whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/hashes/password_cracking/smb_challenge.md

365 B
Raw Blame History

SMB Response Request

  • Network traffic of the SMB handshake is needed
  • Fields are
    • username
    • domain
    • server challenge
    • ntproofstring
    • NTLMv2Response with ommited hex of type like 'ntlmProofStr' at the start

Usage

  • Format the fields
username::domain:serverChallenge:ntproofstring:NTLMv2Response
  • Use john to decrypt