Sunday, July 29, 2012

Using PTH Firefox

Firefox is probably the easiest tool to use hashes with.  Use either the linux version or there is also a windows version available on the google code page here

1)  Start the pth firefox.  Note that the name of the browser will show up as "Nightly" because FF is unbranded at this point.  This was done deliberately to differentiate it from the built in Firefox package.

# /opt/pth/bin/firefox
2)  Enter "about:config" in the url window and accept the warning.

3)  Type "ntlm" in the filter window

4) Doubleclick on "network.auth.force-generic-ntlm" to toggle the setting from "false" to "true"

5)  Visit a URL that wants NTLM authentication.  When prompted use the username and the hash in either the 65 (LM:NT) or 68 (LM:NT:::) format as the password.  (I have a FF addon turned on to show the password, normally it would be obscured with dots)

Note:  Some sites will want a domain name specified while others won't.  Unfortunately, this will often require a little experimentation.   If the site wants a domain, specify the domain using @.  IE alice.jones@demo.local

6)  Profit!

Bonus:  Think you've got password cracking skillz?  Try cracking alice's password.   I'll give you a hint...  It's 16 characters with 2 upper, 2 lower, 2 symbols and 2 numbers.  It's also fairly trivial to crack :-)  Have fun...   

No comments:

Post a Comment