azbil

Japanese

English

GO to the azbil Global Site

The photo of a boy and his father who are looking at the screen of pc. Products Company Research In The Media Contact

 

 

ScoopLM


ScoopLM captures LM/NTLM authentication exchange (LanManager and Windows NT challenge/response) on the network. ScoopLM supports microsoft-ds (Direct SMB hosting service; 445 NTLMSSP), Active Directory, NTLMv2 on NetBIOS over TCP/IP, Telnet, IIS (HTTP) and DCOM over TCP/IP.


When an adaptor (Internet Protocol address) on the network for capture is selected, and the Start button is pushed, ScoopLM begins capturing. The Result column in the table displays the authentication result sent from the server. When the Save As menu is selected, authentication information can be saved by Comma Separated Value. This file then becomes the input file to BeatLM. Information from ScoopLM is output to the area under the table.


ScoopLM works only on Pentium compatible computers. And, it works on Windows 2000 and XP (You require the administrator privilege to capture packets).

(Jan. 2002)


 

Presentation:

Black Hat Windows 2002


For your information:

Hacking Exposed: Windows Server 2003
Packet Sniffing In a Switched Environment (SANS)
Feasibility of attacking Windows 2000 Kerberos Passwords (Frank O'Dwyer)
Attacks on Kerberos V (Antti Tikkanen)

 

 



SecurityFriday TM

(C)Azbil SecurityFriday Co., Ltd. All rights reserved.