jingojango.net/exploits/smb_sniffer.pm
Brute-Force Password Retrieval with
the LM Hashes + Challenge
Launch Cain and click the Cracker tab. Click File | Add to List or press INSERT to pull up
the AddNT Hashes From dialog box. Choose ???Import Hashes from a text file??? and select
the PWFILE you built with Metasploit, as you see in Figure 4-1.
After you load the hashes into Cain, right-click one of the lines and look at the cracking
options available, shown in Figure 4-2.
Choose Brute-Force Attack | ???LM Hashes + challenge??? and you??™ll be presented with
Brute-Force Attack options. In the case of the grayhat password, numeric is sufficient to
crack the password as you can see in Figure 4-3.
If the charset were changed to include all characters, the brute-force cracking time
would be changed to an estimated 150 days! This is where rainbow tables come in. If we
Gray Hat Hacking: The Ethical Hacker??™s Handbook
94
Figure 4-1 Cain hash import
have an 8GB rainbow table covering every combination of alphanumeric plus the most
common 14 symbols, the average crack time is 15 minutes. If we include every possible
character, the table grows to 32GB and the average crack time becomes a still-reasonable
53 minutes.
Pages:
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235