
				SMB Grinder
				 by glimt@cosmos.lod.com

HIGHLIGHTS

- Reads in files from a L0phtCrack SMB packet capture session.

- Saves files in L0phtCrack compatible file formats

- Automatically removes duplicate entries from SMB packet
  capture sessions.

- Automatically merges files from multiple SMB packet capture
  sessions.

- Ctrl-Left Mouse selects specific users to be saved.

- File->Send menu option mails the filtered file if it 
  has been previously saved.

OBJECTIVE

Increase speed of L0phtCrack sessions on sniffer dumps by
removing duplication and providing a facility to target
specific users without having to edit the dump files
manually. 

MOTIVATION

This program was created in response to question number 2 
in the L0pht Crack FAQ available at  www.l0pht.com/l0phtcrack/faq.html 

It reads...

       "2. Cracking sniffer dumps seems to take a long time. 
	   Is this right? 

	Cracking the captured challenge/response hashes from a network
	capture takes a bit longer for one password than its 
	counterpart gotten from a registry dump. The big slowdown with
	the network capture cracking is that each hash is encrypted 
	with a unique challenge so that the work done cracking one 
	password cannot be used again to crack another. This means 
	that the time to completion scales linearly as you add password
	hashes to crack. 

	10 network challenge/response hashes will take 10 times longer
	to crack than just one. Ouch, that could take a long time. This
	type of cracking really needs to be targetted towards 
	particular passwords to be effective. We estimate network 
	challenge/response cracking to take 10 times longer than 
	normal password hash cracking." 

SOLUTION

This program will read in a file sniffed by either L0phtCrack 2.52 or
the readsmb.exe program included with L0phtCrack version 2.0.  I have
personally adopted the extension .snf for these 'Sniffed' files.  All 
duplicate user entries will be removed while loading.  Opening
a second file will merge the first and second files removing dupes
from both.

You can save the file to either a L0phtCrack (*.lc) formatted file 
or back to a Sniff (*.snf) formatted file.  Both file formats are 
readable by L0phtCrack, but only Sniff format files are readable
by SMB Grinder.

Because it is possible that you would want to target a specific user or
users, there is an additional 'Save Selected' file menu option.  This
will allow you to save only the users highlighted via <ctrl>-Left Mouse
selection to a L0phtCrack formatted file.

Finally, having removed duplicates and saving the file to disk you 
can e-mail the filtered file directly from within SMB Grinder via 
the File-Send menu option. This will send the file via your default 
MAPI e-mail client.

ACKNOWLEDGEMENTS

I would like to thank L0pht Heavy Industries for providing a really
good Windows NT based password cracker and for continually improving
this product.   

"L0phtCrack" is Copyright 1999 L0pht Heavy Industries.

"SMB Grinder" is Copyright 1999 glimt@cosmos.lod.com
