Date: Sun, 21 Jan 2007 14:17:48 -0700 From: "The Rogue Fugu" <roguefugu@...il.com> To: john-users@...ts.openwall.com, michaelkintzios@...il.com Subject: Re: Is the passwd in upper or lower case ? You are probably cracking a LM hash, which is case insensitive. See "http://en.wikipedia.org/wiki/LM_hash" to see how it works. Basically, the password is uppercased, split in two parts of 7-bytes each. Each part is used as a DES key to encrypt the text "KGS!@...". The results of the encryption is the hash. The reason why you see two hashes is because john splits the hash in two, and cracks each half separately. P.S. Next time, please post the actual hashes too. On 1/21/07, Mick <michaelkintzios@...il.com> wrote: > Hi All, > > First post to the list. I've used bkhive-linux to extract the hashes and > samdump2 to extract the passwd file from a MS Windows machine. Running john > produces something like this: > ====================================== > # john -i passwd-hashes-desktop.txt > Loaded 2 password hashes with no different salts (NT LM DES [32/32 BS]) > D01 (LOCALMGTN01:2) > MG3657R (LOCALMGTN01:1) > guesses: 2 time: 0:01:15:49 c/s: 2787102 trying: MG36573 - MG36592 > ====================================== > > When I ask to see the passwd I get this: > ====================================== > # john -show passwd-hashes-desktop.txt > LOCALMGTN01:MG3657RD01:500:3fe3...................1c38::: > > 2 passwords cracked, 0 left > ====================================== > > Could you please explain if the two accounts shown (LOCALMGTN01:2 and > LOCALMGTN01:1) are one and the same? The option -show only shows one passwd. > Similarly, when I tried running ophcrack I got only one password, but > additionally it showed lower case letters: "MG3657rd01" > > Does John show only upper case? > -- > Regards, > Mick > > > -- Hi, I'm a .signature virus! Copy me to your .signature file and help me propagate, thanks! -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ