Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Nov 2008 11:20:48 -0500
From: Adam Turk <>
To: <>
Subject: RE: Partly known password

> I forgot some parts of my password to a service-account. Since it is windows
> something broke and
> I can't update my software! Now I'm bruteforcing the password, but it's so
> slow..
> I think the password is 9 or 10 letter/digets, and I remember a phrase I put
> in the middel of
> the password. (let's say "1batMan" just as an example).
> The format is something like this
> XX1batMan or XX1batManX (where X's is unknown.)
> I had a look at the mailing list
> but couldn't figure it out.
> How do I run all the combinations for X together with the part of the
> password I know?
> Oddmund

I recommend cracking the LM hash with john and then with those results switch to using mdcrack 182 to crack the NTLM hash.  mdcrack 183 has a bug in it.  Download at  mdcrack 182 works great under wine.  I do recommend updating wine to the latest version.  With mdcrack you can specify the charset to use to crack so if the LM hash returns CD1BATMAN3 use the following:
wine MDCrack-sse.exe --charset=abcdtmn13ABCDTMN --algorithm=NTLM1 --minsize=10
--maxsize=10 NTLM hash

Don't get me wrong, john the ripper is great, but specifing a specific charset like is difficult.

If you are absolutly certain about 1batMan being exactly like this XX1batManX you can use crunch to generate a wordlist with:
and pass that wordlist to john.
Something like:
crunch 10 10 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
-t @@1batMan@ >wordlist.txt
The above is untested but should work.

Windows Live Hotmail now works up to 70% faster.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ