Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 6 Apr 2006 04:28:48 +0200 (CEST)
From: rembrandt@...erlin.de
To: john-users@...ts.openwall.com
Subject: Re: new at this cracker business


> On Wed, Apr 05, 2006 at 10:06:41PM +0000, jay rubin wrote:
>> I decided I wanted to see how secure was my windows password.  Without
>> getting into too much about all the missteps that I've taken I've
>> finally
>> downloaded 1.7 + jumbo patch build for Win32 (1664 KB), by thomas
>> springer
>> and pwdump2.  I ran my SAM file through pwdump2
>
> Jay originally sent a similar question to me privately, but I asked that
> he post it to the list. ;-)
>
> Jay - it's a pity that you've omitted the "missteps" from this posting
> because they're still relevant.  Basically, your grabbing the SAM file
> was a mistake - it would have been more straightforward to use one of
> the PWDUMP* tools (such as pwdump2 which you've downloaded) to dump the
> hashes to a text file.
>
> SAM files are much harder to process.  John does not process SAM files
> directly.  Moreover, recent versions of Windows encrypt hashes in the
> SAM with so-called SYSKEY - so you would need to grab that as well.
> That's a lot of complexity for no gain.  Just don't do it.

Dear Solar,

If you would have take a look at bkhive you would have noticed that, if
you also have the system-file where the SYSKEY is normaly stored in, you
donīt have to crack SYSKEY from a SAM from a modern Windows.
The encryption key is stored in this system-File so it gets decrypted
imedietly. So if John would be able to do this it could also be able to
convert the SAM like pwdump does.

The bkhive-Source is totaly messed up, yes. But if you manage to compile
it it realy works even a plain and good C-Version would be better.
So SAMs are not that hard to handle because MS provides you the key for
the SYSKEY-Encryption too.

LothCrack does not get sold outside america anymore because fucked up
crapto-Laws. So I don`t wonder why so much people start to use John even
for SAM-Files.

But LC provides also a "real" Bruteforce against the SYSKEY-Encryption
(without knowing the key). But adding the bkhive and pwdump "feautures"
would be a big step ahead (at least for guys who also have to maintain
Windows-CLients).

That`s just my oppinion but I know that manpower is rare...

Kind regards,
Rembrandt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ