03-29-2013, 07:49 PM
Wefffff.... I finally did it: installed EtterCap latest version. It has been a bit hard: Ettercap seems to be very updated, so several libraries and programs (CURL, for example) need to be in the latest version.
I have checked what you say, halfie. You were right. Now I can capture VNC hashes. Thanks a lot:
So, now that I have this hash, how should I attack it? I made this tests (assuming VNC is a DES -m 1500 hash type):
I was suspecting this would not work, because, as far as I know, the data extracted by Ettercap should be a challenge-response pair, and maybe this is not the same as the hash.
So, even when we can crack (or try to) this hash using John the Ripper (only with Jumbo version, thanks again) I think the initial question is still on the air:
How can I extract the (in this case) VNC hash from a .pcap (WireShark) capture file for use in OCLHashCat-Plus?
I have checked what you say, halfie. You were right. Now I can capture VNC hashes. Thanks a lot:
Code:
luis@VirtUbuntu:~/Temporal/Ettercap$ more PruebaVNC.txt
192.168.11.110-5901:$vnc$*a5d62a6cd58f41abe8785a4485811aac*248d3290ce533f028613f092f25834cfSo, now that I have this hash, how should I attack it? I made this tests (assuming VNC is a DES -m 1500 hash type):
Code:
PS F:\Crackeo en Proceso\Pruebas\VNC> oclHashcat-plus64.exe -m 1500 .\PruebaVNC.txt
WARNING: Hashfile '.\PruebaVNC.txt' in line 1 (192.168.11.110-5901:$vnc$*a5d62a6cd58f41abe8785a4485811aac*248d3290ce533f028613f092f25834cf): Line-length exception
ERROR: No hashes loaded
PS F:\Crackeo en Proceso\Pruebas\VNC> oclHashcat-plus64.exe -m 1500 "f:\Crackeoen Proceso\Pruebas\VNC\PruebaVNC-Modificado.txt" --username
WARNING: Hashfile 'f:\Crackeo en Proceso\Pruebas\VNC\PruebaVNC-Modificado.txt' in line 1 (*a5d62a6cd58f41abe8785a4485811aac*248d3290ce533f028613f092f25834cf): Line-length exception
ERROR: No hashes loaded
PS F:\Crackeo en Proceso\Pruebas\VNC> oclHashcat-plus64.exe -m 1500 '*a5d62a6cd58f41abe8785a4485811aac*248d3290ce533f028613f092f25834cf'
WARNING: Hash '*a5d62a6cd58f41abe8785a4485811aac*248d3290ce533f028613f092f25834c
f': Line-length exception
ERROR: No hashes loaded
PS F:\Crackeo en Proceso\Pruebas\VNC> oclHashcat-plus64.exe -m 1500 '*a5d62a6cd58f41abe8785a4485811aac'
WARNING: Hash '*a5d62a6cd58f41abe8785a4485811aac': Line-length exception
ERROR: No hashes loaded
PS F:\Crackeo en Proceso\Pruebas\VNC> oclHashcat-plus64.exe -m 1500 '*248d3290ce533f028613f092f25834cf'
WARNING: Hash '*248d3290ce533f028613f092f25834cf': Line-length exception
ERROR: No hashes loaded
PS F:\Crackeo en Proceso\Pruebas\VNC> oclHashcat-plus64.exe -m 1500 '248d3290ce533f028613f092f25834cf'
WARNING: Hash '248d3290ce533f028613f092f25834cf': Line-length exception
ERROR: No hashes loaded
PS F:\Crackeo en Proceso\Pruebas\VNC> oclHashcat-plus64.exe -m 1500 'a5d62a6cd58f41abe8785a4485811aac'
WARNING: Hash 'a5d62a6cd58f41abe8785a4485811aac': Line-length exception
ERROR: No hashes loaded
PS F:\Crackeo en Proceso\Pruebas\VNC> oclHashcat-plus64.exe -m 1500 'a5d62a6cd58
f41abe8785a4485811aac:248d3290ce533f028613f092f25834cf'
WARNING: Hash 'a5d62a6cd58f41abe8785a4485811aac:248d3290ce533f028613f092f25834cf': Line-length exception
ERROR: No hashes loaded
PS F:\Crackeo en Proceso\Pruebas\VNC> oclHashcat-plus64.exe -m 1500 'a5d62a6cd58f41abe8785a4485811aac248d3290ce533f028613f092f25834cf'
WARNING: Hash 'a5d62a6cd58f41abe8785a4485811aac248d3290ce533f028613f092f25834cf'
: Line-length exception
ERROR: No hashes loadedSo, even when we can crack (or try to) this hash using John the Ripper (only with Jumbo version, thanks again) I think the initial question is still on the air:
How can I extract the (in this case) VNC hash from a .pcap (WireShark) capture file for use in OCLHashCat-Plus?