03-20-2013, 08:20 PM
All right, I think I have succeeded in sniffing a SMB hash. I have done it using EtterCap.
This is the command:
so it yields through screen (checkable too via the logfile using etterlog):
(I have modified the numbers here, of course, so they are not entirely real)
Now, which one of those three numbers separated by ":" should theorically be sent to hashcat?
And what hash type must be specified?
I have heard about NTLM hashes are sent with LM hashes too. And some docs say the hash are MD4, anothers MD5... etc. Furthermore, I remember LM hashes were splitted each 7 corresponding characters of the original password. So I am asking this instead of just running hashcat.
This is the command:
Code:
ettercap -T -w dump.cap /OriginIP/ // output: -l logfileso it yields through screen (checkable too via the logfile using etterlog):
Code:
ACCOUNT : Luis- / Luis-:"":"":FF6D1D6B511167E500000000000000000000000000000000:261B4DFEDB3BBC143D21C4F15BB8299FBA974901C5DB19CC:DD3291B8FA111B98 (192.168.11.113)
INFO : DOMAIN: THREEPWOODNow, which one of those three numbers separated by ":" should theorically be sent to hashcat?
And what hash type must be specified?
I have heard about NTLM hashes are sent with LM hashes too. And some docs say the hash are MD4, anothers MD5... etc. Furthermore, I remember LM hashes were splitted each 7 corresponding characters of the original password. So I am asking this instead of just running hashcat.