Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Feb 2010 10:17:02 -0600
From: jmk <jmk@...fus.net>
To: john-users@...ts.openwall.com
Subject: NTLMv2 Challenge/Response Cracking

Hi,

I've posted a patch against John 1.7.3.4 (w/ Jumbo 2 applied) for NTLMv2
challenge/response cracking:

http://www.foofus.net/jmk/smbchallenge.html
http://www.foofus.net/jmk/tools/jtr/john-1.7.3.4-jumbo-2-netntlmv2.diff

The NTLMv2 challenge/response communication occurs during network-based
user authentication. This exchange can be extracted from network
captures or by directing a user/system to authenticate to a service
which logs it (the above link also contains a patch against Samba to
dump these exchanges).

The Jumbo-2 patch currently contains support for LMv1, NTLMv1, and LMv2
challenge/response. I originally assumed that a LMv2 response would
always be sent along with a NTLMv2 exchange, so I never bothered with
NTLMv2. However, I've now found that Windows 7 likes to zero out the
LMv2 fields, so NTLMv2 is necessary.

Please let me know if there are any issues with the patch.

Thanks,
Joe

-- 
jmk <jmk@...fus.net>
Foofus Networks

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ