Openwall GNU/*/Linux 3.0 - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 13 May 2005 15:24:32 -0700 (PDT)
From: Whom Ever <amwhoever@...oo.com>
To: john-users@...ts.openwall.com
Subject: LANMAN and NT Hash ?s...basic

I'm sorry for asking a noob question but I have a sam
file that I ran 
GetHashes.exe (SamInside) on and I'm not sure how to
get JtR to work on the 
NT hash (really XP hash) part.  It autodetects the
LANMAN portion and goes to 
work, I tried the --format option but none of the
other options loaded any 
passwords.  JtR can crack NT hashes, right?  And XP
uses NT hashes too?  When 
I ran GetHashes I did NOT have the SYSTEM file so that
may be part of the 
problem...not sure.

Example from john.pot (not a working one...I modified
some data):
User:57Q7T4R23E@...07:14806rd271e60f5re2549d67eb6ef6b1:::

Now, the NT hash is after the 1007: right?

It's my understanding with 2k and XP that if you use a
password longer than 14 
characters nulls are entered in the LANMAN portion so
in that case you have 
to use the NT hash portion, right?

Also, if JtR does do NT hash, wouldn't a module to get
the LANMAN and then try 
the 2^n letter case combinations to run against the NT
hash be fairly easy to 
add.  I'm probably way off base here or this already exists!


		
Discover Yahoo! 
Find restaurants, movies, travel and more fun for the weekend. Check it out! 
http://discover.yahoo.com/weekend.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ