Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 4 Mar 2007 22:13:55 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: LM an NTLM combination

On Sun, Mar 04, 2007 at 03:00:58PM +0100, Antares wrote:
> My Question is, how can I make the best use of the already known LM
> passwords. Do I need to make a wordlist out of the pot file on the
> windows box and specify special rules in order to try only "case
> combinations"?

Frank has already provided an answer (thanks!) but I wanted to post a
more recent reference for JtR 1.7.x:

	http://www.openwall.com/lists/john-users/2006/07/08/2

> Or would john take into account (or disregard completely) available LM
> passwords in a pot file, if invoked with --format=NT ?

Unfortunately, John disregards the already cracked LM hashes when you
invoke it to crack your NTLM hashes, unless you follow the procedure
outlined in the posting referenced above.

> Or is maybe my expectation wrong, that it is less time consuming to
> first crack the LM hashes and then use this input to crack the NTLM
> hashes, instead of starting directly on the NTLM hashes?

Your expectation is correct.  This is the way to go when hashes of both
types are available.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ