.

SMB Credentials

<<

jonas

Newbie
Newbie

Posts: 46

Joined: Mon Jun 08, 2009 9:04 pm

Post Sun Jan 17, 2010 3:54 pm

SMB Credentials

I'm sorry if this was posted before...

Can anyone point me in the right direction for acquiring SMB credentials to a box on my LAN (vmware) without having access to the hashes? (Windows 7)

Is it possible to trigger some "hash-check" from the box and sniff the traffic or something along those lines?  I read about ettercap converting the hash to l0ptrhack format.  I'm guessing this would provide some better results with OpenVAS/Nessus.

Any links or help would be appreciated.

Thx!
<<

bamed

Newbie
Newbie

Posts: 48

Joined: Thu Mar 19, 2009 7:05 pm

Location: Joplin, MO

Post Mon Jan 18, 2010 8:13 am

Re: SMB Credentials

H.D. Moore talks about NTLM hijacking in his Defcon 15 "Tactical Exploitation" talk: http://www.defcon.org/html/links/dc-arc ... html#Moore
chown -R bamed ./base
<<

d3l0n

Jr. Member
Jr. Member

Posts: 59

Joined: Sat Dec 27, 2008 6:48 pm

Post Mon Jan 18, 2010 9:00 pm

Re: SMB Credentials

Windows 7 uses NTLMv2 by default. Using Metasploit smb sniffer you will be able to get it.

But you should note that in NTLMv2 the server challenges the client and the client challenges the server this makes the process of cracking it to get the actual hash extremely hard when compared to NTLM which only uses the server challenge.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software