[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 24 Mar 2006 19:51:13 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: does john crack xp passwords correctly?
I wrote:
> So you need to rename the section as the comment says,
referring to [List.Rules:NT] in the default john.conf with 1.7+
> then run:
> john -show pwfile | cut -d: -f2- > cracked
> john -w=cracked -rules -format=nt pwfile
>
> The "-format=nt" requires an NTLM-patched build of John.
I got this example slightly wrong. The "cut" command should use "-f2",
not "-f2-". By passing the second dash, I intended to catch passwords
with embedded colons, but I forgot that there are more colon-separated
fields in the "-show" output. So the commands to use would be:
john -show pwfile | cut -d: -f2 > cracked
john -w=cracked -rules -format=nt pwfile
john -show -format=nt pwfile
I have actually tested these with a file containing both LM and NTLM
hashes and this approach works just fine.
One known problem with it is that it'll fail for passwords containing
colons.
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
Was I helpful? Please give your feedback here: http://rate.affero.net/solar
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
