Huge Collections of Software Manuals and Knowledgebase

GreatManuals.com
Huge Collections of Software Manuals and Knowledgebase
 
Home Contact Us Request to publish your help manuals Request to remove your help manuals
Introduction
» Nsauditor Network Security Auditor
» Key Features
» Product Features
» Product Overview
» Product Perspective
Toolbar & Sessions
» Toolbar
» Network Monitoring
» Auditor
» NetBios Auditor
» Network Scanner
» Web Proxy Scanner
» Adware Scanner
» MsSql Audit
» SNMP Auditor
» MsRPC & SunRpc Audit
» Packet Filter
» LM/NTLM Spider
Tools
» Ping & Trace Route
» DNS Lookup
» Whois
» Finger & Email Validate
» Enumerate Computers
» Traffic Emulator
» SIP UDP Traffic Generator/Flooder
» Http Traffic Generator & Remote Shutdown
» TCP Client/Server
» TCP Port Redirector
» UDP Client/Server
Statistics
» ICMP & IP Statistics
» IP Tables
» TCP & UDP Statistics
» Web Log Analyzer
Utils
» Interfaces & Process Monitoring
» Net Configuration
» Report & Ports
» IP/ASN Country
» MAC/Vendor Lookup & IeCacheExplorer
» Process Details
» Edit Packet
» Host Range & Credentials Selection Dialog
 

LM/NTLM Spider

LM/NTLM Spider is a password audit and recovery tool. Passwords are sources of vulnerabilities in different machines. This tool allows to identify and access password vulnerabilities. Auditing user password is one of the most important problems for network administrator. This is to know the strength of password the users are using. Week passwords represent vulnerability points for any organization.

Before using the tool you should select the Interface you want to use.

After the interface selection auditing is started. Nsauditor can capture the encrypted hashes from the challenge/response. That challenge is received when one machine is trying to connect and authenticate to another one over the network . All NTLMv1 authentication packets of SMB sessions ( using commonly in Windows 95/98 and Windows NT 4.0 computers ) will be captured and displayed in the SMB Packet Capture Output window.

The field Name contains the user name, the field LM Pwd contains the decrypted LM password., the field NTLM Pwd contains the decrypted NTLM password, LM Response is connected user’s password encrypted with Challenge( the encryption algorithm used in that case is DES ), NTLM Response is connected user’s password encrypted with Challenge( NTLMv1 authentication uses MD4 cryptographic algorithm to encrypt NTLM hashes ), the field Started contains the start and the field Finished contains the end time of capturing process.

Remote Keylogger Computer spy software PC monitoring software
Download USB Monitoring software freeware keylogger download Free Spy software

After capturing SMB NTLMv1 authentication session packet or packets you can try to decrypt the received LM password hashes by right clicking on the window and selecting the button Explore LM Pwd. Clicking on the mentioned button will show the dialog:

Select the character set you want to use for decrypting and click on the button OK. All combinations of the selected character set will be tryed. So this process can take a long time, depending on the character set length.

Note that as easy the password is decrypted as weak it is. The NTLM audit is much more time consuming because the NTLM hash is based on a stronger algorithm, and is case sensitive, so in this version we will not support NTLM password recovering and SMB NTLMv2 (using commonly in Windows 2000/XP/2003 computers) packet capturing. Their support will be available in the next releases.
Home | Contact Us | Request to publish your help manuals | Request to remove your help manuals