Cracking HALFLM

Cатсн²² (in)sесuяitу / ChrisJohnRiley

I was recently reading through Chris Gates post on capturing and cracking HALFLM hashes with Metasploit and thought I’d give it a quick run through. (I won’t be rehashing what Chris already covered here, so I suggest you pop over to his blog for a quick coverage of HALFLM and the rainbowtable cracking method).

Until I read the post I’d been using the SMB_relay attack to load up a meterpreter shell onto the remote target, but seeing as Microsoft have finally decided this is a bug worth patching, it’s time to move on to other attack vectors. SMB_relay will still be a good attack vector for some attacks, but the patch against reflective relays means it’s not going to always be available.

msfAll was going well with the walkthrough, I’d captured the hash from the target machine and had the HALFLM tables downloaded (halflmchall _alphanumeric #1-7_x_2400_ 1122334455667788). So…

View original post 307 more words