Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
Nessus 3 NTLM password usage
Sztano.Zsolt at ing
Aug 11, 2008, 3:36 AM
Post #1 of 3 (1075 views)
Permalink
Hi,

I would like to ask how to format the NTLM hash (and if it's true that
NTLM is pure MD4 of the user password).
I have filled the password field for the user account: scanuser, domain:
companydomain, the password: 1F533C644A8D1709F8B255533096C679, changed
the SMB password type field: NTLM Hash, but the domain locked the user
out (bad password).
Am I missing something?

Thanks,
Zsolt


-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.

Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------
Re: Nessus 3 NTLM password usage [ In reply to ]
miguel.dilaj at gmail
Aug 11, 2008, 5:56 AM
Post #2 of 3 (1018 views)
Permalink
FYI.

NTLM = md4(ascii2unicode(‘password’))

Regards,

Miguel


Sztano.Zsolt@ing.hu wrote:
> Hi,
>
> I would like to ask how to format the NTLM hash (and if it's true that
> NTLM is pure MD4 of the user password).
> I have filled the password field for the user account: *scanuser*,
> domain: *companydomain*, the password:
> *1F533C644A8D1709F8B255533096C679*, changed the SMB password type
> field: *NTLM Hash*, but the domain locked the user out (bad password).
> Am I missing something?
>
> Thanks,
> Zsolt
>
>
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
RE: Nessus 3 NTLM password usage [ In reply to ]
Sztano.Zsolt at ing
Aug 11, 2008, 6:33 AM
Post #3 of 3 (1015 views)
Permalink
Miguel,

I know I've done something wrong. Using md5 instead of md4 and ascii
instead of utf16. Everything else was fine :)
Now it works.

Thanks a lot,
Zsolt

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Miguel Dilaj
Sent: Monday, August 11, 2008 2:56 PM
Cc: nessus@list.nessus.org
Subject: Re: Nessus 3 NTLM password usage

FYI.

NTLM = md4(ascii2unicode('password'))

Regards,

Miguel


Sztano.Zsolt@ing.hu wrote:
> Hi,
>
> I would like to ask how to format the NTLM hash (and if it's true that

> NTLM is pure MD4 of the user password).
> I have filled the password field for the user account: *scanuser*,
> domain: *companydomain*, the password:
> *1F533C644A8D1709F8B255533096C679*, changed the SMB password type
> field: *NTLM Hash*, but the domain locked the user out (bad password).
> Am I missing something?
>
> Thanks,
> Zsolt
>
>
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.

Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal