LM NTLM Spider - LM NTLM Sniffer and Password Recovery

LM NTLM Spider - LM NTLM Sniffer and Password Recovery

Products

LM / NTLM Spider is a password audit and recovery tool. Passwords are sources of vulnerabilities in different machines. This tool allows to identify and access password vulnerabilities. Auditing user password is one of the most important problems for network administrator. This is to know the strength of password the users are using. Week passwords represent vulnerability points for any organization.

Before using the tool you should select the Interface you want to use.

After the interface selection auditing is started. Nsauditor can capture the encrypted hashes from the challenge/response. That challenge is received when one machine is trying to connect and authenticate to another one over the network . All NTLMv1 authentication packets of SMB sessions ( using commonly in Windows 95/98 and Windows NT 4.0 computers ) will be captured and displayed in the SMB Packet Capture Output window.

LM NTLM Spider - LM NTLM Sniffer and Password Recover

The field Name contains the user name, the field LM Pwd contains the decrypted LM password., the field NTLM Pwd contains the decrypted NTLM password, LM Response is connected user’s password encrypted with Challenge( the encryption algorithm used in that case is DES ), NTLM Response is connected user’s password encrypted with Challenge( NTLMv1 authentication uses MD4 cryptographic algorithm to encrypt NTLM hashes ), the field Started contains the start and the field Finished contains the end time of capturing process.

After capturing SMB NTLMv1 authentication session packet or packets you can try to decrypt the received LM password hashes by right clicking on the window and selecting the button Explore LM Pwd. Clicking on the mentioned button will show the dialog:

Select the character set you want to use for decrypting and click on the button OK. All combinations of the selected character set will be tryed. So this process can take a long time, depending on the character set length.

Note that as easy the password is decrypted as weak it is. The NTLM audit is much more time consuming because the NTLM hash is based on a stronger algorithm, and is case sensitive, so in this version we will not support NTLM password recovering and SMB NTLMv2 (using commonly in Windows 2000/XP/2003 computers) packet capturing. Their support will be available in the next releases

Nsauditor Network Security Auditor

Nsauditor Network Security Auditor is a network security scanner that allows to audit and monitor network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Nsauditor is a complete networking utilities package that includes a wide range of tools for network auditing, scanning, monitoring and more. You can discover network services and check them for vulnerabilities, list all TCP and UDP endpoints with their associated process, discover NetBios names, audit MS SQL servers, scan for common Adware traces and more. The program also includes real-time network packet filtering and analyzing, web proxy scanning, password auditing, IP address lookup and more than 45 network tools for scanning, sniffing, enumerating and gaining access to machines, DNS and WHOIS lookups, e-mail validation, HTTP traffic generator and intrusion detection based on security events log. Reports can be generated in HTML and XML format. Overall, this is a very complete package for a surprisingly low price.

SpotAuditor Password Recover

Testimonials

"Very broad collection of network audit tools. We think this is one of the best integrated network multi-tools we have looked at."