Granted, this would require a huge amount of disk space but you sacrifice memory/
space for time. This idea was further optimized in 2003 by Dr. Philippe Oeschslin to
make the hash lookups into the hash list faster. This optimized lookup table technique
was called rainbow tables. The math for both the hash function and the rainbow table
algorithm is documented in the References section next. And now we??™re ready to talk
about Metasploit.
References
The NTLM protocol http://en.wikipedia.org/wiki/NTLM
Rainbow tables http://en.wikipedia.org/wiki/Rainbow_tables
Project RainbowCrack www.antsight.com/zsl/rainbowcrack
Configuring Metasploit as a Malicious SMB Server
This attack requires Metasploit 2.7 on a Unix-based machine (Mac OS X works great). The
idea is to bind to port 139 and to listen for client requests for any file. For each request, ask
the client to authenticate using the challenge-response protocol outlined in the previous
section. You??™ll need Metasploit 2.7 because the smb_sniffer is written in perl (Metasploit
2.x), not Ruby (Metasploit 3.x). The built-in smb_sniffer does not work this way, so you??™ll
need to download http://grutz.jingojango.net/exploits/smb_sniffer.pm and place it under
Gray Hat Hacking: The Ethical Hacker??™s Handbook
92
Chapter 4: Using Metasploit
93
PART II
the Metasploit exploits/ directory, replacing the older version.
Pages:
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232