Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 4 Nov 2008 16:13:15 -0500
From: Kvetch <kvetch@...il.com>
To: john-users@...ts.openwall.com
Subject: ntlm and lm hashes questions

I have a Windows hash output file that contains some lm hashes and
some ntlm hashes.  Not every user has an lm hash so I would like to
crack ntlm hashes when lm hashes are not present.  I applied the
ntlm-alainesp patch to John so I can crack ntlm hashes when need be.
>From what I can tell, if I don't specify the format John only attempts
the lm hashes.  Is this correct?  Is there a way to have it crack the
ntlm if no lm is present or will I need to run the processes
separately, once with the format=LM and then once with format=NT using
the cut field delimited method listed on the "uppercase only thread" -
http://www.openwall.com/lists/john-users/2006/07/08/2

I want to test via a wordlist first and after that is done try an
incremental against it.  If I want to try cracking the hashes against
a dictionary wordlist first, do I have to modify the john.conf rule to
be List:Rules:Wordlist or is specifying the -w:wordfile option enough?
 My john command seems to stop quickly right after I run the following
command

./john --session=test -w:/mydictfile myhashes
It says it loaded 17 password hashes with no different salts (LM DES
[128/128 BS SSE2])
*     (userC:2)
1     (userB:2)
3     (userA:2)
guesses: 3 time 0:00:00:01 100% c/s: 8122k trying: } TTDEEL - ~

Is my command incorrect, why is it stopping so soon?  Do I need to
change the conf to have the Rules:Wordlist and then run
./john --session=test -w:/mydictfile -rules myhashes
in order to perform a dictionary attack?

Thank you.

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ