Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Mar 2007 21:26:46 +0100
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: RE: John is finding a wrong password?

I've ben fooled by Oliver's Reply-to, that's why I missed
sending this mail to the list:

Oliver Völker wrote:
>  I've used pwdump3 to get the accounts an hashes from my Win XP computer.
>  Then I've startet john
>  john-mmx -i:all d:\test.txt

Why did you specify -i:all here?

the output
| Loaded 2 password hashes with no different salts (NT LM DES [64/64 BS 
MMX])
indicates that john tries to crack LM hashes.
LM hashes are not case sensitive, and the max. password length is 7.
This is also inicated by the warnings you got:
| Warning: MaxLen = 8 is too large for the current hash type, reduced to 7
| Warning: mixed-case charset, but the current hash type is 
case-insensitive;

you should have used

john-mmx d:\test.txt

or, if you really want to restrict john to incremental mode,

john-mmx -i d:\test.txt

(John would have used Incremental:LanMan in this case.)

john-mmx
>  After some time john displays me the password for my two accounts.
>  One is correct, but the other one is not OK.

Even the one which is not correct is not longer than 7 characters,
and it only differs in case from the one which john cracked.
(Which, depending on the time it took to crack the passwords,
means that both passwords are weak.)

If you want to find out the case sensitive password, you need
a version which inclues the NT patch,
see the "Contributed resources ..." section on http://www.openwall.com/john/

Then, follow the instructions provided in this thread:
http://thread.gmane.org/gmane.comp.security.openwall.john.user/1212,
especially here:
http://www.openwall.com/lists/john-users/2006/07/08/2

With not more than 128 candidate passwords to try,
john will have cracked the other password.


Regards,

Frank

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ