Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 15 May 2005 07:39:11 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: LANMAN and NT Hash ?s...basic

I wrote:
> 0. In params.h, increase RULE_RANGES_MAX from 8 to at least 14 and
> re-compile.  (I probably need to change this default.)

I've now increased the default RULE_RANGES_MAX to 16 for 1.6.38.1+.

> 3. Create this section anew:
> 
> [List.Rules:Wordlist]
> :
> lMT[*0]T[*1]T[*2]T[*3]T[*4]T[*5]T[*6]T[*7]T[*8]T[*9]T[*A]T[*B]T[*C]T[*D]Q

This was slightly buggy, here's what went into 1.6.38.1 instead:

# Case toggler for cracking MD4-based NTLM hashes (with the contributed
# patch), given already cracked DES-based LM hashes.
# Rename this section to [List.Rules:Wordlist] to activate it.
[List.Rules:NT]
l
lMT[*0]T[*1]T[*2]T[*3]T[*4]T[*5]T[*6]T[*7]T[*8]T[*9]T[*A]T[*B]T[*C]T[*D]Q

> 4. Crack your NT hashes with these invocations of John:
> 
> john -show pwfile | cut -d: -f2 > ntlm.lst
> john -w=ntlm.lst -rules pwfile

This had a minor omission, it should be:

john -show pwfile | cut -d: -f2 > lm.lst
john -w=lm.lst -rules -format=nt pwfile

Now this is actually tested and it works.  The first command may be
enhanced to produce a more optimal "wordlist" by eliminating duplicates,
empty and not fully cracked passwords, and the trailing status line.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ