Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Feb 2006 19:25:33 +0300
From: Solar Designer <>
Subject: Re: john for windows

On Sat, Feb 18, 2006 at 12:53:51PM +0100, thomas springer wrote:
> After cracking a users complete lmhash, invoke another thread or
> process and crack the ntlm-hash as well to get the "real"
> case-sensitive password, spitting them out or saving them in an easy
> to use format like the one used with john -show. Since there aren't
> too many possible combinations of the lm-hash, a potential patch won't
> need to invoke a complete second jtr-process for cracking the
> ntlm-hash, a simple bruteforce-des should do this job fine and won't
> slow down the cracking-process substantially.

(This has nothing to do with DES.  NTLM hashes are MD4-based.)

JtR 1.7 includes a hack to implement that in the default john.conf:

# Case toggler for cracking MD4-based NTLM hashes (with the contributed
# patch), given already cracked DES-based LM hashes.
# Rename this section to [List.Rules:Wordlist] to activate it.

So you need to rename the section as the comment says, then run:

john -show pwfile | cut -d: -f2 > cracked
john -w=cracked -rules -format=nt pwfile

Obviously, you need Cygwin installed - or do this on a Unix system -
for "cut".

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ