Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Fri, 07 Apr 2006 13:57:26 +0100
From: Hari Sekhon <harisekhon@...il.com>
To:  john-users@...ts.openwall.com
Subject: Re: WINDOWS 2000 off line

you need to patch john with the cache hash support and then pass the 
parameter format=mscash (I made the mistake to spelling this properly 
when I was first trying to do this and it doesn't work to say mscache, 
it has to be mscash - a M$ joke?).

anyway, you can just get the jumbo patch, it has the cash/cache format 
support it in.

By the way, could anybody tell me the algorithm etc that mscash is 
using? I think it was DES 32 or something...

maneesh kohli wrote:
> Thanks for this much information....
> Yes, I have been able to get user soecific information usin cachedump..
> like
> s_gupta:8F51A631FA41E3E7C74A64859C04D2E4
>
>
> I know the pwd for this hash, but even if I put this pwd in wordlist
> and run JTR in wordlist mode it is not able to crack it.
>
> How to use this information with JTR to get the pwd???
>
>
> On 4/7/06, Hari Sekhon <harisekhon@...il.com> wrote:
>   
>> the account is probably a domain one so you need to use cachedump
>> instead of pwdump.
>>
>> maneesh kohli wrote:
>>     
>>> Even I am facing the same problem....
>>>
>>> When I run pwdump4 on my local machine (Service Pack 4, Workstation) I
>>> do not get hash for my password, though it lists the hash for
>>> administrator's password. This is strange.
>>> Please help in sorting out this problem.
>>>
>>> Thanks
>>>
>>>
>>> On 23 Mar 2006 21:34:57 -0000, madfran <madfran@....alias.net> wrote:
>>>
>>>       
>>>> Hi,....
>>>>
>>>> I have some curiosity.
>>>>
>>>> The situation :
>>>> - Laptop DELL
>>>> - Windows 2000 Service Pack 4
>>>> - I have Administrator rights in this machine
>>>> - When I am in my office I connect to the network over domain authority
>>>> - When I am outside without network I start my laptop with the same user and
>>>>  password  ==> My password (or hash) is stored in my laptop
>>>>
>>>> The problem (or curiosity) :
>>>> - I run CAIN and try to discover my user identification in my laptop
>>>>  ==> not luck ! I see Administrator (for example) but not my identification
>>>> - I run LC5 (l0phtcrack) and I import hash from local machine
>>>>  ==> not luck ! All hash (included Administrator) but not my password hash
>>>> - I run cachedump
>>>>  ==> same results
>>>> - I run pwdump (version 6) against my laptop
>>>>  ==> I see more user ! (one is Administrator_history_0), but I don't see my
>>>>      user identification.
>>>>
>>>> Questions (only two) :
>>>> - Wicht is the system to see my own user (user and password hash) ?
>>>> - Why I see more user with pwdump than CAIN, LC5 or cachedump ?
>>>>
>>>> madfran
>>>>
>>>> --
>>>> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
>>>> to the automated confirmation request that will be sent to you.
>>>>
>>>>
>>>>
>>>>         
>>>       
>>     
>
>

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux