[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Feb 2010 10:17:02 -0600
From: jmk <jmk@...fus.net>
To: john-users@...ts.openwall.com
Subject: NTLMv2 Challenge/Response Cracking
Hi,
I've posted a patch against John 1.7.3.4 (w/ Jumbo 2 applied) for NTLMv2
challenge/response cracking:
http://www.foofus.net/jmk/smbchallenge.html
http://www.foofus.net/jmk/tools/jtr/john-1.7.3.4-jumbo-2-netntlmv2.diff
The NTLMv2 challenge/response communication occurs during network-based
user authentication. This exchange can be extracted from network
captures or by directing a user/system to authenticate to a service
which logs it (the above link also contains a patch against Samba to
dump these exchanges).
The Jumbo-2 patch currently contains support for LMv1, NTLMv1, and LMv2
challenge/response. I originally assumed that a LMv2 response would
always be sent along with a NTLMv2 exchange, so I never bothered with
NTLMv2. However, I've now found that Windows 7 likes to zero out the
LMv2 fields, so NTLMv2 is necessary.
Please let me know if there are any issues with the patch.
Thanks,
Joe
--
jmk <jmk@...fus.net>
Foofus Networks
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
