Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 1 Feb 2007 13:27:23 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: NTLM hash cracking given already cracked LM hashes

On Sun, Jan 28, 2007 at 06:31:05PM -0600, Paul Battenfield wrote:
> OPPS! The problem was between the floor and the keyboard. More specifically
> I have two john.conf files.
> 
> /usr/share/john/john.conf
> 
> /etc/john/john.conf

You're probably using a package of JtR for your Linux distribution.
Unfortunately, packagers tend to unnecessarily modify default settings,
file paths, etc.  My recommendation is to build JtR from the source
tarball - or to use official packages such as JtR Pro or the "john"
package on Owl. ;-)

> I picked the wrong one when I made my changes. Edited the right one and
> BINGO it cracked! The normal wordlist rules did the trick on all
> alphanumeric passwords but not the special character '*'.

The asterisk character is not any special, and it is not the reason why
the normal wordlist rules failed to find your case permutation for that
password - rather, it's that the case permutation was too unusual:

> Real Password:
> As*od3U8

> Now I'm trying to write a script to swap back and forth between the normal
> and NT wordlist rule set in the john.conf file so I can LM hash, and then NT
> hash the resulting set. If you know of a way to pick the config file at run
> time, or pick another rules set for using wordlist then that would be a more
> elegant solution.

There's no elegant way to do that within a single install of JtR, sorry.
You might try using two installs, in different directories.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ