Using Cain to sniff windows passwords…

Viewing 3 reply threads
  • Author
    Posts
    • #2626
      Loic
      Participant

      Hi all, I was sniffing traffic on my work network (and yes I do have permission) and I was collecting hashes to see if I can crack them so that I can make a recommendation to use stronger, longer passwords. But one thing I noticed is that every time is collected a hash it was different even if it was for the same user? Why is this?

    • #18827
      Anonymous
      Participant

      LM vs NTLM?

    • #18828
      heffnercj
      Participant

      What application/service were the hashes related to? Are these Windows logons, or something else? Some services will use a nonce value combined with the password to produce a unique hash value each time. Or, it could be something completely different; you really need to take a look at how the service in question works, what kind of hashing it uses, and how that hashing is implemented.

    • #18829
      slimjim100
      Participant

      Depending on the requested service it could be LM or NTLM with a challenge hash. Cain can also brute force and dictionary attack this kind of hash.

      Brian

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?