Metasploit mailing list archives
Re: Metasploit 3.8.0-dev.13016
From: Jose Selvi <jselvi () pentester es>
Date: Fri, 01 Jul 2011 07:06:58 +0200
Sorry, convert JTR to Cain&Abel (copy&paste mistake). Regards. El 01/07/11 00:16, Jose Selvi escribió:
From module's code:if(datastore['CAINPWFILE'] and smb[:username]) if ntlm_ver == NTLM_CONST::NTLM_V1_RESPONSE then fd = File.open(datastore['CAINPWFILE'], "ab") fd.puts( [ smb[:username], smb[:domain] ? smb[:domain] : "NULL", @challenge.unpack("H*")[0], lm_hash ? lm_hash : "0" * 48, nt_hash ? nt_hash : "0" * 48 ].join(":").gsub(/\n/, "\\n") ) fd.close end endIt seems that only NTLMv1 challenge-response is stored in Cain&Abel format. I can't remember, but I think I read a few time ago that NTLMv2 importing or cracking was not supported by Cain & Abel, so this output format wasn't generated for NTLMv2. You can recode de module for acceping it, or simply use awk (or similar) to convert JTR format to CHEMA.
-- Jose Selvi. Security Technical Consultant CISA, CISSP, CNAP, GCIH, GPEN http://www.pentester.es SANS Mentor in Madrid (Spain). September 23 - November 25 SEC560: Network Penetration Testing and Ethical Hacking http://www.sans.org/mentor/details.php?nid=24133 http://www.pentester.es/2010/12/nuevo-grupo-y-descuento-para-network.html _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Metasploit 3.8.0-dev.13016 Dan Jenkins (Jun 30)
- Re: Metasploit 3.8.0-dev.13016 Jose Selvi (Jun 30)
- Re: Metasploit 3.8.0-dev.13016 Jose Selvi (Jun 30)
- Re: Metasploit 3.8.0-dev.13016 Jose Selvi (Jun 30)