This forum is in archive mode. You will not be able to post new content.
Pages: [1]

Author Topic: Cain & Abel  (Read 903 times)

0 Members and 1 Guest are viewing this topic.

Offline Axon

  • VIP
  • King
  • *
  • Posts: 2047
  • Cookies: 319
    • View Profile
Cain & Abel
« on: July 24, 2013, 02:54:27 AM »
A friend of mine used cain and able a his work place, in order to capture NTLM hashes . After doing some successful brute forcing attacks on captured accounts, he managed to obtain the usernames and passwords of few employers at his institute. While checking the validity of the captured accounts, it turned out that 3 out of 4 accounts was valid. One account was invalid.


The dilemma here is that he checked multiple times about the username, you can do that by logging with your account and checking the database of the employees, you can search using (first name, last name, email address). The name is 100% corresponds to the captured one. He referred to me and I checked it many time, trying to log in from different computers with no result. Furthermore, it's quite impossible as far as I know for cain to yield and incorrect password. We all know that brute forcing generates a random passwords,then hash it and tries to match it with the captured hash. What could be the problem here? I also highly doubt the targeted employee changed his password. Could it be that the server doesn't accept logging in with different accounts from the same IP, as a security measure.
Report to moderator   Logged

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Cain & Abel
« Reply #1 on: July 24, 2013, 03:25:32 AM »
You sure there are no local vs remote/central mix-up here? Local users != remote/central users obviously.
Report to moderator   Logged
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Cain & Abel
« Reply #2 on: July 24, 2013, 05:58:39 AM »
Quote from: Axon on July 24, 2013, 02:54:27 AM
Could it be that the server doesn't accept logging in with different accounts from the same IP, as a security measure.

Well that is possible but very unlikely.
Dont think many admins would bind accounts to IP addresses, that would give me some major fucking headaches, that I do know.

Besides, false positives do exist and are not uncommon.
With tools like pyrit for example Ive come across passwords that where not correct.
Does it match the password policy?
Did they try to crack it again and cofirm it?
One way would be to see if you can hash that password and get the same value as the original hash.
« Last Edit: July 24, 2013, 07:49:34 PM by proxx »
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Axon

  • VIP
  • King
  • *
  • Posts: 2047
  • Cookies: 319
    • View Profile
Re: Cain & Abel
« Reply #3 on: July 24, 2013, 10:32:39 AM »
Quote from: ande on July 24, 2013, 03:25:32 AM
You sure there are no local vs remote/central mix-up here? Local users != remote/central users obviously.


It's impossible to have a mix up here. However, I'm quite sure now that the user changed his password, and it happened coincidentally with my friend capturing his old password. 
Report to moderator   Logged
Pages: [1]
 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.