I recently had a server die and had move a few services to a new location. While it is never a good thing when this happens it helps to look on the bright side. In this case, I reevaluated our current OpenVPN setup and changed a few things. The most obvious change was to drop Ethernet bridging and go with a routed setup. The second change, which is what the topic is about, was to push WINS instead of DNS.
The main reason I decided to push good old legacy WINS instead of DNS is because I do not like the idea of having DNS queries going through a tiny VPN tunnel. However I needed users to be able to resolve network names. This is simple enough to setup in the OpenVPN configuration by adding the "push ‘dhcp-option WINS ip.to.my.wins’".
Setting up a WINS server is only a matter of add "wins support = yes" to your smb.conf if your running a Samba server and then restarting the service.
Now I don’t query the office DNS server every time I clear my DNS cache and I can access everything by it’s network name instead of it’s IP.
This tutorial will show you how to do a password audit on your Samba PDC on FreeBSD in the copy-paste howto style.This tutorial will also go into how to use john the ripper to accomplish this task.
We will start off by dumping our hashes into a file. This is done w/ the following command as root: on the command line
pdbedit -L -w > dump.txt
Using John the Ripper
- Lets first start by getting back at the command-line and start downloading jtr from http://openwall.com.
- Next we will need the NTLM patch.
- Let’s extract our files.
tar zxvf john-1.7.2.tar.gz
- Now lets patch our source code w/ the NTLM diff file we downloaded.
patch < ../../john-ntlm-v03.diff
- With the source code now patched all that is left is to build the binary. typing “make” in the src directory will give you a very thorough list of supported architecures that jtr can be built on. I’m building mine on a FreeBSD box.
- We are now ready to start cracking on our hash dump. Let’s move the dump file to the “run” directory and get started on cracking those week passwords. The default word list that comes with jtr will work just fine for the demonstartion. I’ll include links at the end of the howto for other wordlist resources and related software.change to run directory. this is were the binary is at.
cd ../run/ && mv ../../dump.txt .Let’s make our dump file look more like a pwdump.exe file.
cat dump.txt | sed -e '/[X]/d' -e 's/\[.*/::/'>>pwdump.txt
run jtr w/ the simple ruleset
./john -f:NT -si pwdump.txt
run jtr w/ rules and dictionary
./john -f:NT -w:theGiant.dic --rules pwdump.txt
run jtr w/ incremental all. break for coffee, dinner, & a movie.
./john -f:NT -in:all pwdump.txt
That’s all. Hope this is useful.