Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Nov 2008 16:13:15 -0500
From: Kvetch <kvetch@...il.com>
To: john-users@...ts.openwall.com
Subject: ntlm and lm hashes questions

I have a Windows hash output file that contains some lm hashes and
some ntlm hashes.  Not every user has an lm hash so I would like to
crack ntlm hashes when lm hashes are not present.  I applied the
ntlm-alainesp patch to John so I can crack ntlm hashes when need be.
>From what I can tell, if I don't specify the format John only attempts
the lm hashes.  Is this correct?  Is there a way to have it crack the
ntlm if no lm is present or will I need to run the processes
separately, once with the format=LM and then once with format=NT using
the cut field delimited method listed on the "uppercase only thread" -
http://www.openwall.com/lists/john-users/2006/07/08/2

I want to test via a wordlist first and after that is done try an
incremental against it.  If I want to try cracking the hashes against
a dictionary wordlist first, do I have to modify the john.conf rule to
be List:Rules:Wordlist or is specifying the -w:wordfile option enough?
 My john command seems to stop quickly right after I run the following
command

./john --session=test -w:/mydictfile myhashes
It says it loaded 17 password hashes with no different salts (LM DES
[128/128 BS SSE2])
*     (userC:2)
1     (userB:2)
3     (userA:2)
guesses: 3 time 0:00:00:01 100% c/s: 8122k trying: } TTDEEL - ~

Is my command incorrect, why is it stopping so soon?  Do I need to
change the conf to have the Rules:Wordlist and then run
./john --session=test -w:/mydictfile -rules myhashes
in order to perform a dictionary attack?

Thank you.

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ