Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Wed, 27 Jun 2007 23:32:19 +0200
From: Dirk Wetter <dirk.wetter@...etter.org>
To:  john-users@...ts.openwall.com
Subject: Re: Best Windows Password Cracking Method


Brian,

just use rainbow tables for this.

Cheers,
	Dirk

Am 27.06.2007 23:05, Brian Smith schrieb:
> Hello all. 
> 
> I am working on cracking the LM hashes that I have dumped from several Windows servers as part of a penetration test and would like to see if I am using the best method.  I have already cracked on 14 character password from this file and am assuming that the password that I'm working on is also 14 characters.  Here is my progress so far:
> 
> 1. Grabbed the local administrator hash from 3 separate servers using various exploits.  The hash is identical in each instance, so the passwords are the same.
> 2. I have the large password list from Openwall and have already run this against the hashes, along with letting it brute force for 5 days at roughly 3,100K c/s.
> 3. I obtained the first part of the hash which contains letters, numbers, and a '.'.
> 4. Using this information, I have settled on the following approach to finish my cracking
>     a. Using the incrementail crack mode 'alnum', I added the extra characters "!@... with the Extras = command in the john.conf
>     b. I have increased the total number of characters to 40 and specified a min and max length of 7 in the john.conf for the alnum set
>     c. I have repeated 'b' on another machine and specfiied a min and max of 6.
> 5. I have calculated that for the 7 length, it should take roughly 14 hours for the total set.  Is this correct?
> 6. If this does not yield results, is there a good way to add extra characters to my already modified alnum set?  Will John remember what it already tried and only try new combinations?
> 
> Please let me know if you see any flaws in my approach or if anyone has any suggested improvements.
> 
> Thanks
> 
> Brian
> 




-- 
Dirk Wetter @ Dr. Wetter IT Consulting          http://drwetter.org
Beratung IT-Sicherheit + Open Source
Key fingerprint = 2AD6 BE0F 9863 C82D 21B3  64E5 C967 34D8 11B7 C62F

-
Found core file older than 7 days: /usr/share/man/man5/core.5.gz


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ