average admins

Here’s a quick rundown on what’s new

Cain & Abel v4.1 released
New features:
- Cain’s MitM NTLM Challenge Spoofing. (Requires APR to be active and a MitM condition between victim hosts).
You can now spoof server challenges in NTLM authentications; this feature enables the use of RainbowTables for cracking network hashes.
WARNING !!! Enabling Challenge Spoofing cause users to fail authentications so use it carefully.
- NTLM Session Security authentications downgrade to LM&NTLMv1. The following protocols are supported: SMB, DCE/RPC, TDS, HTTP, POP3, IMAP, SMTP.
- LM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
- HALFLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
- NTLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
- New types of RainbowTables have been added to Winrtgen v2.2.
“lmchall” and “ntlmchall” tables can be used against LM and NTLM response hashes for spoofed challenges (0×1122334455667788).
“halflmchall” tables can be used against the first 8 bytes LM response hashes for spoofed challenges to recover the first 7 characters of the original password.

Looks interesting … I’ll definitely be playing around with some of the new features.

http://www.oxid.it/index.html

This entry was posted on Thursday, November 23rd, 2006 at 4:22 pm and is filed under Hacking, Microsoft, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.