Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Apr 2006 04:28:48 +0200 (CEST)
From: rembrandt@...erlin.de
To: john-users@...ts.openwall.com
Subject: Re: new at this cracker business


> On Wed, Apr 05, 2006 at 10:06:41PM +0000, jay rubin wrote:
>> I decided I wanted to see how secure was my windows password.  Without
>> getting into too much about all the missteps that I've taken I've
>> finally
>> downloaded 1.7 + jumbo patch build for Win32 (1664 KB), by thomas
>> springer
>> and pwdump2.  I ran my SAM file through pwdump2
>
> Jay originally sent a similar question to me privately, but I asked that
> he post it to the list. ;-)
>
> Jay - it's a pity that you've omitted the "missteps" from this posting
> because they're still relevant.  Basically, your grabbing the SAM file
> was a mistake - it would have been more straightforward to use one of
> the PWDUMP* tools (such as pwdump2 which you've downloaded) to dump the
> hashes to a text file.
>
> SAM files are much harder to process.  John does not process SAM files
> directly.  Moreover, recent versions of Windows encrypt hashes in the
> SAM with so-called SYSKEY - so you would need to grab that as well.
> That's a lot of complexity for no gain.  Just don't do it.

Dear Solar,

If you would have take a look at bkhive you would have noticed that, if
you also have the system-file where the SYSKEY is normaly stored in, you
donīt have to crack SYSKEY from a SAM from a modern Windows.
The encryption key is stored in this system-File so it gets decrypted
imedietly. So if John would be able to do this it could also be able to
convert the SAM like pwdump does.

The bkhive-Source is totaly messed up, yes. But if you manage to compile
it it realy works even a plain and good C-Version would be better.
So SAMs are not that hard to handle because MS provides you the key for
the SYSKEY-Encryption too.

LothCrack does not get sold outside america anymore because fucked up
crapto-Laws. So I don`t wonder why so much people start to use John even
for SAM-Files.

But LC provides also a "real" Bruteforce against the SYSKEY-Encryption
(without knowing the key). But adding the bkhive and pwdump "feautures"
would be a big step ahead (at least for guys who also have to maintain
Windows-CLients).

That`s just my oppinion but I know that manpower is rare...

Kind regards,
Rembrandt

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ