Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Apr 2007 16:43:16 -0500
From: jmk <jmk@...fus.net>
To: john-users@...ts.openwall.com
Subject: Re: Initial seed password

On Sat, 2007-04-07 at 20:16 +0400, Solar Designer wrote:
> Yes, please do.  Thanks!

I've posted my attempt at LM/NTLMv1 challenge/response cracking:

http://www.foofus.net/~jmk/tools/jtr/lm_chall_resp.diff

It seems to work to crack hashes in the old .lc format which is what
Cain & Abel appears to use:

username:::lm response:ntlm response:challenge

My implementation is probably pretty poor. This was my first attempt at
hacking in a new format into John and I was thoroughly confused.
Fortunately, while probably not as efficient as it could be, it seems to
work for what I wanted. ;) Any comments on what I should have done
different are welcome.

One quick question... The LM response is based on an upper-case version
of the user's password. I believe that John should only be testing
case-insensitive passwords here and the netlm code upper-cases the test
value when generating the response to compare, so the results are
accurate. However, in some cases when it succeeds, John reports a
mixed-case password. How do I force John to always display the
upper-case version of that password?

> What will work best is a combination of John's "incremental" mode with
> an external filter() (which you will actually use to prefix candidate
> passwords with your known 7 characters).  An example is available here:

This seems to be just what I'm looking for. Thanks!

I while back a coworker of mine modified John to log the time it took to
crack a hash. This has been useful for us when cracking a hash that
already existed in the .pot file and we would like to know how long it
initially took to break. FWIW, I've posted his work here:

http://www.foofus.net/~jmk/tools/jtr/readme.html

Joe


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ