| 
  
    | 
	|  | Menu |  |  
     
     | 
      
       | 
        
         | 
          
           | 
						|  |  |  Home |  |  |  |  |  |  |  |  Discussions |  |  |  |  |  |  |  |  Tools |  |  |  |  |  |  |  |  Affiliates |  |  |  |  |  |  |  |  Content |  |  |  |  |  |  |  |  Info |  |  |  |  |  |  |  |  |  |  
  
    | 
	|  | User Info |  |  
     
     | 
      
       | 
        
         | 
          
           |  Membership: 
  Latest: MichaelSnaRe 
  New Today: 0 
  New Yesterday: 0 
  Overall: 9144 
 
  People Online: 
  Visitors: 288 
  Members: 0 
  Total: 288 
 |  |  |  |  |  
  
    | 
	|  | Full disclosure |  |  
     
     | 
      
       | 
        
         | 
          
           | CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
 Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
 Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
 Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
 [SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
 [SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
 CVE-2025-59397 - Open Web Analytics SQL Injection
 Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
 Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
 Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
 Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
 Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
 Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
 Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
 
 |  |  |  |  |  | 
  
    | 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	| 
	
		|  Posted: Thu May 03, 2012 12:05 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Mullog |  | Advanced user |  |  
  |  |  |  | Joined: Aug 29, 2010 |  | Posts: 540 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Ok it seems that LANMAN is disabled and NTMLv1 only is in use because the LM hash and NT hash are the same and ofc on the pics it also says NTMLv1 or NTLM + challenge only. Its not that easier to crack the pw
  It would be better if LM where also enabled. But I will give it a try but I doubt that I will find it |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu May 03, 2012 12:16 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| dev1712 |  | Regular user |  |  
  |  |  |  | Joined: May 02, 2012 |  | Posts: 11 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Mullog wrote: |  	  | Ok it seems that LANMAN is disabled and NTMLv1 only is in use because the LM hash and NT hash are the same and ofc on the pics it also says NTMLv1 or NTLM + challenge only. Its not that easier to crack the pw
  It would be better if LM where also enabled. But I will giv it a try | 
 
 Thanks a lot Mullog.
   
 I was doing some more research on Cain and Abel and found out about challenge spoofing. I was able to generate an NTLMv1 hash with a spoofed challenge. You can check out the same at the link below if it is of any help to you.
 
 http://i49.tinypic.com/qss5u8.jpg
 
 The most frustrating thing is that my laptop has been scheduled to perform a daily incremental backup on the network hard drive (Apple's Time Capsule) but I can't somehow access it directly. I am pretty sure that the login details are stored somewhere in my laptop but don't know where. I have checked Credentials Manager, but of no use. Therefore, I have to use these complex methods to be able to break into the network hard drive.
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu May 03, 2012 12:22 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| dev1712 |  | Regular user |  |  
  |  |  |  | Joined: May 02, 2012 |  | Posts: 11 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Mullog wrote: |  	  | Ok it seems that LANMAN is disabled and NTMLv1 only is in use because the LM hash and NT hash are the same and ofc on the pics it also says NTMLv1 or NTLM + challenge only. Its not that easier to crack the pw
  It would be better if LM where also enabled. But I will give it a try but I doubt that I will find it | 
 
 Also, since my laptop has access to the network hard drive if there is a way to further downgrade from 'NTLMv1 + Challenge' to 'LM', please let me know. I will do it and generate another hash, by performing a backup, and post it here.
 
 In short I can generate the hash anytime by clicking on the backup button. If you know of a way to generate a hash that follows LM, please let me know.
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu May 03, 2012 12:40 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Mullog |  | Advanced user |  |  
  |  |  |  | Joined: Aug 29, 2010 |  | Posts: 540 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| I think now you can attack it with rainbow tables but I'm not sure and I do not have them. Sorry I dont know how to do that. How did you changed it to NTMLv1 in first place ? In the registry? If there is anything with Compatibility or Level change it to 0
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu May 03, 2012 12:50 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| dev1712 |  | Regular user |  |  
  |  |  |  | Joined: May 02, 2012 |  | Posts: 11 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Mullog wrote: |  	  | I think now you can attack it with rainbow tables but I'm not sure and I do not have them. Sorry I dont know how to do that. How did you changed it to NTMLv1 in first place ? In the registry? If there is anything with Compatibility or Level change it to 0
 | 
 
 Changed it from Local Security Settings.
 
 Actually, I also found out a way to force my laptop to generate LM hash (after reading your last post) but it will work only after my company's IT administrator resets the password (as we can not generate a weaker hash for the same password).
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu May 03, 2012 12:59 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Mullog |  | Advanced user |  |  
  |  |  |  | Joined: Aug 29, 2010 |  | Posts: 540 |  |  |  |  
 
 |  |  
			|  |  |  
 
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu May 03, 2012 1:10 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| dev1712 |  | Regular user |  |  
  |  |  |  | Joined: May 02, 2012 |  | Posts: 11 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| 
 I have already done all this. It does not help because besides my local security settings the default settings of the network hard drive also matter. I may tone down my Local Security Settings to the lowest extent possible but still there are some default security settings at the network location which I can not tweak, in which case my laptop (client) will adapt to the security settings of the network location.
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu May 03, 2012 1:34 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Mullog |  | Advanced user |  |  
  |  |  |  | Joined: Aug 29, 2010 |  | Posts: 540 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| aah ok  know I understand ^^ I thought you can change the the  security settings of the network hard drive, too(In retrospect, its very stupid from me  ). Maybe there is an exploit but with such things I cant help you, sorry. |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu May 03, 2012 1:58 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| dev1712 |  | Regular user |  |  
  |  |  |  | Joined: May 02, 2012 |  | Posts: 11 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Mullog wrote: |  	  | aah ok  know I understand ^^ I thought you can change the the  security settings of the network hard drive, too(In retrospect, its very stupid from me  ). Maybe there is an exploit but with such things I cant help you, sorry. | 
 
 Yes. But you are at least going to try to decrypt the hash for me, isn't it?? Please don't say no.
  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu May 03, 2012 4:31 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Mullog |  | Advanced user |  |  
  |  |  |  | Joined: Aug 29, 2010 |  | Posts: 540 |  |  |  |  
 
 |  |  
			|  |  |  
 
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu May 03, 2012 4:36 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| dev1712 |  | Regular user |  |  
  |  |  |  | Joined: May 02, 2012 |  | Posts: 11 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Mullog wrote: |  	  | yes but its looking bad | 
 
 Yes, I thought so otherwise there would have been a lot of search results on the internet.
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu May 03, 2012 5:33 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Mullog |  | Advanced user |  |  
  |  |  |  | Joined: Aug 29, 2010 |  | Posts: 540 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | OneGuy wrote: |  	  | Plz crack th e first part of this LM&NTLM+Challenge hash 
 
  	  | Code: |  	  | 81A50FD991CD11F24DAA83A3F77B56EE834AEE2A7A26F476:7EBAE76F67F0D2A37B0044D3BDF8350169812342D79CAE29:1122334455667788 Result: ???????L1#
 | 
 
 Many thanx
 | 
 
 Sailsail1#
 
 
  	  | OneGuy wrote: |  	  | Please crak this LM&NTLM+Challenge 
 
  	  | Code: |  	  | 9BFEB79136472857192706DFFDECA14CC7EEDE96E30422D4:A3C34983F4765D799FD43A6C3223DA34A1133B6C1391B52E:1122334455667788 | 
 
 Thanx
 | 
 
 9BFEB79136472857192706DFFDECA14CC7EEDE96E30422D4:JULLANA???????
 
 
  	  | OneGuy wrote: |  	  | Anyone can help me crack this LM&NTLM+Challenge hash 
 
  	  | Code: |  	  | 0C4A7AA399CBE62E95E22FA6C5DCCABD2F85252CC731BB25:7A546774795F70EDCC2FC20A643899F8BE9C989BAC08050F:1122334455667788 | 
 
 Thanx
 | 
 
 0C4A7AA399CBE62E95E22FA6C5DCCABD2F85252CC731BB25:KASBAH@???????
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Fri May 04, 2012 5:13 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| dev1712 |  | Regular user |  |  
  |  |  |  | Joined: May 02, 2012 |  | Posts: 11 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Hello Mullog 
 Looks like it is indeed possible to break NTLM + Challenge hash. Have you been able to make much headway into the hash I submitted? Eagerly waiting for that.
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri May 04, 2012 4:01 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Mullog |  | Advanced user |  |  
  |  |  |  | Joined: Aug 29, 2010 |  | Posts: 540 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Yeah but only with LM hash you can see because there are only cpu based cracker out there who can handle LM/NTLM + Challenge hashes its looking very bad for your hash. I tried wordlists with some rules and BF but without a result, sry.
 
 Have you any hints how the pw could look like?
 I think if the admin understands just a little bit of password security it will be impossible to crack with wordlists and will take too long with brute force.
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri May 04, 2012 4:23 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| dev1712 |  | Regular user |  |  
  |  |  |  | Joined: May 02, 2012 |  | Posts: 11 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Hmmm yes I agree. Let me try to generate the LM hash also by some way. Thanks a lot for all your efforts. |  |  
		|  |  |  
	|  |  
	| www.waraxe.us Forum Index -> All other hashes 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 71 of 78
			Goto page  Previous1, 2, 3 ... 70, 71, 72 ... 76, 77, 78Next
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |  |