|
|
|
|
|
|
IT Security and Insecurity Portal |
|
Posted: Thu May 03, 2012 12:05 pm |
|
|
Mullog |
Advanced user |
|
|
Joined: Aug 29, 2010 |
Posts: 540 |
|
|
|
|
|
|
|
Ok it seems that LANMAN is disabled and NTMLv1 only is in use because the
LM hash and NT hash are the same and ofc on the pics it also says NTMLv1 or NTLM + challenge only. Its not that easier to crack the pw It would be better if LM where also enabled. But I will give it a try but I doubt that I will find it |
|
|
|
|
|
|
|
|
Posted: Thu May 03, 2012 12:16 pm |
|
|
dev1712 |
Regular user |
|
|
Joined: May 02, 2012 |
Posts: 11 |
|
|
|
|
|
|
|
Mullog wrote: | Ok it seems that LANMAN is disabled and NTMLv1 only is in use because the
LM hash and NT hash are the same and ofc on the pics it also says NTMLv1 or NTLM + challenge only. Its not that easier to crack the pw It would be better if LM where also enabled. But I will giv it a try |
Thanks a lot Mullog.
I was doing some more research on Cain and Abel and found out about challenge spoofing. I was able to generate an NTLMv1 hash with a spoofed challenge. You can check out the same at the link below if it is of any help to you.
http://i49.tinypic.com/qss5u8.jpg
The most frustrating thing is that my laptop has been scheduled to perform a daily incremental backup on the network hard drive (Apple's Time Capsule) but I can't somehow access it directly. I am pretty sure that the login details are stored somewhere in my laptop but don't know where. I have checked Credentials Manager, but of no use. Therefore, I have to use these complex methods to be able to break into the network hard drive. |
|
|
|
|
|
|
|
|
Posted: Thu May 03, 2012 12:22 pm |
|
|
dev1712 |
Regular user |
|
|
Joined: May 02, 2012 |
Posts: 11 |
|
|
|
|
|
|
|
Mullog wrote: | Ok it seems that LANMAN is disabled and NTMLv1 only is in use because the
LM hash and NT hash are the same and ofc on the pics it also says NTMLv1 or NTLM + challenge only. Its not that easier to crack the pw It would be better if LM where also enabled. But I will give it a try but I doubt that I will find it |
Also, since my laptop has access to the network hard drive if there is a way to further downgrade from 'NTLMv1 + Challenge' to 'LM', please let me know. I will do it and generate another hash, by performing a backup, and post it here.
In short I can generate the hash anytime by clicking on the backup button. If you know of a way to generate a hash that follows LM, please let me know. |
|
|
|
|
|
|
|
|
Posted: Thu May 03, 2012 12:40 pm |
|
|
Mullog |
Advanced user |
|
|
Joined: Aug 29, 2010 |
Posts: 540 |
|
|
|
|
|
|
|
I think now you can attack it with rainbow tables but I'm not sure and I do not have them.
Sorry I dont know how to do that. How did you changed it to NTMLv1 in first place ? In the registry? If there is anything with Compatibility or Level change it to 0 |
|
|
|
|
Posted: Thu May 03, 2012 12:50 pm |
|
|
dev1712 |
Regular user |
|
|
Joined: May 02, 2012 |
Posts: 11 |
|
|
|
|
|
|
|
Mullog wrote: | I think now you can attack it with rainbow tables but I'm not sure and I do not have them.
Sorry I dont know how to do that. How did you changed it to NTMLv1 in first place ? In the registry? If there is anything with Compatibility or Level change it to 0 |
Changed it from Local Security Settings.
Actually, I also found out a way to force my laptop to generate LM hash (after reading your last post) but it will work only after my company's IT administrator resets the password (as we can not generate a weaker hash for the same password). |
|
|
|
|
Posted: Thu May 03, 2012 12:59 pm |
|
|
Mullog |
Advanced user |
|
|
Joined: Aug 29, 2010 |
Posts: 540 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Thu May 03, 2012 1:10 pm |
|
|
dev1712 |
Regular user |
|
|
Joined: May 02, 2012 |
Posts: 11 |
|
|
|
|
|
|
|
I have already done all this. It does not help because besides my local security settings the default settings of the network hard drive also matter. I may tone down my Local Security Settings to the lowest extent possible but still there are some default security settings at the network location which I can not tweak, in which case my laptop (client) will adapt to the security settings of the network location. |
|
|
|
|
|
|
|
|
Posted: Thu May 03, 2012 1:34 pm |
|
|
Mullog |
Advanced user |
|
|
Joined: Aug 29, 2010 |
Posts: 540 |
|
|
|
|
|
|
|
aah ok know I understand ^^ I thought you can change the the security settings of the network hard drive, too(In retrospect, its very stupid from me ). Maybe there is an exploit but with such things I cant help you, sorry. |
|
|
|
|
Posted: Thu May 03, 2012 1:58 pm |
|
|
dev1712 |
Regular user |
|
|
Joined: May 02, 2012 |
Posts: 11 |
|
|
|
|
|
|
|
Mullog wrote: | aah ok know I understand ^^ I thought you can change the the security settings of the network hard drive, too(In retrospect, its very stupid from me ). Maybe there is an exploit but with such things I cant help you, sorry. |
Yes. But you are at least going to try to decrypt the hash for me, isn't it?? Please don't say no. |
|
|
|
|
Posted: Thu May 03, 2012 4:31 pm |
|
|
Mullog |
Advanced user |
|
|
Joined: Aug 29, 2010 |
Posts: 540 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Thu May 03, 2012 4:36 pm |
|
|
dev1712 |
Regular user |
|
|
Joined: May 02, 2012 |
Posts: 11 |
|
|
|
|
|
|
|
Mullog wrote: | yes but its looking bad |
Yes, I thought so otherwise there would have been a lot of search results on the internet. |
|
|
|
|
|
|
|
|
Posted: Thu May 03, 2012 5:33 pm |
|
|
Mullog |
Advanced user |
|
|
Joined: Aug 29, 2010 |
Posts: 540 |
|
|
|
|
|
|
|
OneGuy wrote: | Plz crack th e first part of this LM&NTLM+Challenge hash
Code: | 81A50FD991CD11F24DAA83A3F77B56EE834AEE2A7A26F476:7EBAE76F67F0D2A37B0044D3BDF8350169812342D79CAE29:1122334455667788
Result: ???????L1# |
Many thanx |
Sailsail1#
OneGuy wrote: | Please crak this LM&NTLM+Challenge
Code: | 9BFEB79136472857192706DFFDECA14CC7EEDE96E30422D4:A3C34983F4765D799FD43A6C3223DA34A1133B6C1391B52E:1122334455667788 |
Thanx |
9BFEB79136472857192706DFFDECA14CC7EEDE96E30422D4:JULLANA???????
OneGuy wrote: | Anyone can help me crack this LM&NTLM+Challenge hash
Code: | 0C4A7AA399CBE62E95E22FA6C5DCCABD2F85252CC731BB25:7A546774795F70EDCC2FC20A643899F8BE9C989BAC08050F:1122334455667788 |
Thanx |
0C4A7AA399CBE62E95E22FA6C5DCCABD2F85252CC731BB25:KASBAH@??????? |
|
|
|
|
|
|
|
|
Posted: Fri May 04, 2012 5:13 am |
|
|
dev1712 |
Regular user |
|
|
Joined: May 02, 2012 |
Posts: 11 |
|
|
|
|
|
|
|
Hello Mullog
Looks like it is indeed possible to break NTLM + Challenge hash. Have you been able to make much headway into the hash I submitted? Eagerly waiting for that. |
|
|
|
|
Posted: Fri May 04, 2012 4:01 pm |
|
|
Mullog |
Advanced user |
|
|
Joined: Aug 29, 2010 |
Posts: 540 |
|
|
|
|
|
|
|
Yeah but only with LM hash you can see
because there are only cpu based cracker out there who can handle LM/NTLM + Challenge hashes its looking very bad for your hash. I tried wordlists with some rules and BF but without a result, sry.
Have you any hints how the pw could look like?
I think if the admin understands just a little bit of password security it will be impossible to crack with wordlists and will take too long with brute force. |
|
|
|
|
Posted: Fri May 04, 2012 4:23 pm |
|
|
dev1712 |
Regular user |
|
|
Joined: May 02, 2012 |
Posts: 11 |
|
|
|
|
|
|
|
Hmmm yes I agree. Let me try to generate the LM hash also by some way. Thanks a lot for all your efforts. |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 71 of 78
Goto page Previous1, 2, 3 ... 70, 71, 72 ... 76, 77, 78Next
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|