HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 40 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow SMB Credentials
EH-Net
May 24, 2013, 12:03:29 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: SMB Credentials  (Read 4834 times)
0 Members and 1 Guest are viewing this topic.
jonas
Newbie
*
Offline Offline

Posts: 46


View Profile
« on: January 17, 2010, 02:54:20 PM »
I'm sorry if this was posted before...

Can anyone point me in the right direction for acquiring SMB credentials to a box on my LAN (vmware) without having access to the hashes? (Windows 7)

Is it possible to trigger some "hash-check" from the box and sniff the traffic or something along those lines?  I read about ettercap converting the hash to l0ptrhack format.  I'm guessing this would provide some better results with OpenVAS/Nessus.

Any links or help would be appreciated.

Thx!
Logged
bamed
Newbie
*
Offline Offline

Posts: 48


View Profile WWW
« Reply #1 on: January 18, 2010, 07:13:09 AM »
H.D. Moore talks about NTLM hijacking in his Defcon 15 "Tactical Exploitation" talk: http://www.defcon.org/html/links/dc-archives/dc-15-archive.html#Moore
Logged
chown -R bamed ./base
d3l0n
Jr. Member
**
Offline Offline

Posts: 59


View Profile
« Reply #2 on: January 18, 2010, 08:00:30 PM »
Windows 7 uses NTLMv2 by default. Using Metasploit smb sniffer you will be able to get it.

But you should note that in NTLMv2 the server challenges the client and the client challenges the server this makes the process of cracking it to get the actual hash extremely hard when compared to NTLM which only uses the server challenge.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.078 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.