Wireshark-bugs: [Wireshark-bugs] [Bug 3709] NTLMSSP support is incomplete in wireshark
Date: Sun, 12 Jul 2009 15:03:55 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3709





--- Comment #1 from Matthieu Patou <mat@xxxxxxxxx>  2009-07-12 15:03:54 PDT ---
Attached Patch allow wireshark to recorgnize ntlmssp encrypted dialogs.
It allow also to cleanly decrypt ntlm v1 with v2 security session and ntlm v2
dialogs. The dissection is possible in various protols (LDAP, SMB, winreg,
drsuapi, ...).
My patch allow also to use keytab as md4(password) equivalent. This is very
usefull when you made a net vampire of all the domain password (cf. samba net
vampire command) or when you have workstations password (as windows tends to
use non printable chars for workstation password).
As an example I attached 2 captures: 
ntlmv2_ldap.dump
ntlmv2_winreg.dump

the password if totoTATA123 but as I said keytab can be used (wireshark -K
adm_smb4.keytab).


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.