Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 1 Feb 2007 13:27:23 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: NTLM hash cracking given already cracked LM hashes

On Sun, Jan 28, 2007 at 06:31:05PM -0600, Paul Battenfield wrote:
> OPPS! The problem was between the floor and the keyboard. More specifically
> I have two john.conf files.
> 
> /usr/share/john/john.conf
> 
> /etc/john/john.conf

You're probably using a package of JtR for your Linux distribution.
Unfortunately, packagers tend to unnecessarily modify default settings,
file paths, etc.  My recommendation is to build JtR from the source
tarball - or to use official packages such as JtR Pro or the "john"
package on Owl. ;-)

> I picked the wrong one when I made my changes. Edited the right one and
> BINGO it cracked! The normal wordlist rules did the trick on all
> alphanumeric passwords but not the special character '*'.

The asterisk character is not any special, and it is not the reason why
the normal wordlist rules failed to find your case permutation for that
password - rather, it's that the case permutation was too unusual:

> Real Password:
> As*od3U8

> Now I'm trying to write a script to swap back and forth between the normal
> and NT wordlist rule set in the john.conf file so I can LM hash, and then NT
> hash the resulting set. If you know of a way to pick the config file at run
> time, or pick another rules set for using wordlist then that would be a more
> elegant solution.

There's no elegant way to do that within a single install of JtR, sorry.
You might try using two installs, in different directories.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ