrong on both counts!!!).
>>>
>>> I could run a packet sniffer and feed the pcap file into Cain but I
>>> figured that the output format of smb_sniffer might have been intended
>>> for some cracking software in particular but couldn't find any
>>> information on it. Can anyone help?
>>>
>>> Cheers,
>>>
>>> Luke
>>>
>>>   
>>>       
>> Cain is able to do it.
>>
>>     
>
>