Date: Tue, 12 May 2009 10:25:17 -0500 From: jmk <jmk@...fus.net> To: john-users@...ts.openwall.com Subject: Re: Cracking Metasploit SMB stuff... On Fri, 2009-04-24 at 15:44 -0300, nahuel.grisolia@...il.com wrote: > Hey list, i'm trying to crack this: > > Captured 192.168.2.138:1597 DOMAIN\user > LMHASH:8885a28be8a72ca650bd65069ca4a3f4a5de1c918778d28f > NTHASH:3a948718e031f88063d9925152ab2b5e010100000000000005f1c89ff1c4c901a5de1c918778d28f00000000020000000000000000000000 > OS:Windows 2002 Service Pack 3 2600 LM:Windows 2002 > 5.1 > > i dont know which format should i use this time... i've already read all the > _fmt.c but with no luck... any ideas? i know the cleartext password, if it > can help tell me... thanx a lot. Nahuel, I'm a bit rusty on this, but here goes... What you have there should be a LMv2 and a NTLMv2 challenge/response. The John "NETLMv2" format can perform a brute-force crack against the LMv2 set. The first 16 bytes of your "LMHASH" value should be the client response and the next 8 are its challenge. You will also need the server challenge issued by Metasploit, which I'm assuming was 1122334455667788. The format of the file should then be as follows: USERNAME::DOMAIN:SERVER CHALLENGE:LMv2 RESPONSE:CLIENT CHALLENGE Using your data, you have: user::DOMAIN:1122334455667788:8885a28be8a72ca650bd65069ca4a3f4:a5de1c918778d28f Joe -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ