Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20111114163238.GA5743@openwall.com>
Date: Mon, 14 Nov 2011 20:32:38 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: NTLM challenge/response cracking (again...)

On Mon, Nov 14, 2011 at 08:17:36AM +0100, rootkit rootkit wrote:
> so, I guess I was right (or at least in the right direction). Ettercap
> doesn't dump properly NTLMv2 authentication C/R, instead it's
> formatting them as NTLMv1.
> 
> So I tried a different approach, using wireshark to capture the
> packets, and then extracting the hashes myself. Cracking them with
> john NETNTLMv2 mode worked wonderfully.

Thank you for posting this!

BTW, it looks like there will be a new version of Ettercap soon, from
new maintainers:

http://sectools.org/tool/ettercap/#c39

so you might want to report this issue to them.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.