1
Hacking and Security / Re: Capturing NTLM hashes
« on: September 29, 2012, 04:52:02 PM »
I have already tried ettercap! No capture. It captures everything else but no lm or ntlm hash.
This forum is in archive mode. You will not be able to post new content.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Hacking and Security / Re: how to create a WPA password finder
« on: September 29, 2012, 02:30:53 PM »
I agree with relax. There are already many great tools out there! But anyway.. With basic knowledge of python you can't write such programs.
http://oss.coresecurity.com/projects/pcapy.html
http://oss.coresecurity.com/projects/pcapy.html
3
Hacking and Security / Capturing NTLM hashes
« on: September 29, 2012, 02:26:33 PM »
Need some help! I have an issue! I am trying to capture NTLM hashes from the network. This is what I want to achieve..
I want with wireshark or cain sniff the network for Active directory handshakes. In somehow capture the NTLM hashes when the user is authenticated against Microsoft Active directory. I am trying to accomplish it with wireshark and I am filtering the traffic using smb, ldap and ntlmssp filters and I have reached a point where the frames contain data that looks like hashes but I am not sure. I tried with l0phtcrack and after hours nothing has been captured. I am trying with cain by enabling NTLM downgrade, challenge spoofing reset and challenge spoofing but with no result, nothing has been captured. When I try all the above (wireshark, cain etc) during sniffing I connect to various shared folders, remote desktops and computers that belongs to active directory. I believe that with wireshark I am pretty close but cant tell for sure.
Can anyone help or point me in the right direction?
I noticed that when I connect from a linux machine to a windows shared folder cain captures the hash!
?
I want with wireshark or cain sniff the network for Active directory handshakes. In somehow capture the NTLM hashes when the user is authenticated against Microsoft Active directory. I am trying to accomplish it with wireshark and I am filtering the traffic using smb, ldap and ntlmssp filters and I have reached a point where the frames contain data that looks like hashes but I am not sure. I tried with l0phtcrack and after hours nothing has been captured. I am trying with cain by enabling NTLM downgrade, challenge spoofing reset and challenge spoofing but with no result, nothing has been captured. When I try all the above (wireshark, cain etc) during sniffing I connect to various shared folders, remote desktops and computers that belongs to active directory. I believe that with wireshark I am pretty close but cant tell for sure.
Can anyone help or point me in the right direction?
I noticed that when I connect from a linux machine to a windows shared folder cain captures the hash!
?
Pages: [1]