Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20090904235402.GA7452@openwall.com>
Date: Sat, 5 Sep 2009 03:54:02 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Using Cain and Abel Hashes

On Thu, Sep 03, 2009 at 07:50:31AM -0400, Rich Rumble wrote:
> Cain & Able (oxid.it)is like l0pht on steroids :)

BTW, I was surprised to find out that L0phtCrack is back:

http://l0phtcrack.com

> Depending on how you use Cain you can capture lots of hash types and
> decode/crack them. The packet captures are not going to be useful for JTR to
> crack (unless I've missed something recently). Most exchanges you catch on
> the wire will be the challenge-response type.

JtR with the jumbo patch supports some of these, thanks to JoMo-Kun:

$ fgrep C/R *.c
NETHALFLM_fmt.c:#define FORMAT_NAME          "HalfLM C/R DES"
NETLM_fmt.c:#define FORMAT_NAME          "LM C/R DES"
NETLMv2_fmt.c:#define FORMAT_NAME          "LMv2 C/R MD4 HMAC-MD5"
NETNTLM_fmt.c:#define FORMAT_NAME          "NTLMv1 C/R MD4 DES"

> I'm not totally up to speed on
> kerberos, but I've used kerbsniff and kerbcrack very effectively (
> ntsecurity.nu) for those hashes.

A more direct link:

http://ntsecurity.nu/toolbox/kerbcrack/

(No, I haven't tried this out.)

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.