Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 15 Mar 2006 17:20:14 +0100 (CET)
From: rembrandt@...erlin.de
To: john-users@...ts.openwall.com
Subject: Re: john the ripper output

> guyzz.. i am a new user to list, so a big hi to all.. i have been reading
> all the mails since long. well guyz need to ask u something.. I have got a
> SAM file with me.. and i wanna crack pass outta that..
>
> i know it is a noobie woobie question for u, but for me that would be an
> achievment.. i have download the binary pack from www.openwall.com and
> extracted it, there by i got two folders RUN and DOC, ofcourse i went to
> command line and tried using switches with the john-386.exe but was not
> able
> to get anythin useful..
>
> Simply guide me what do i do with this JOHN if i want to get the  pass
> outta
> this SAM file.. it includes syskey hashes also as i got that SAM file from
> some service pack2 machine..
>
> thanks & regards
> Realin !

To break the syskey you need the "syskey".
Windows stores it (per default) in a file called "system".

You`ll be able to decrypt the syskey with these lines (wich are a bad hack
imho but it works):

*attached*

I thought about "recoding" it to improve the quality and submit a "unsam"
tool for john (like unshadow) but I didn`t had the time yet.

You may need to modify it (depends to ya gcc version).


If you decrypted the SAM file (removing the syskey) you should be able to
dump the passwords easily with pwdump2 or something like this.
I thought about including this function also in the "unsam"-tool but as I
said: I had no time yet :-/


Kind regards,
Rembrandt

Download attachment "bkhive.tar.gz" of type "application/gzip" (2488 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.