Date: Thu, 15 Mar 2007 21:26:46 +0100 From: "Frank Dittrich" <frank_dittrich@...mail.com> To: john-users@...ts.openwall.com Subject: RE: John is finding a wrong password? I've ben fooled by Oliver's Reply-to, that's why I missed sending this mail to the list: Oliver Völker wrote: > I've used pwdump3 to get the accounts an hashes from my Win XP computer. > Then I've startet john > john-mmx -i:all d:\test.txt Why did you specify -i:all here? the output | Loaded 2 password hashes with no different salts (NT LM DES [64/64 BS MMX]) indicates that john tries to crack LM hashes. LM hashes are not case sensitive, and the max. password length is 7. This is also inicated by the warnings you got: | Warning: MaxLen = 8 is too large for the current hash type, reduced to 7 | Warning: mixed-case charset, but the current hash type is case-insensitive; you should have used john-mmx d:\test.txt or, if you really want to restrict john to incremental mode, john-mmx -i d:\test.txt (John would have used Incremental:LanMan in this case.) john-mmx > After some time john displays me the password for my two accounts. > One is correct, but the other one is not OK. Even the one which is not correct is not longer than 7 characters, and it only differs in case from the one which john cracked. (Which, depending on the time it took to crack the passwords, means that both passwords are weak.) If you want to find out the case sensitive password, you need a version which inclues the NT patch, see the "Contributed resources ..." section on http://www.openwall.com/john/ Then, follow the instructions provided in this thread: http://thread.gmane.org/gmane.comp.security.openwall.john.user/1212, especially here: http://www.openwall.com/lists/john-users/2006/07/08/2 With not more than 128 candidate passwords to try, john will have cracked the other password. Regards, Frank _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ