Hello,
Using ettercap, I have output like:
USER: xxxx.xxxxx HASH: xxxx.xxxxx:"":"":B5868F57a
x3F34FC7C00000000000000000000000000000000:A109BED82C8BF6BE8A0E5EDFC42964CFE274Fa
x278CF27281E:116FB24C76E30E4A DOMAIN: ZZZZZZZ
Can the same output be generated from tshark, if so what should be the command?
Also, there seems to be loads of zeros in this hash, is it a true hash or would I need to pass other parameters in the tshark command to get the correct output or does this have to be done through ettercap - I think by setting
smb_down - but I am not 100% sure how ;(Here is my setup:
--
#tshark -v
TShark 0.99.4
Compiled with GLib 1.2.10, with libpcap 0.9.4, with libz 1.2.3, with libpcre
6.3, without UCD-SNMP or Net-SNMP, without ADNS, without Lua, without GnuTLS,
without Gcrypt, without Kerberos.
Running on Linux 2.6.17-gentoo-r7_r5_nims, with libpcap version
0.9.4.
Built using gcc 4.1.1 (Gentoo 4.1.1).
--
Network traffic is an authentication against Windows 2000 server with Active Directory
Any advise, will be much appreciated.
Cheers
Norman
The
all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider.
