[prev in list] [next in list] [prev in thread] [next in thread]
List: john-users
Subject: Re: [john-users] john for windows
From: Solar Designer <solar () openwall ! com>
Date: 2006-02-18 16:25:33
Message-ID: 20060218162533.GA8593 () openwall ! com
[Download RAW message or body]
On Sat, Feb 18, 2006 at 12:53:51PM +0100, thomas springer wrote:
> After cracking a users complete lmhash, invoke another thread or
> process and crack the ntlm-hash as well to get the "real"
> case-sensitive password, spitting them out or saving them in an easy
> to use format like the one used with john -show. Since there aren't
> too many possible combinations of the lm-hash, a potential patch won't
> need to invoke a complete second jtr-process for cracking the
> ntlm-hash, a simple bruteforce-des should do this job fine and won't
> slow down the cracking-process substantially.
(This has nothing to do with DES. NTLM hashes are MD4-based.)
JtR 1.7 includes a hack to implement that in the default john.conf:
# Case toggler for cracking MD4-based NTLM hashes (with the contributed
# patch), given already cracked DES-based LM hashes.
# Rename this section to [List.Rules:Wordlist] to activate it.
[List.Rules:NT]
l
lMT[*0]T[*1]T[*2]T[*3]T[*4]T[*5]T[*6]T[*7]T[*8]T[*9]T[*A]T[*B]T[*C]T[*D]Q
So you need to rename the section as the comment says, then run:
john -show pwfile | cut -d: -f2 > cracked
john -w=cracked -rules -format=nt pwfile
Obviously, you need Cygwin installed - or do this on a Unix system -
for "cut".
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
Was I helpful? Please give your feedback here: http://rate.affero.net/solar
--
To unsubscribe, e-mail john-users-unsubscribe@lists.openwall.com and reply
to the automated confirmation request that will be sent to you.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic