Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 27 Jun 2007 23:32:19 +0200
From: Dirk Wetter <dirk.wetter@...etter.org>
To:  john-users@...ts.openwall.com
Subject: Re: Best Windows Password Cracking Method


Brian,

just use rainbow tables for this.

Cheers,
	Dirk

Am 27.06.2007 23:05, Brian Smith schrieb:
> Hello all. 
> 
> I am working on cracking the LM hashes that I have dumped from several Windows servers as part of a penetration test and would like to see if I am using the best method.  I have already cracked on 14 character password from this file and am assuming that the password that I'm working on is also 14 characters.  Here is my progress so far:
> 
> 1. Grabbed the local administrator hash from 3 separate servers using various exploits.  The hash is identical in each instance, so the passwords are the same.
> 2. I have the large password list from Openwall and have already run this against the hashes, along with letting it brute force for 5 days at roughly 3,100K c/s.
> 3. I obtained the first part of the hash which contains letters, numbers, and a '.'.
> 4. Using this information, I have settled on the following approach to finish my cracking
>     a. Using the incrementail crack mode 'alnum', I added the extra characters "!@$.' with the Extras = command in the john.conf
>     b. I have increased the total number of characters to 40 and specified a min and max length of 7 in the john.conf for the alnum set
>     c. I have repeated 'b' on another machine and specfiied a min and max of 6.
> 5. I have calculated that for the 7 length, it should take roughly 14 hours for the total set.  Is this correct?
> 6. If this does not yield results, is there a good way to add extra characters to my already modified alnum set?  Will John remember what it already tried and only try new combinations?
> 
> Please let me know if you see any flaws in my approach or if anyone has any suggested improvements.
> 
> Thanks
> 
> Brian
> 




-- 
Dirk Wetter @ Dr. Wetter IT Consulting          http://drwetter.org
Beratung IT-Sicherheit + Open Source
Key fingerprint = 2AD6 BE0F 9863 C82D 21B3  64E5 C967 34D8 11B7 C62F

-
Found core file older than 7 days: /usr/share/man/man5/core.5.gz


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.