Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 20 Apr 2010 11:35:34 -0500
From: jmk <jmk@...fus.net>
To: john-users@...ts.openwall.com
Subject: Re: NTLMv2 Challenge/Response Cracking

On Mon, 2010-04-19 at 19:06 +0200, Magnum, P.I. wrote:
> On 04/14/2010 07:41 PM, jmk wrote:
> > I've uploaded a patch and added a link on the Wiki to hopefully improve
> > what's currently there of mine. The patch adds some documentation
> > related to the challenge/response formats, attempts to address your
> > concerns with the netntlm.pl script and includes a "--config" option for
> > John.
> 
> Thanks for your work. However, when I tried it out, john segfaulted 
> running Markov (I did not use --config). After looking around I found 
> you define this in option.h:
> 
> #define FLG_CONFIG_CLI     0x60000000
> 
> That should be 0x80000000 or something else that only uses one bit, 
> right? Markov mode uses 0x40000000 and this made the
> 
>     if (options.flags & FLG_CONFIG_CLI)
> 
> in john.c come out true, but with an unset config name. At least that is 
> my understanding of it. The problem went away when I used 0x80000000.
> 
> magnum

I believe you are correct. I've updated the patch accordingly.

Thanks,
Joe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ