john-users - NTLM Character Limitation

[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Jun 2006 07:17:20 -0700
From: "Welty, Timothy" <Timothy.Welty@...ocrossing.com>
To: <john-users@...ts.openwall.com>
Subject: NTLM Character Limitation

Hi,

 

I'm trying to crack a set of NTLM password hashes using John 1.7.2
patched with john-ntlm-v03.diff.gz.  All the passwords are known to be
14 characters long and are composed of a known character set.  I defined
a custom incremental mode in my john.conf per below:

 

 

[Incremental:TIM]

File = $JOHN/all.chr

MinLen = 14

MaxLen = 14

CharCount = 95

 

 

When I attempt to start the audit I receive the error:

 

 

Loaded 172 password hashes with no different salts (NT MD4 [TridgeMD4])

MaxLen = 14 exceeds the compile-time limit of 8

There are several good reasons why you probably don't need to raise it:

- many hash types don't support passwords (or password halves) longer
than 7 or 8 characters;

- you probably don't have sufficient statistical information to generate
a charset file for lengths beyond 8;

- the limitation applies to incremental mode only.

 

 

I understand cracking the longer passwords will be difficult, but I need
to say I tried.  Is there a way around this problem?  Note that, other
than the occasional script, I'm not a coder.  I'm running John on Ubuntu
6.06. 

 

Thanks,

Tim