Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 May 2006 17:08:43 -0400
From: "Arvind Sood" <asood74@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Password Hashes loaded vs. ./john --show

Solar Designer,

Thank you once again !

I did the --show with NT and it came up with the original number of hashes.

Is there any special reason why you chose to be cracking NTLM hashes
when you seem to have the (weaker) LM hashes in there as well?

The only reason I loaded it with the NT parameter was based on the
case-sensitive stuff I read about on the forum. Since I was not sure if I
could live with the passwords being displayed in the wrong case, I went in
with the safer option.

Having seen how much quicker it cracked the LM hashes (there are some
accounts for which the --format=LM already shows a password while the
--format=NT is still working)..... I see your point about trying with the LM
format first.

Arvind
- Thanks also for pointing out the ugly habit of doing the "su root" to get
something working :-((



On 03/05/06, Solar Designer <solar@...nwall.com> wrote:
>
> On Wed, May 03, 2006 at 04:19:39PM -0400, Arvind Sood wrote:
> > [root@...alhost run]# ./john --format=NT  pwoutput.txt
> > Loaded 14 password hashes with no different salts (NT MD4 [TridgeMD4])
> >
> > Here is the output for  ./john  --show after some time
> >
> > [root@...alhost run]# ./john --show pwoutput.txt
> > Guest:NO PASSWORD:501:NO PASSWORD*********************:::
> > __vmware_user__:NO PASSWORD:1029:6C4E0294BE699CBD47773135069425CD:::
> >
> > 2 password hashes cracked, 43 left
> >
> > Notice the difference in number of password hashes (14 vs. 43+2). What
> > explains this difference?
>
> You were forcing John to crack NTLM (--format=NT) rather than LM hashes,
> however you did not similarly force it to display cracked passwords for
> NTLM hashes - so it gave you the results for LM hashes, which you did
> not crack.  43+2 is the number of LM hash halves.  You should be using:
>
>         ./john --show --format=NT pwoutput.txt
>
> Is there any special reason why you chose to be cracking NTLM hashes
> when you seem to have the (weaker) LM hashes in there as well?
>
> P.S. I recommend that you compile and run John as a non-root user.
> This applies to any other actions which do not require root privileges
> as well.
>
> --
> Alexander Peslyak <solar at openwall.com>
> GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D
> 3598
> http://www.openwall.com - bringing security into open computing
> environments
>
> Was I helpful?  Please give your feedback here:
> http://rate.affero.net/solar
>
> --
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
> to the automated confirmation request that will be sent to you.
>
>

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ