I just got the NTLM hashes from a Win 7 VM. I got them using "auxiliary/server/capture/smb" from metasploit, so I could import them into Cain for cracking; however, Win 7 has LM off by default, so I was only able to get NTLM, and I was able to import into Cain, but I can't launch a dict-attack.... don't know why. I launch it but it will try to run and stop. the hashes are not in the usual pwdump format. Here's the format.

user1:vista-vbox:1122334455667788:0000000000000000000000000000 00000000000000000000:fc73f3f5f74fc8518c9b6b045e79f ec401010000000000002904a4d3244fcb01740f29bcff07e28 300000000020000000000000000000000

This is what Metasploit shows as the exploit runs:

vista-vbox\user1 LMHASH:0000000000000000000000000000000000000000000 00000 NTHASH:2f16e1adfae1b88a0d683105511e5d9301010000000 00000705351442651cb014e497b5310c7d4790000000002000 0000000000000000000

could anyone tell me if the reason why the dic-attack is not running is b/c the NTLM hash is not in the right format, or do I need to run something different like rainbow-tables....just by looking at the NTLM hash I think is too long

any help appreciated

thanks