Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 21 Jan 2007 14:17:48 -0700
From: "The Rogue Fugu" <roguefugu@...il.com>
To: john-users@...ts.openwall.com, michaelkintzios@...il.com
Subject: Re: Is the passwd in upper or lower case ?

You are probably cracking a LM hash, which is case insensitive. See
"http://en.wikipedia.org/wiki/LM_hash" to see how it works.
Basically, the password is uppercased, split in two parts of 7-bytes
each. Each part is used as a DES key to encrypt the text "KGS!@...".
The results of the encryption is the hash. The reason why you see two
hashes is because john splits the hash in two, and cracks each half
separately.


P.S. Next time, please post the actual hashes too.

On 1/21/07, Mick <michaelkintzios@...il.com> wrote:
> Hi All,
>
> First post to the list.  I've used bkhive-linux to extract the hashes and
> samdump2 to extract the passwd file from a MS Windows machine.  Running john
> produces something like this:
> ======================================
> # john -i passwd-hashes-desktop.txt
> Loaded 2 password hashes with no different salts (NT LM DES [32/32 BS])
> D01              (LOCALMGTN01:2)
> MG3657R          (LOCALMGTN01:1)
> guesses: 2  time: 0:01:15:49  c/s: 2787102  trying: MG36573 - MG36592
> ======================================
>
> When I ask to see the passwd I get this:
> ======================================
> # john -show passwd-hashes-desktop.txt
> LOCALMGTN01:MG3657RD01:500:3fe3...................1c38:::
>
> 2 passwords cracked, 0 left
> ======================================
>
> Could you please explain if the two accounts shown (LOCALMGTN01:2 and
> LOCALMGTN01:1) are one and the same?  The option -show only shows one passwd.
> Similarly, when I tried running ophcrack I got only one password, but
> additionally it showed lower case letters:   "MG3657rd01"
>
> Does John show only upper case?
> --
> Regards,
> Mick
>
>
>


-- 
Hi, I'm a .signature virus! Copy me to your .signature file and help
me propagate, thanks!

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ