[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 May 2006 00:39:08 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Password Hashes loaded vs. ./john --show
On Wed, May 03, 2006 at 04:19:39PM -0400, Arvind Sood wrote:
> [root@...alhost run]# ./john --format=NT pwoutput.txt
> Loaded 14 password hashes with no different salts (NT MD4 [TridgeMD4])
>
> Here is the output for ./john --show after some time
>
> [root@...alhost run]# ./john --show pwoutput.txt
> Guest:NO PASSWORD:501:NO PASSWORD*********************:::
> __vmware_user__:NO PASSWORD:1029:6C4E0294BE699CBD47773135069425CD:::
>
> 2 password hashes cracked, 43 left
>
> Notice the difference in number of password hashes (14 vs. 43+2). What
> explains this difference?
You were forcing John to crack NTLM (--format=NT) rather than LM hashes,
however you did not similarly force it to display cracked passwords for
NTLM hashes - so it gave you the results for LM hashes, which you did
not crack. 43+2 is the number of LM hash halves. You should be using:
./john --show --format=NT pwoutput.txt
Is there any special reason why you chose to be cracking NTLM hashes
when you seem to have the (weaker) LM hashes in there as well?
P.S. I recommend that you compile and run John as a non-root user.
This applies to any other actions which do not require root privileges
as well.
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
Was I helpful? Please give your feedback here: http://rate.affero.net/solar
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
