Date: Fri, 12 Feb 2010 10:17:02 -0600 From: jmk <jmk@...fus.net> To: john-users@...ts.openwall.com Subject: NTLMv2 Challenge/Response Cracking Hi, I've posted a patch against John 220.127.116.11 (w/ Jumbo 2 applied) for NTLMv2 challenge/response cracking: http://www.foofus.net/jmk/smbchallenge.html http://www.foofus.net/jmk/tools/jtr/john-18.104.22.168-jumbo-2-netntlmv2.diff The NTLMv2 challenge/response communication occurs during network-based user authentication. This exchange can be extracted from network captures or by directing a user/system to authenticate to a service which logs it (the above link also contains a patch against Samba to dump these exchanges). The Jumbo-2 patch currently contains support for LMv1, NTLMv1, and LMv2 challenge/response. I originally assumed that a LMv2 response would always be sent along with a NTLMv2 exchange, so I never bothered with NTLMv2. However, I've now found that Windows 7 likes to zero out the LMv2 fields, so NTLMv2 is necessary. Please let me know if there are any issues with the patch. Thanks, Joe -- jmk <jmk@...fus.net> Foofus Networks
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.