Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 1 Feb 2007 13:27:23 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: NTLM hash cracking given already cracked LM hashes

On Sun, Jan 28, 2007 at 06:31:05PM -0600, Paul Battenfield wrote:
> OPPS! The problem was between the floor and the keyboard. More specifically
> I have two john.conf files.
> 
> /usr/share/john/john.conf
> 
> /etc/john/john.conf

You're probably using a package of JtR for your Linux distribution.
Unfortunately, packagers tend to unnecessarily modify default settings,
file paths, etc.  My recommendation is to build JtR from the source
tarball - or to use official packages such as JtR Pro or the "john"
package on Owl. ;-)

> I picked the wrong one when I made my changes. Edited the right one and
> BINGO it cracked! The normal wordlist rules did the trick on all
> alphanumeric passwords but not the special character '*'.

The asterisk character is not any special, and it is not the reason why
the normal wordlist rules failed to find your case permutation for that
password - rather, it's that the case permutation was too unusual:

> Real Password:
> As*od3U8

> Now I'm trying to write a script to swap back and forth between the normal
> and NT wordlist rule set in the john.conf file so I can LM hash, and then NT
> hash the resulting set. If you know of a way to pick the config file at run
> time, or pick another rules set for using wordlist then that would be a more
> elegant solution.

There's no elegant way to do that within a single install of JtR, sorry.
You might try using two installs, in different directories.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.