Date: Mon, 14 Nov 2011 20:32:38 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: NTLM challenge/response cracking (again...) On Mon, Nov 14, 2011 at 08:17:36AM +0100, rootkit rootkit wrote: > so, I guess I was right (or at least in the right direction). Ettercap > doesn't dump properly NTLMv2 authentication C/R, instead it's > formatting them as NTLMv1. > > So I tried a different approach, using wireshark to capture the > packets, and then extracting the hashes myself. Cracking them with > john NETNTLMv2 mode worked wonderfully. Thank you for posting this! BTW, it looks like there will be a new version of Ettercap soon, from new maintainers: http://sectools.org/tool/ettercap/#c39 so you might want to report this issue to them. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.