HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 58 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow How can you differentiate between NTLM and NTLMv2?
EH-Net
May 25, 2012, 03:05:59 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: How can you differentiate between NTLM and NTLMv2?  (Read 5243 times)
0 Members and 3 Guests are viewing this topic.
d3l0n
Jr. Member
**
Offline Offline

Posts: 59


View Profile
« on: December 10, 2009, 01:17:39 PM »
For example, do you know if this is NTLM or NTLMv2?

27EBE7918C717D8A8F1AB7B8643FE9E1
Logged
sgt_mjc
Sr. Member
****
Offline Offline

Posts: 294


View Profile
« Reply #1 on: December 10, 2009, 01:28:43 PM »
Run it through your favorite cracker and see what comes out.  If it pukes its guts out, then it is probably NTLM if not LM.
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
d3l0n
Jr. Member
**
Offline Offline

Posts: 59


View Profile
« Reply #2 on: December 10, 2009, 01:35:22 PM »
I'm 100% it's not LM.

I'm not trying to crack the hash, I'm trying to pass it. So far no pass-the-hash tool was able to pass it, which leads me to believe that it is NTLMv2. But I was looking for something more solid.

thx
Logged
sgt_mjc
Sr. Member
****
Offline Offline

Posts: 294


View Profile
« Reply #3 on: December 10, 2009, 02:56:27 PM »
Good luck.  It may not be v2, but syskey may be enabled on the target system and that could be where your problem is.
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
d3l0n
Jr. Member
**
Offline Offline

Posts: 59


View Profile
« Reply #4 on: December 10, 2009, 04:43:53 PM »
I actually did a hashdump on a Windows 2003 system. The system has different systems connect to it (XP, Vista, 7), I can see some records with LM and NTLM from all XP machines and few from Vista machines. Windows 7 users password hashes is showing as NO-PASSWORD********:PASSWORD

I think PASSWORD here is in NTLMv2 form.

Does anyone know of a tool that can pass NTLMv2 hashes available?
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.126 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.