Grabbing LM challenges with an ettercap filter
hack-fu by: bob So... this is an amalgamtion of several ideas and bits of work I've found floating around that I put together. The result is a handy pentesting/pwnage technique. The following blog that kicked this idea off discusses a modified Metasploit exploit module called smb_server.pm by Kurt Grutzmacher: NTLMv1, Metasploit and You. Around the same time I'd been playing with some ettercap filters, based on the below work at Irongeek: Fun with Ettercap Filters. These two sparked something and gave me a use of those huge LMHALFCHALLENGE rainbow tables I'd downloaded.
Popularity: 11% [?]
dradis v1.2 – now with one-click installer
In adition to the changes released on the 4th of April, yesterday we released a Windows one-click installer for dradis.
The summary of the features of the v1.2 release:
- in the client:
- export to XML module is now part of the standard module set.
- a new implementation of the command line parser: now it is possible to use single and double quotes to pass multi-word arguments to the different commands.
- fixed the window.rb:159 bug.
- in the server:
- a slightly less annoying implementation of the web interface auto refresh functionality.
- the services added through the web interface can have a name now
- simple prevention against embedded XSS.
You can also download the platform-independent ruby source in the download section of the site.
Popularity: 7% [?]