Kali Linux 2018: Windows Penetration Testing by Wolf Halton

Author:Wolf Halton
Language: eng
Format: epub
Tags: COM053000 - COMPUTERS / Security / General, COM043050 - COMPUTERS / Security / Networking, COM046000 - COMPUTERS / Operating Systems / General
Publisher: Packt Publishing
Published: 2018-11-12T07:15:13+00:00

In the preceding screenshot, we can see that we have captured the Administrator login from the \\WIN10-01 workstation. This was captured when the user logged on to the domain from the workstation. Notice this is a NTLMv2 hash, which is a salted NTLMv1 hash. A salted hash is basically a re-hashed hash. During the challenge and response part of the SMB login, a 16-bit random hash value is exchanged. The NTLMv1 56-bit hash is then hashed with this random value. This new hash, which is then transmitted to the server, is the NTLMv2 hash value. Since the salt is a random value, the captured v2 hash is non-replayable, but the good news is that programs, such as good old John the Ripper or Hashcat, can crack these hashes offline. They just can't be used in a Pass the Hash style attack.

In the following screenshot, we have the login for LAB1\rred. Again, this is from the user logging into the domain, and the non-replayable NTLMv2 hash is captured again. After both captures, you will notice, a few lines down, that Responder again captures the login, but doesn't repeat it onscreen. It is still logged to the log file as a separate hash. In the log file, you can see when the challenge and response hash changes from the non-replayable changes in the file. The actual password has not changed, but the challenge and response hashes have changed between responses:

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.