Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Feb 2010 10:17:02 -0600
From: jmk <>
Subject: NTLMv2 Challenge/Response Cracking


I've posted a patch against John (w/ Jumbo 2 applied) for NTLMv2
challenge/response cracking:

The NTLMv2 challenge/response communication occurs during network-based
user authentication. This exchange can be extracted from network
captures or by directing a user/system to authenticate to a service
which logs it (the above link also contains a patch against Samba to
dump these exchanges).

The Jumbo-2 patch currently contains support for LMv1, NTLMv1, and LMv2
challenge/response. I originally assumed that a LMv2 response would
always be sent along with a NTLMv2 exchange, so I never bothered with
NTLMv2. However, I've now found that Windows 7 likes to zero out the
LMv2 fields, so NTLMv2 is necessary.

Please let me know if there are any issues with the patch.


jmk <>
Foofus Networks

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.