HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 51 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Using Cain to sniff windows passwords…
EH-Net
May 24, 2012, 06:30:56 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Using Cain to sniff windows passwords…  (Read 6787 times)
0 Members and 1 Guest are viewing this topic.
Dissident85
Newbie
*
Offline Offline

Posts: 16



View Profile
« on: July 09, 2008, 07:54:21 PM »
Hi all, I was sniffing traffic on my work network (and yes I do have permission) and I was collecting hashes to see if I can crack them so that I can make a recommendation to use stronger, longer passwords. But one thing I noticed is that every time is collected a hash it was different even if it was for the same user? Why is this?
Logged
LSOChris
Guest
« Reply #1 on: July 09, 2008, 08:42:38 PM »
LM vs NTLM?
Logged
Craig
EH-Net Columnist
Jr. Member
*****
Offline Offline

Posts: 69


View Profile WWW
« Reply #2 on: July 09, 2008, 08:44:36 PM »
What application/service were the hashes related to? Are these Windows logons, or something else? Some services will use a nonce value combined with the password to produce a unique hash value each time. Or, it could be something completely different; you really need to take a look at how the service in question works, what kind of hashing it uses, and how that hashing is implemented.
Logged
http://www.sourcesec.com
slimjim100
EH-Net Columnist
Sr. Member
*****
Offline Offline

Posts: 385



View Profile WWW
« Reply #3 on: July 09, 2008, 11:56:11 PM »
Depending on the requested service it could be LM or NTLM with a challenge hash. Cain can also brute force and dictionary attack this kind of hash.

Brian
Logged
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.204 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.