Sniffing Lm Hashes ?!

GovernmentSecurity.org > The Archives > General Network Security

=k3Rn=

Aug 17 2004, 01:18 PM

hey !

i tryed to use cain & able to sniff my network.
i could sniff some smb passes, but i mentioned, that the lm has isn't complete.
the has is filed with "0"s, and it got a challenge key.
sniffed smb passes like that aren't crackable with rainbow table, because you don't hvae a full klm hash - is that right ??

is there any possibility to sniff the fll lm hash, to then carck it ?

i hop my problem get clear.

thx in advance.
greetz
=k3Rn=

slimjim100

Aug 18 2004, 02:30 AM

Did you try NTLM as the hash to crack??

Slimjim100

=k3Rn=

Aug 19 2004, 03:52 AM

i send the sniffed smb passes to the crack (lm & ntlm in cain) and there i can see that the lm hash is not complete.

when i then go to cryptanalysis lm (that the option for using the rainbow tables) i can't load the hash.

i think it's same when using the crypanalysis ntlm - but i don't think i can use my tabels for that - i calculated em for lm (is it possible to generate ntlm tables too - this must take very long so...)

Terminal

Aug 19 2004, 10:37 AM

well when u get hash why dont u try to match with pre-made online rainbow table database .

check this out : http://sarcaprj.wayreth.eu.org/index.php

s54

Aug 19 2004, 02:40 PM

Sniffed LM Hashes will always come along with a challenge, so no - it is not possible. Read up the "hashes" explaination in the LC4 manual to learn more about it.

=k3Rn=

Aug 20 2004, 08:10 PM

s54: thx for the hint - i'll have a look

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Sniffing Lm Hashes ?! GovernmentSecurity.org > The Archives > General Network Security =k3Rn= Aug 17 2004, 01:18 PM hey ! i tryed to use cain & able to sniff my network. i could sniff some smb passes, but i mentioned, that the lm has isn't complete. the has is filed with "0"s, and it got a challenge key. sniffed smb passes like that aren't crackable with rainbow table, because you don't hvae a full klm hash - is that right ?? is there any possibility to sniff the fll lm hash, to then carck it ? i hop my problem get clear. thx in advance. greetz =k3Rn= slimjim100 Aug 18 2004, 02:30 AM Did you try NTLM as the hash to crack?? Slimjim100 =k3Rn= Aug 19 2004, 03:52 AM i send the sniffed smb passes to the crack (lm & ntlm in cain) and there i can see that the lm hash is not complete. when i then go to cryptanalysis lm (that the option for using the rainbow tables) i can't load the hash. i think it's same when using the crypanalysis ntlm - but i don't think i can use my tabels for that - i calculated em for lm (is it possible to generate ntlm tables too - this must take very long so...) Terminal Aug 19 2004, 10:37 AM well when u get hash why dont u try to match with pre-made online rainbow table database . check this out : http://sarcaprj.wayreth.eu.org/index.php s54 Aug 19 2004, 02:40 PM Sniffed LM Hashes will always come along with a challenge, so no - it is not possible. Read up the "hashes" explaination in the LC4 manual to learn more about it. =k3Rn= Aug 20 2004, 08:10 PM s54: thx for the hint - i'll have a look This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.