killchain-compendium/hashes/password_cracking/smb_challenge.md

20 lines
365 B
Markdown
Raw Normal View History

2022-01-21 21:54:15 +01:00
# SMB Response Request
* Network traffic of the SMB handshake is needed
* Fields are
* username
* domain
* server challenge
* ntproofstring
* NTLMv2Response with ommited hex of type like 'ntlmProofStr' at the start
## Usage
* Format the fields
```sh
username::domain:serverChallenge:ntproofstring:NTLMv2Response
```
* Use john to decrypt