Date: Tue, 4 Nov 2008 16:13:15 -0500 From: Kvetch <kvetch@...il.com> To: john-users@...ts.openwall.com Subject: ntlm and lm hashes questions I have a Windows hash output file that contains some lm hashes and some ntlm hashes. Not every user has an lm hash so I would like to crack ntlm hashes when lm hashes are not present. I applied the ntlm-alainesp patch to John so I can crack ntlm hashes when need be. >From what I can tell, if I don't specify the format John only attempts the lm hashes. Is this correct? Is there a way to have it crack the ntlm if no lm is present or will I need to run the processes separately, once with the format=LM and then once with format=NT using the cut field delimited method listed on the "uppercase only thread" - http://www.openwall.com/lists/john-users/2006/07/08/2 I want to test via a wordlist first and after that is done try an incremental against it. If I want to try cracking the hashes against a dictionary wordlist first, do I have to modify the john.conf rule to be List:Rules:Wordlist or is specifying the -w:wordfile option enough? My john command seems to stop quickly right after I run the following command ./john --session=test -w:/mydictfile myhashes It says it loaded 17 password hashes with no different salts (LM DES [128/128 BS SSE2]) * (userC:2) 1 (userB:2) 3 (userA:2) guesses: 3 time 0:00:00:01 100% c/s: 8122k trying: } TTDEEL - ~ Is my command incorrect, why is it stopping so soon? Do I need to change the conf to have the Rules:Wordlist and then run ./john --session=test -w:/mydictfile -rules myhashes in order to perform a dictionary attack? Thank you. -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ