-
The XML parser don't disable the inline DTDs parsing by default or do not provide a mean to disable it AFAIK.
The XML parsing engine in SSDP/UPNP functionality is vulnerable to an XML External Enti…
-
Keypoints:
- Made a bad ODT file to to leak NetNTLM Creds (https://github.com/rmdavy/badodf/blob/master/badodt.py) and impacket-smbserver can receive NetHTLM hash info --> Use `hashcat -m 5600` or j…
-
Hi,
Sometimes I have restrictions set on me to not spread NT hashes into the RAM on machines in the targeted infrastructure. The main scenario I would like answers to is; does ntlmrelayx perform an…
-
**Is your feature request related to a problem? Please describe.**
Coerce NetNTLM authentication over HTTP with the captive portal and without user interaction by getting intranet-zoned. This feels e…
-
Hello Kevin,
I've obtained several NetNTLM v2 hashes using your tool but hashcat is throwing an error with the hash length (type 5600: NetNTLMv2)
`Hashfile 'netntlmv2.lst' on line 1 (-- redacted…
-
Now that we can capture NetNTLM hashes (#367), someone from pentest told me that we should test downgrading to NetNTLMv1. This version is easier to crack and you can even rainbowtable it. Some tests w…
-
We currently use bitslice DES in these formats:
```
$ fgrep -l DES_bs.h *_fmt*.c
BSDI_fmt.c
DES_fmt.c
LM_fmt.c
MSCHAPv2_bs_fmt_plug.c
NETNTLM_bs_fmt_plug.c
opencl_DES_fmt_plug.c
trip_fmt.c
…
-
Hi
Would it be possible to set a fixed challenge for eap to 11:22:33:44:55:66:77:88 ?
I believe it would help to crack the netntlmv1 .
Thanks
-
## Breaching Active Directory
- OSINT and Phishing
- NTLM Authenticated Services--> password spraying attack
- LDAP Bind Credentials--> Create a rogue LDAP server
- Authentication Relays--> Inte…
-
### Description ###
Feature request. Add support for NTLMv2 in the pcap2john.py script.
### Steps to reproduce ###
* Start recording pcap
* Mount cifs filesystem (smb2)
* Stop recording.
* Run…