Metasploit mailing list archives

smb_sniffer module question

From: 0xlukej at gmail.com (Luke J)
Date: Sun, 10 Dec 2006 08:47:35 +0000

Heya,

I've been writing a tool for utilising windows access tokens once a box
has been compromised. One of the first things I have made it do is to
connect to a remote IP whilst impersonating each access token in turn,
in order to obtain password hashes for accounts that might be domain
accounts.

It is working fine but I was wondering if the smb_sniffer output format
was intended for any particular cracking software. As far as I am aware,
John doesn't have the ability to crack challenge/response hashes and I
don't think you import them directly into Cain either (though there is
the possibility I could be wrong on both counts!!!).

I could run a packet sniffer and feed the pcap file into Cain but I
figured that the output format of smb_sniffer might have been intended
for some cracking software in particular but couldn't find any
information on it. Can anyone help?

Cheers,

Luke

Current thread:

smb_sniffer module question Luke J (Dec 10)
- smb_sniffer module question Daniel Rebsdorf (Dec 10)
  - smb_sniffer module question Luke J (Dec 10)
    - smb_sniffer module question Daniel Rebsdorf (Dec 10)
    - smb_sniffer module question H D Moore (Dec 10)
    - smb_sniffer module question Luke J (Dec 10)
    - smb_sniffer module question Nicolas RUFF (Dec 18)
- smb_sniffer module question H D Moore (Dec 10)
  - smb_sniffer module question Nicolas RUFF (Dec 13)
- smb_sniffer module question Andres Tarasco (Dec 10)
  - smb_sniffer module question Luke J (Dec 11)