Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 24 Mar 2006 19:51:13 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: does john crack xp passwords correctly?

I wrote:
> So you need to rename the section as the comment says,

referring to [List.Rules:NT] in the default john.conf with 1.7+

> then run:
> john -show pwfile | cut -d: -f2- > cracked
> john -w=cracked -rules -format=nt pwfile
>
> The "-format=nt" requires an NTLM-patched build of John.

I got this example slightly wrong.  The "cut" command should use "-f2",
not "-f2-".  By passing the second dash, I intended to catch passwords
with embedded colons, but I forgot that there are more colon-separated
fields in the "-show" output.  So the commands to use would be:

john -show pwfile | cut -d: -f2 > cracked
john -w=cracked -rules -format=nt pwfile
john -show -format=nt pwfile

I have actually tested these with a file containing both LM and NTLM
hashes and this approach works just fine.

One known problem with it is that it'll fail for passwords containing
colons.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.